9.8

CVSS3.1

CVE-2022-40916 -

Tiny File Manager v2.4.7 and below is vulnerable to session fixation.

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 31, 2025, 7:40 p.m.

9.8

CVSS3.1

CVE-2024-57430 -

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: June 24, 2025, 12:12 a.m.

9.1

CVSS3.1

CVE-2024-36556 -

Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability.

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.5

CVSS3.1

CVE-2024-57523 -

Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: April 22, 2025, 8:06 p.m.

9.3

CVSS3.1

CVE-2024-57428 -

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, โ€ฆ

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: June 24, 2025, 12:13 a.m.

5.3

CVSS3.1

CVE-2024-25883 -

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors.

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-53586 -

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing daโ€ฆ

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-57429 -

A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: June 24, 2025, 12:13 a.m.

5.7

CVSS3.1

CVE-2025-22936 -

An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers.

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.6

CVSS3.1

CVE-2024-36557 -

The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it โ€ฆ

๐Ÿ“… Published: Feb. 6, 2025, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 345363
Page 6451 of 34,537
ยซ previous page ยป next page
Filters