4.7

CVSS3.1

CVE-2024-5691 - Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

πŸ“… Published: June 11, 2024, midnight πŸ”„ Last Modified: March 19, 2025, 9:15 p.m.

6.5

CVSS3.1

CVE-2024-5692 - Mozilla: Bypass of file name restrictions during saving

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems a…

πŸ“… Published: June 11, 2024, midnight πŸ”„ Last Modified: Feb. 27, 2026, 4:40 p.m.

6.8

CVSS3.1

CVE-2024-36821 -

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.

πŸ“… Published: June 11, 2024, midnight πŸ”„ Last Modified: Nov. 21, 2024, 9:22 a.m.

4.2

CVSS3.1

CVE-2024-5891 - Quay: unauthorized user may authenticate via oauth application token

A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in…

πŸ“… Published: June 11, 2024, midnight πŸ”„ Last Modified: Nov. 21, 2024, 9:48 a.m.

0.0

CVSS3.1

CVE-2024-35329 - libyaml: vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“… Published: June 11, 2024, midnight πŸ”„ Last Modified: Aug. 28, 2024, 4:15 p.m.

2.7

CVSS3.1

CVE-2024-22261 - SQL Injection in Harbor scan log API

SQL-Injection in Harbor allows priviledge users to leak the task IDs

πŸ“… Published: June 10, 2024, 11:25 p.m. πŸ”„ Last Modified: Nov. 21, 2024, 8:55 a.m.

4.3

CVSS3.1

CVE-2024-22244 - Harbor Open Redirect URL

Open Redirect in HarborΒ  <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.

πŸ“… Published: June 10, 2024, 11:02 p.m. πŸ”„ Last Modified: Feb. 26, 2025, 8:23 p.m.

6.8

CVSS3.1

CVE-2022-37020 - HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

πŸ“… Published: June 10, 2024, 10:13 p.m. πŸ”„ Last Modified: Feb. 13, 2026, 3:36 p.m.

6.8

CVSS3.1

CVE-2022-37019 - HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

πŸ“… Published: June 10, 2024, 10:12 p.m. πŸ”„ Last Modified: Jan. 14, 2026, 4:40 p.m.

7.5

CVSS3.1

CVE-2024-36471 - Apache Allura: sensitive information exposure via DNS rebinding

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.Β  Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are…

πŸ“… Published: June 10, 2024, 9:55 p.m. πŸ”„ Last Modified: July 15, 2025, 4:36 p.m.
Total resulsts: 346528
Page 9248 of 34,653
Β« previous page Β» next page
Filters