8.8

CVSS3.1

CVE-2024-10936 - String Locator <= 2.6.6 - Unauthenticated PHP Object Injection

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP…

πŸ“… Published: Jan. 21, 2025, 8:21 a.m. πŸ”„ Last Modified: Feb. 5, 2025, 7:16 p.m.

6.1

CVSS3.1

CVE-2025-23086 -

On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redir…

πŸ“… Published: Jan. 21, 2025, 4:26 a.m. πŸ”„ Last Modified: March 22, 2025, 2:15 p.m.

5.3

CVSS3.1

CVE-2024-13536 - 1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve …

πŸ“… Published: Jan. 21, 2025, 4:20 a.m. πŸ”„ Last Modified: Jan. 21, 2025, 4:39 p.m.

6.2

CVSS3.1

CVE-2024-45091 - IBM UrbanCode Deploy information disclosure

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

πŸ“… Published: Jan. 21, 2025, 12:41 a.m. πŸ”„ Last Modified: Jan. 29, 2025, 9:12 p.m.

7.5

CVSS3.1

CVE-2024-24428 -

A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.

πŸ“… Published: Jan. 21, 2025, midnight πŸ”„ Last Modified: Jan. 24, 2025, 6:44 p.m.

6.5

CVSS3.1

CVE-2023-37035 -

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Global eNB ID` field.

πŸ“… Published: Jan. 21, 2025, midnight πŸ”„ Last Modified: Jan. 22, 2025, 3:15 p.m.

6.5

CVSS3.1

CVE-2023-37033 -

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `EUTRAN_CGI` field.

πŸ“… Published: Jan. 21, 2025, midnight πŸ”„ Last Modified: March 20, 2025, 2:15 p.m.

6.5

CVSS3.1

CVE-2023-37026 -

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Release Response` packet missing an expected `MME_UE_S1AP_ID` field.

πŸ“… Published: Jan. 21, 2025, midnight πŸ”„ Last Modified: Jan. 23, 2025, 6:15 p.m.

7.5

CVSS3.1

CVE-2023-37024 -

A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information…

πŸ“… Published: Jan. 21, 2025, midnight πŸ”„ Last Modified: Jan. 23, 2025, 7:15 p.m.

9.8

CVSS3.1

CVE-2024-42936 -

The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.

πŸ“… Published: Jan. 21, 2025, midnight πŸ”„ Last Modified: Dec. 15, 2025, 8 p.m.
Total resulsts: 342768
Page 6391 of 34,277
Β« previous page Β» next page
Filters