7.1

CVSS4.0

CVE-2024-54447 - Blind SQLi in Saved Search

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain d…

📅 Published: March 14, 2025, 5:57 p.m. 🔄 Last Modified: March 14, 2025, 6:15 p.m.

7.1

CVSS4.0

CVE-2024-54446 - Blind SQLi in Document History

Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certa…

📅 Published: March 14, 2025, 5:53 p.m. 🔄 Last Modified: March 14, 2025, 6:15 p.m.

8.7

CVSS4.0

CVE-2024-54445 - Blind SQLi in Login

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain databa…

📅 Published: March 14, 2025, 5:49 p.m. 🔄 Last Modified: March 14, 2025, 6:15 p.m.

5.8

CVSS4.0

CVE-2025-29780 - Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operatio…

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matrix operations, specifically within the `_fin…

📅 Published: March 14, 2025, 5:26 p.m. 🔄 Last Modified: March 17, 2025, 1:54 p.m.

5.4

CVSS4.0

CVE-2025-29779 - Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasu…

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `secure_redundant_execution` function in feldman_vss.py attempts to mitigate fault injection attacks by executing a functi…

📅 Published: March 14, 2025, 5:24 p.m. 🔄 Last Modified: March 14, 2025, 6:20 p.m.

9.3

CVSS4.0

CVE-2025-29775 - xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The …

📅 Published: March 14, 2025, 5:11 p.m. 🔄 Last Modified: March 15, 2025, 9:15 p.m.

9.3

CVSS4.0

CVE-2025-29774 - xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The …

📅 Published: March 14, 2025, 5:05 p.m. 🔄 Last Modified: March 15, 2025, 9:15 p.m.

5.1

CVSS3.1

CVE-2025-27606 - Element Android PIN autologout bypass

Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to gues…

📅 Published: March 14, 2025, 4:56 p.m. 🔄 Last Modified: March 14, 2025, 6:11 p.m.

5.5

CVSS3.1

CVE-2024-55594 -

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

📅 Published: March 14, 2025, 4:25 p.m. 🔄 Last Modified: March 14, 2025, 5:15 p.m.

4.6

CVSS3.1

CVE-2025-1888 - Reflected Cross Site Scripting in Aperio Eslide Manager

The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a …

📅 Published: March 14, 2025, 4:11 p.m. 🔄 Last Modified: March 14, 2025, 5:15 p.m.
Total resulsts: 285478
Page 19 of 28,548
« previous page » next page
Filters