7.5

CVSS3.1

CVE-2024-48983 -

An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the pac…

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: Nov. 25, 2024, 9:15 p.m.

7.5

CVSS3.1

CVE-2024-51163 -

A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from t…

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5

CVSS3.1

CVE-2024-11483 - Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5

A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While …

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-52701 -

A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: May 22, 2025, 5:28 p.m.

9.8

CVSS3.1

CVE-2024-48984 -

An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the second report, etc. …

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: Sept. 24, 2025, 7:09 p.m.

7.2

CVSS3.1

CVE-2024-51208 -

File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: March 13, 2025, 5:15 p.m.

6.1

CVSS3.1

CVE-2024-52702 -

A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set …

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: Dec. 8, 2025, 4:15 p.m.

5.3

CVSS3.1

CVE-2024-48533 -

A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts.

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: Oct. 1, 2025, 3:45 p.m.

6.1

CVSS3.1

CVE-2024-45510 -

An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the…

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: June 11, 2025, 7:13 p.m.

7.2

CVSS3.1

CVE-2024-52769 -

An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.

πŸ“… Published: Nov. 20, 2024, midnight πŸ”„ Last Modified: June 13, 2025, 2:14 p.m.
Total resulsts: 349182
Page 7782 of 34,919
Β« previous page Β» next page
Filters