8

CVSS3.1

CVE-2024-45893 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

6.1

CVSS3.1

CVE-2024-30618 -

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 1:54 p.m.

8.1

CVSS3.1

CVE-2024-51329 -

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 7:19 p.m.

8

CVSS3.1

CVE-2024-45882 -

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:53 p.m.

5.1

CVSS3.1

CVE-2024-45185 -

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS protocol.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: July 1, 2025, 3 p.m.

0.0

CVE-2024-48342 -

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2024, 7:15 a.m.

6.5

CVSS3.1

CVE-2024-48463 -

Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Sept. 23, 2025, 1:51 a.m.

8

CVSS3.1

CVE-2024-45887 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

8.8

CVSS3.1

CVE-2024-30616 -

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 1:39 p.m.

4.3

CVSS3.1

CVE-2024-45164 -

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authentic…

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 5:35 p.m.
Total resulsts: 349182
Page 8045 of 34,919
Β« previous page Β» next page
Filters