9.9

CVSS3.1

CVE-2024-33109 -

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

πŸ“… Published: Sept. 19, 2024, midnight πŸ”„ Last Modified: Sept. 25, 2024, 2:47 p.m.

9.8

CVSS3.1

CVE-2024-46946 -

langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).

πŸ“… Published: Sept. 19, 2024, midnight πŸ”„ Last Modified: July 16, 2025, 1:49 p.m.

9.8

CVSS3.1

CVE-2024-40125 -

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.

πŸ“… Published: Sept. 19, 2024, midnight πŸ”„ Last Modified: Sept. 25, 2024, 2:46 p.m.

7.5

CVSS3.1

CVE-2024-37406 -

In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.

πŸ“… Published: Sept. 18, 2024, 9:54 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.8

CVSS3.1

CVE-2022-25770 - Insufficient authentication in upgrade flow

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

πŸ“… Published: Sept. 18, 2024, 9:26 p.m. πŸ”„ Last Modified: Feb. 27, 2025, 7:30 p.m.

4.3

CVSS3.1

CVE-2024-47059 - Users enumeration - weak password login

When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This differe…

πŸ“… Published: Sept. 18, 2024, 9:19 p.m. πŸ”„ Last Modified: Feb. 27, 2025, 7:30 p.m.

7.3

CVSS3.1

CVE-2021-27917 - XSS in contact tracking and page hits report

Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.

πŸ“… Published: Sept. 18, 2024, 9:09 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 3:13 p.m.

5.4

CVSS3.1

CVE-2024-47050 - XSS in contact/company tracking (no authentication)

Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.

πŸ“… Published: Sept. 18, 2024, 9:04 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 3:29 p.m.

2.9

CVSS3.1

CVE-2024-47058 - Cross-site Scripting (XSS) - stored (edit form HTML field)

With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.

πŸ“… Published: Sept. 18, 2024, 9 p.m. πŸ”„ Last Modified: Sept. 27, 2024, 3:31 p.m.

7

CVSS3.1

CVE-2022-25768 - Improper Access Control in UI upgrade process

The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process …

πŸ“… Published: Sept. 18, 2024, 8:55 p.m. πŸ”„ Last Modified: Feb. 27, 2025, 7:30 p.m.
Total resulsts: 349182
Page 8510 of 34,919
Β« previous page Β» next page
Filters