7.8

CVSS3.1

CVE-2024-22774 -

An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.

πŸ“… Published: May 13, 2024, 7:39 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.9

CVSS3.1

CVE-2024-34708 - Directus allows redacted data extraction on the API through "alias"

Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` howe…

πŸ“… Published: May 13, 2024, 7:33 p.m. πŸ”„ Last Modified: Jan. 3, 2025, 4:19 p.m.

7.8

CVSS3.1

CVE-2024-29513 -

An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates.

πŸ“… Published: May 13, 2024, 7:32 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-35099 -

TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

πŸ“… Published: May 13, 2024, 7:25 p.m. πŸ”„ Last Modified: May 5, 2025, 5:09 p.m.

8.8

CVSS3.1

CVE-2024-34921 -

TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.

πŸ“… Published: May 13, 2024, 7:23 p.m. πŸ”„ Last Modified: April 4, 2025, 2:46 p.m.

7.5

CVSS3.1

CVE-2024-34707 - Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner…

πŸ“… Published: May 13, 2024, 7:22 p.m. πŸ”„ Last Modified: Aug. 26, 2025, 4:16 p.m.

7.1

CVSS3.1

CVE-2024-34231 -

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.

πŸ“… Published: May 13, 2024, 7:21 p.m. πŸ”„ Last Modified: April 22, 2025, 4:52 p.m.

6.1

CVSS3.1

CVE-2024-34230 -

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter.

πŸ“… Published: May 13, 2024, 7:17 p.m. πŸ”„ Last Modified: April 22, 2025, 4:52 p.m.

5.9

CVSS3.1

CVE-2024-34704 - era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization

era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. To perform this transformation, the second …

πŸ“… Published: May 13, 2024, 7:13 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-25662 -

Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 and older are vulnerable to Cross-Site Scripting (XSS) for malicious URLs.

πŸ“… Published: May 13, 2024, 7:09 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 9889 of 34,919
Β« previous page Β» next page
Filters