5.5

CVSS3.1

CVE-2024-44170 -

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. An app may be able to access user-sensitive data.

πŸ“… Published: Sept. 16, 2024, 11:22 p.m. πŸ”„ Last Modified: April 2, 2026, 7:18 p.m.

6.4

CVSS3.1

CVE-2024-4283 - URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

πŸ“… Published: Sept. 16, 2024, 9:34 p.m. πŸ”„ Last Modified: Sept. 24, 2024, 4:51 p.m.

3.1

CVSS3.1

CVE-2024-6685 - Authorization Bypass Through User-Controlled Key in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members.

πŸ“… Published: Sept. 16, 2024, 9:33 p.m. πŸ”„ Last Modified: Sept. 24, 2024, 4:48 p.m.

5.3

CVSS3.1

CVE-2024-22013 -

U-Boot environment is read from unauthenticated partition.

πŸ“… Published: Sept. 16, 2024, 7:52 p.m. πŸ”„ Last Modified: July 24, 2025, 4:06 p.m.

6.7

CVSS3.0

CVE-2024-8766 -

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.

πŸ“… Published: Sept. 16, 2024, 7:45 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.0

CVE-2024-34016 -

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.

πŸ“… Published: Sept. 16, 2024, 7:44 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5

CVSS3.1

CVE-2024-45800 - Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with i…

πŸ“… Published: Sept. 16, 2024, 7:35 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-39910 - Cross-site scripting (XSS) in the decidim admin panel with QuillJS WYSWYG editor

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to ch…

πŸ“… Published: Sept. 16, 2024, 6:38 p.m. πŸ”„ Last Modified: Sept. 29, 2024, 12:33 a.m.

6.8

CVSS3.1

CVE-2024-32034 - Cross-site scripting (XSS) in the decidim admin activity log

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admi…

πŸ“… Published: Sept. 16, 2024, 6:38 p.m. πŸ”„ Last Modified: Sept. 29, 2024, 12:14 a.m.

7.3

CVSS3.1

CVE-2024-45799 - Javascript Injection in Vending Info/Buyers Info Module in FluxCP

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a resu…

πŸ“… Published: Sept. 16, 2024, 6:31 p.m. πŸ”„ Last Modified: April 23, 2025, 5:30 p.m.
Total resulsts: 349182
Page 8554 of 34,919
Β« previous page Β» next page
Filters