5.3

CVSS3.1

CVE-2024-41123 - REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

πŸ“… Published: Aug. 1, 2024, midnight πŸ”„ Last Modified: Nov. 3, 2025, 9:16 p.m.

7.5

CVSS3.1

CVE-2024-41260 -

A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.

πŸ“… Published: Aug. 1, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2024-41264 -

An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.

πŸ“… Published: Aug. 1, 2024, midnight πŸ”„ Last Modified: Aug. 16, 2024, 4 p.m.

9.1

CVSS3.1

CVE-2024-41259 -

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.

πŸ“… Published: Aug. 1, 2024, midnight πŸ”„ Last Modified: Aug. 26, 2025, 1:16 a.m.

5.5

CVSS3.1

CVE-2024-6923 - Email header injection due to unquoted newlines

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

πŸ“… Published: Aug. 1, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2024-41265 -

A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.

πŸ“… Published: Aug. 1, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2024-7330 - YouDianCMS ydLib.php curl_exec server-side request forgery

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The ex…

πŸ“… Published: July 31, 2024, 11:31 p.m. πŸ”„ Last Modified: Aug. 23, 2024, 4:12 p.m.

9

CVSS3.1

CVE-2024-38182 - Microsoft Dynamics 365 Elevation of Privilege Vulnerability

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.

πŸ“… Published: July 31, 2024, 11 p.m. πŸ”„ Last Modified: Feb. 10, 2026, 11:34 p.m.

5.3

CVSS4.0

CVE-2024-7329 - YouDianCMS image_upload.php unrestricted upload

A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely. …

πŸ“… Published: July 31, 2024, 11 p.m. πŸ”„ Last Modified: Aug. 23, 2024, 4:34 p.m.

6.9

CVSS4.0

CVE-2024-7328 - YouDianCMS information disclosure

A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public an…

πŸ“… Published: July 31, 2024, 10:31 p.m. πŸ”„ Last Modified: Aug. 23, 2024, 3:25 p.m.
Total resulsts: 349182
Page 8983 of 34,919
Β« previous page Β» next page
Filters