4.3

CVSS3.1

CVE-2024-54004 -

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.

πŸ“… Published: Nov. 27, 2024, 5:03 p.m. πŸ”„ Last Modified: Oct. 3, 2025, 12:53 a.m.

8

CVSS3.1

CVE-2024-54003 -

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.

πŸ“… Published: Nov. 27, 2024, 5:03 p.m. πŸ”„ Last Modified: Oct. 3, 2025, 12:55 a.m.

6.4

CVSS3.1

CVE-2024-21703 -

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensiti…

πŸ“… Published: Nov. 27, 2024, 5 p.m. πŸ”„ Last Modified: July 30, 2025, 5:13 p.m.

6.9

CVSS4.0

CVE-2024-11860 - SourceCodester Best House Rental Management System POST Request ajax.php improper authorization

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization.…

πŸ“… Published: Nov. 27, 2024, 4:31 p.m. πŸ”„ Last Modified: Dec. 4, 2024, 9:08 p.m.

0.0

CVE-2024-11890 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Nov. 27, 2024, 4:01 p.m. πŸ”„ Last Modified: Feb. 11, 2025, 1:15 a.m.

5.1

CVSS4.0

CVE-2024-11862 -

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks

πŸ“… Published: Nov. 27, 2024, 2:35 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

2.7

CVSS3.1

CVE-2024-36464 - Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.

πŸ“… Published: Nov. 27, 2024, 2:01 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 10:16 p.m.

2.7

CVSS3.1

CVE-2024-42333 - Heap buffer over-read

The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c

πŸ“… Published: Nov. 27, 2024, 12:07 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 10:18 p.m.

3.7

CVSS3.1

CVE-2024-42332 - New line injection in Zabbix SNMP traps

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack …

πŸ“… Published: Nov. 27, 2024, 12:06 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 10:18 p.m.

3.3

CVSS3.1

CVE-2024-42331 - Use after free in browser_push_error

In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if…

πŸ“… Published: Nov. 27, 2024, 12:06 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 10:18 p.m.
Total resulsts: 347061
Page 7475 of 34,707
Β« previous page Β» next page
Filters