7.5

CVSS3.1

CVE-2024-10438 - Sunnet eHRD CTMS - Authentication Bypass

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.

πŸ“… Published: Oct. 28, 2024, 2:46 a.m. πŸ”„ Last Modified: Sept. 25, 2025, 2:13 p.m.

2.2

CVSS3.1

CVE-2024-23843 -

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS through 5.0.55 LTS(Revision 125558), from 5…

πŸ“… Published: Oct. 28, 2024, 2:07 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2024-10435 - didi Super-Jacoco triggerEnvCov command injection

A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the…

πŸ“… Published: Oct. 28, 2024, 12:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.7

CVSS4.0

CVE-2024-10434 - Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow

A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the…

πŸ“… Published: Oct. 28, 2024, 12:31 a.m. πŸ”„ Last Modified: Nov. 1, 2024, 4:32 p.m.

5.3

CVSS4.0

CVE-2024-10433 - Project Worlds Simple Web-Based Chat Application index.php cross site scripting

A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remot…

πŸ“… Published: Oct. 28, 2024, midnight πŸ”„ Last Modified: Oct. 30, 2024, 6:31 p.m.

4.9

CVSS3.1

CVE-2024-34537 -

TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.2…

πŸ“… Published: Oct. 28, 2024, midnight πŸ”„ Last Modified: Sept. 3, 2025, 5:31 p.m.

6.1

CVSS3.1

CVE-2024-48195 -

Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.

πŸ“… Published: Oct. 28, 2024, midnight πŸ”„ Last Modified: April 17, 2025, 6:41 p.m.

8.8

CVSS3.1

CVE-2024-48177 -

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do.

πŸ“… Published: Oct. 28, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 1:23 a.m.

6.3

CVSS3.1

CVE-2024-48191 -

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17

πŸ“… Published: Oct. 28, 2024, midnight πŸ”„ Last Modified: May 27, 2025, 8:36 p.m.

8

CVSS3.1

CVE-2024-48826 -

Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.

πŸ“… Published: Oct. 28, 2024, midnight πŸ”„ Last Modified: March 17, 2025, 2:41 p.m.
Total resulsts: 349182
Page 8127 of 34,919
Β« previous page Β» next page
Filters