5.4

CVSS3.1

CVE-2024-3636 - Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setu…

πŸ“… Published: Aug. 5, 2024, 6 a.m. πŸ”„ Last Modified: June 6, 2025, 4:15 p.m.

8.1

CVSS3.1

CVE-2024-2232 - Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites

The lacks CSRF checks allowing a user to invite any user to any group (including private groups)

πŸ“… Published: Aug. 5, 2024, 6 a.m. πŸ”„ Last Modified: Jan. 2, 2026, 8:16 p.m.

8.8

CVSS3.1

CVE-2024-41889 -

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.

πŸ“… Published: Aug. 5, 2024, 4:36 a.m. πŸ”„ Last Modified: Aug. 30, 2024, 5:53 p.m.

8

CVSS3.1

CVE-2024-41720 -

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.

πŸ“… Published: Aug. 5, 2024, 4:36 a.m. πŸ”„ Last Modified: March 17, 2025, 3:15 p.m.

8.8

CVSS3.1

CVE-2024-39838 -

ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.

πŸ“… Published: Aug. 5, 2024, 4:35 a.m. πŸ”„ Last Modified: March 25, 2025, 5:15 p.m.

8.6

CVSS3.1

CVE-2024-39713 -

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.

πŸ“… Published: Aug. 5, 2024, 4:26 a.m. πŸ”„ Last Modified: Sept. 6, 2024, 5:35 p.m.

9.3

CVSS4.0

CVE-2024-6118 - Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.

πŸ“… Published: Aug. 5, 2024, 4:21 a.m. πŸ”„ Last Modified: Aug. 30, 2024, 5:44 p.m.

9.3

CVSS4.0

CVE-2024-6117 - Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type

A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.

πŸ“… Published: Aug. 5, 2024, 4:20 a.m. πŸ”„ Last Modified: Aug. 30, 2024, 5:41 p.m.

5.3

CVSS4.0

CVE-2024-7470 - Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface vpn_template_style.php sslvpn_config_mod os…

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os …

πŸ“… Published: Aug. 5, 2024, 4 a.m. πŸ”„ Last Modified: Aug. 6, 2024, 8:22 p.m.

5.3

CVSS4.0

CVE-2024-7469 - Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_vpn_web_custom.php sslvpn_config_mod o…

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The manipulation of the argument template/stylenum …

πŸ“… Published: Aug. 5, 2024, 3:31 a.m. πŸ”„ Last Modified: Aug. 6, 2024, 5:36 p.m.
Total resulsts: 349182
Page 8957 of 34,919
Β« previous page Β» next page
Filters