9.8

CVSS3.1

CVE-2024-54921 -

A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.

πŸ“… Published: Dec. 9, 2024, midnight πŸ”„ Last Modified: April 14, 2025, 3:15 p.m.

9.1

CVSS3.1

CVE-2024-40583 -

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.

πŸ“… Published: Dec. 9, 2024, midnight πŸ”„ Last Modified: April 17, 2025, 1:41 a.m.

4.8

CVSS3.1

CVE-2023-43962 -

Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab.

πŸ“… Published: Dec. 9, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-55578 -

Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.

πŸ“… Published: Dec. 9, 2024, midnight πŸ”„ Last Modified: April 15, 2025, 4:37 p.m.

7.2

CVSS3.1

CVE-2024-54928 -

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,

πŸ“… Published: Dec. 9, 2024, midnight πŸ”„ Last Modified: April 24, 2025, 4:51 p.m.

6.6

CVSS3.1

CVE-2024-55566 -

ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailable to other users.

πŸ“… Published: Dec. 9, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2024-12347 - Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper author…

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper autho…

πŸ“… Published: Dec. 8, 2024, 11:31 p.m. πŸ”„ Last Modified: Sept. 11, 2025, 9:07 p.m.

5.3

CVSS4.0

CVE-2024-12346 - Talentera byt_cv_manager cross site scripting

A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit h…

πŸ“… Published: Dec. 8, 2024, 11:31 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2024-12344 - TP-Link VN020 F3v(T) FTP USER Command memory corruption

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to t…

πŸ“… Published: Dec. 8, 2024, 11 p.m. πŸ”„ Last Modified: Dec. 10, 2024, 11:28 p.m.

7.1

CVSS4.0

CVE-2024-12343 - TP-Link VN020 F3v(T) SOAP Request WANIPConnection buffer overflow

A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be…

πŸ“… Published: Dec. 8, 2024, 9:31 a.m. πŸ”„ Last Modified: Dec. 10, 2024, 11:26 p.m.
Total resulsts: 349182
Page 7589 of 34,919
Β« previous page Β» next page
Filters