5.3

CVSS4.0

CVE-2024-12138 - horilla create_skills deserialization

A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated โ€ฆ

๐Ÿ“… Published: Dec. 4, 2024, 2 p.m. ๐Ÿ”„ Last Modified: Sept. 19, 2025, 3:32 p.m.

6.4

CVSS3.1

CVE-2024-11935 - Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via cโ€ฆ

The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โ€˜classโ€™ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leveโ€ฆ

๐Ÿ“… Published: Dec. 4, 2024, 12:37 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.4

CVSS4.0

CVE-2024-10576 - Unauthorized factory reset of Infinix devices

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, thatย exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.ย  After multiple attempts to contact thโ€ฆ

๐Ÿ“… Published: Dec. 4, 2024, 12:02 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS4.0

CVE-2024-8894 - Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10

Out-of-bounds Writeย vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-sโ€ฆ

๐Ÿ“… Published: Dec. 4, 2024, 11:40 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.2

CVSS4.0

CVE-2024-52269 - AI Assistant PDF Document Spoofing in DocuSign

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see:ย CVE-2024-52276 This issue affects DocuSign: through 2024-12-04.

๐Ÿ“… Published: Dec. 4, 2024, 11:25 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.5

CVSS3.1

CVE-2024-54158 -

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

๐Ÿ“… Published: Dec. 4, 2024, 11:16 a.m. ๐Ÿ”„ Last Modified: Jan. 30, 2025, 9:50 p.m.

4.3

CVSS3.1

CVE-2024-54157 -

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector

๐Ÿ“… Published: Dec. 4, 2024, 11:16 a.m. ๐Ÿ”„ Last Modified: Jan. 30, 2025, 9:47 p.m.

4.2

CVSS3.1

CVE-2024-54156 -

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack

๐Ÿ“… Published: Dec. 4, 2024, 11:16 a.m. ๐Ÿ”„ Last Modified: Jan. 30, 2025, 9:46 p.m.

3.7

CVSS3.1

CVE-2024-54155 -

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

๐Ÿ“… Published: Dec. 4, 2024, 11:16 a.m. ๐Ÿ”„ Last Modified: Jan. 31, 2025, 2:53 p.m.

8

CVSS3.1

CVE-2024-54154 -

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

๐Ÿ“… Published: Dec. 4, 2024, 11:16 a.m. ๐Ÿ”„ Last Modified: Jan. 31, 2025, 2:51 p.m.
Total resulsts: 347742
Page 7482 of 34,775
ยซ previous page ยป next page
Filters