9.8

CVSS3.1

CVE-2024-52770 -

An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: June 13, 2025, 2:17 p.m.

7.5

CVSS3.1

CVE-2024-48536 -

Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: Oct. 1, 2025, 6:25 p.m.

6.1

CVSS3.1

CVE-2024-48534 -

A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: Oct. 1, 2025, 3:44 p.m.

9.8

CVSS3.1

CVE-2024-52677 -

HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: March 13, 2025, 4:15 p.m.

0.0

CVE-2024-49203 -

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-48531 -

A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: Oct. 1, 2025, 3:49 p.m.

7.5

CVSS3.1

CVE-2024-48530 -

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: Oct. 1, 2025, 3:52 p.m.

4.9

CVSS3.1

CVE-2024-52725 -

SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: April 4, 2025, 3:06 p.m.

6.1

CVSS3.1

CVE-2024-48535 -

A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: Oct. 1, 2025, 3:43 p.m.

9.1

CVSS3.1

CVE-2024-33439 -

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters.

๐Ÿ“… Published: Nov. 20, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 7783 of 34,919
ยซ previous page ยป next page
Filters