8.8

CVSS3.1

CVE-2024-41992 -

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on …

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-50636 -

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). …

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-50263 - fork: only invoke khugepaged, ksm hooks if no error

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to duplicate maple tree in…

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 9:50 a.m.

8.1

CVSS3.1

CVE-2024-46964 -

The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component.

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.8

CVSS3.1

CVE-2024-50991 -

A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: April 4, 2025, 8 p.m.

4.8

CVSS3.1

CVE-2024-51188 -

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: April 1, 2025, 6:21 p.m.

5.3

CVSS3.1

CVE-2024-49395 - Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: Nov. 21, 2025, 6:57 a.m.

4.8

CVSS3.1

CVE-2024-51187 -

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: April 1, 2025, 6:20 p.m.

8.1

CVSS3.1

CVE-2024-46966 -

The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2024-48322 -

UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.

πŸ“… Published: Nov. 11, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 348208
Page 7856 of 34,821
Β« previous page Β» next page
Filters