5.9

CVSS3.1

CVE-2024-39341 -

Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process. This file can be accessed without authentication on HTTP port 80 by gueโ€ฆ

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.6

CVSS3.1

CVE-2024-41228 -

A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-47222 -

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: March 18, 2025, 9:15 p.m.

5.9

CVSS3.1

CVE-2024-46241 -

PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php.

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: March 31, 2025, 7:20 p.m.

6.6

CVSS3.1

CVE-2024-40441 -

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter.

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-39842 -

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: April 28, 2025, 5:12 p.m.

7.6

CVSS3.1

CVE-2024-46639 -

A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box.

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2024-42861 - linuxptp: denial of service via a crafted Pdelay_Req message to the time synchronization function

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: March 18, 2025, 4:15 p.m.

8.8

CVSS3.1

CVE-2024-37779 -

WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS3.1

CVE-2024-38286 - Apache Tomcat: Denial of Service

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to โ€ฆ

๐Ÿ“… Published: Sept. 23, 2024, midnight ๐Ÿ”„ Last Modified: Nov. 3, 2025, 9:16 p.m.
Total resulsts: 349182
Page 8496 of 34,919
ยซ previous page ยป next page
Filters