7.5

CVSS3.1

CVE-2024-51066 -

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.

📅 Published: Oct. 31, 2024, midnight 🔄 Last Modified: April 4, 2025, 2:35 p.m.

6.1

CVSS3.1

CVE-2023-52045 -

Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability.

📅 Published: Oct. 31, 2024, midnight 🔄 Last Modified: April 17, 2025, 7:11 p.m.

6.1

CVSS3.1

CVE-2024-10086 - Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

📅 Published: Oct. 30, 2024, 9:21 p.m. 🔄 Last Modified: Jan. 10, 2025, 1:15 p.m.

8.3

CVSS3.1

CVE-2024-10006 - Consul L7 Intentions Vulnerable To Headers Bypass

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

📅 Published: Oct. 30, 2024, 9:20 p.m. 🔄 Last Modified: Jan. 10, 2025, 1:15 p.m.

8.1

CVSS3.1

CVE-2024-10005 - Consul L7 Intentions Vulnerable To URL Path Bypass

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

📅 Published: Oct. 30, 2024, 9:19 p.m. 🔄 Last Modified: Jan. 10, 2025, 1:15 p.m.

5.3

CVSS4.0

CVE-2024-10546 - open-scratch Teaching 在线教学平台 URL getDictItemsByTable sql injection

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exp…

📅 Published: Oct. 30, 2024, 7:31 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

9.3

CVSS4.0

CVE-2024-10456 - Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.

📅 Published: Oct. 30, 2024, 6:04 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

7.8

CVSS3.1

CVE-2024-9419 - Certain HP Print Products–Potential Remote Code Execution and/or Elevation of Privilege with the HP…

Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remot…

📅 Published: Oct. 30, 2024, 5:25 p.m. 🔄 Last Modified: Jan. 26, 2026, 6 p.m.

6.4

CVSS3.1

CVE-2024-9110 - Cross-Site Scripting In Privileged Identity

A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks.

📅 Published: Oct. 30, 2024, 4:57 p.m. 🔄 Last Modified: Feb. 11, 2025, 8:43 p.m.

4.6

CVSS3.1

CVE-2024-50344 - I, Librarian has a Stored XSS vulnerability in Supplemental Files

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. A…

📅 Published: Oct. 30, 2024, 3:51 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 8080 of 34,919
« previous page » next page
Filters