4.8

CVSS3.1

CVE-2024-42367 - In aiohttp, compressed files as symlinks are not protected from path traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root directory if those variants…

πŸ“… Published: Aug. 9, 2024, midnight πŸ”„ Last Modified: Aug. 19, 2025, 3:12 p.m.

9.8

CVSS3.1

CVE-2024-40480 -

A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.

πŸ“… Published: Aug. 9, 2024, midnight πŸ”„ Last Modified: March 14, 2025, 4:15 p.m.

5.4

CVSS3.1

CVE-2024-40478 -

A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields

πŸ“… Published: Aug. 9, 2024, midnight πŸ”„ Last Modified: March 13, 2025, 4:15 p.m.

9.8

CVSS3.1

CVE-2024-41570 -

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.

πŸ“… Published: Aug. 9, 2024, midnight πŸ”„ Last Modified: Aug. 29, 2024, 1:32 p.m.

8.1

CVSS3.1

CVE-2024-40479 -

A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.

πŸ“… Published: Aug. 9, 2024, midnight πŸ”„ Last Modified: Nov. 19, 2025, 12:44 p.m.

6.5

CVSS4.0

CVE-2024-37283 - Elastic Agent Insertion of Sensitive Information into Log File

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs.

πŸ“… Published: Aug. 8, 2024, 11:34 p.m. πŸ”„ Last Modified: Sept. 29, 2025, 2:06 p.m.

0.0

CVE-2024-7633 -

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

πŸ“… Published: Aug. 8, 2024, 11:24 p.m. πŸ”„ Last Modified: Aug. 12, 2024, 1:38 p.m.

5.1

CVSS4.0

CVE-2024-7616 - Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection

A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclos…

πŸ“… Published: Aug. 8, 2024, 11 p.m. πŸ”„ Last Modified: Aug. 13, 2024, 4:59 p.m.

8.7

CVSS4.0

CVE-2024-7615 - Tenda FH1206 fromSafeUrlFilter stack-based overflow

A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has b…

πŸ“… Published: Aug. 8, 2024, 10:31 p.m. πŸ”„ Last Modified: Aug. 21, 2024, 6:48 p.m.

8.7

CVSS4.0

CVE-2024-7614 - Tenda FH1206 qossetting fromqossetting stack-based overflow

A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit …

πŸ“… Published: Aug. 8, 2024, 10:31 p.m. πŸ”„ Last Modified: Aug. 21, 2024, 6:48 p.m.
Total resulsts: 349182
Page 8911 of 34,919
Β« previous page Β» next page
Filters