7.5

CVSS3.1

CVE-2024-7526 - mozilla: Uninitialized memory used by WebGL

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Sept. 17, 2024, 7:15 p.m.

6.1

CVSS3.1

CVE-2024-28740 -

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Aug. 21, 2024, 6:35 p.m.

9.6

CVSS3.1

CVE-2024-28739 -

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Aug. 12, 2024, 6:18 p.m.

9.8

CVSS3.1

CVE-2024-39225 -

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability.

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Aug. 15, 2024, 4:15 p.m.

6.3

CVSS4.0

CVE-2024-7246 - HPACK table poisoning in gRPC C++, Python & Ruby

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the er…

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: July 22, 2025, 7:29 p.m.

9.8

CVSS3.1

CVE-2024-7528 - mozilla: Use-after-free in IndexedDB

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Aug. 12, 2024, 4:10 p.m.

6.5

CVSS3.1

CVE-2024-39229 -

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to interce…

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Nov. 21, 2024, 7:15 p.m.

4.3

CVSS3.1

CVE-2024-39226 -

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by …

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Nov. 12, 2024, 5:35 p.m.

7

CVSS3.1

CVE-2024-42219 -

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Aug. 12, 2024, 6:30 p.m.

8.8

CVSS3.1

CVE-2024-41226 -

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The…

πŸ“… Published: Aug. 6, 2024, midnight πŸ”„ Last Modified: Sept. 3, 2024, 9:15 p.m.
Total resulsts: 349182
Page 8949 of 34,919
Β« previous page Β» next page
Filters