4.8

CVSS3.1

CVE-2024-36773 -

A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php.

๐Ÿ“… Published: June 7, 2024, 2:28 p.m. ๐Ÿ”„ Last Modified: Feb. 13, 2025, 3:59 p.m.

5.9

CVSS3.1

CVE-2024-36788 -

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.

๐Ÿ“… Published: June 7, 2024, 2:24 p.m. ๐Ÿ”„ Last Modified: Feb. 13, 2025, 3:59 p.m.

8.8

CVSS3.1

CVE-2024-36790 -

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.

๐Ÿ“… Published: June 7, 2024, 2:23 p.m. ๐Ÿ”„ Last Modified: May 29, 2025, 4:12 p.m.

8.1

CVSS3.1

CVE-2024-36789 -

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.

๐Ÿ“… Published: June 7, 2024, 2:19 p.m. ๐Ÿ”„ Last Modified: May 29, 2025, 4:12 p.m.

4

CVSS3.1

CVE-2024-37162 - zsa Generates Error Messages Containing Sensitive Information

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine uโ€ฆ

๐Ÿ“… Published: June 7, 2024, 2:19 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:23 a.m.

8.8

CVSS3.1

CVE-2024-36787 -

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.

๐Ÿ“… Published: June 7, 2024, 2:17 p.m. ๐Ÿ”„ Last Modified: May 29, 2025, 4:12 p.m.

8.2

CVSS3.1

CVE-2024-36792 -

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.

๐Ÿ“… Published: June 7, 2024, 2:14 p.m. ๐Ÿ”„ Last Modified: May 29, 2025, 4:12 p.m.

4.8

CVSS3.1

CVE-2024-37160 - Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata

Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboaโ€ฆ

๐Ÿ“… Published: June 7, 2024, 2:09 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:23 a.m.

5.3

CVSS3.1

CVE-2024-31878 - IBM i information disclosure

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.

๐Ÿ“… Published: June 7, 2024, 1:21 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:14 a.m.

9.8

CVSS3.1

CVE-2024-36673 -

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.

๐Ÿ“… Published: June 7, 2024, 12:56 p.m. ๐Ÿ”„ Last Modified: Feb. 13, 2025, 3:59 p.m.
Total resulsts: 349182
Page 9549 of 34,919
ยซ previous page ยป next page
Filters