6.1

CVSS3.1

CVE-2024-55494 -

A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php.

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: Jan. 13, 2025, 10:15 p.m.

5.4

CVSS3.1

CVE-2024-42898 -

A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: June 24, 2025, 2:27 p.m.

8

CVSS3.1

CVE-2024-54887 -

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: June 20, 2025, 6:35 p.m.

5.4

CVSS3.1

CVE-2024-55226 -

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs.

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: June 24, 2025, 2:01 p.m.

7.5

CVSS3.1

CVE-2024-56113 -

Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: Jan. 23, 2025, 6:15 p.m.

5.4

CVSS3.1

CVE-2024-56376 -

A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web…

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: Jan. 16, 2025, 9:10 p.m.

9.8

CVSS3.1

CVE-2024-54724 -

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: Jan. 21, 2025, 4:15 p.m.

9.8

CVSS3.1

CVE-2024-55225 -

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: June 20, 2025, 6:29 p.m.

6.3

CVSS3.1

CVE-2024-54761 -

BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: Sept. 29, 2025, 5:43 p.m.

6.5

CVSS3.1

CVE-2024-56114 -

Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their…

πŸ“… Published: Jan. 9, 2025, midnight πŸ”„ Last Modified: July 16, 2025, 10:49 a.m.
Total resulsts: 343756
Page 6677 of 34,376
Β« previous page Β» next page
Filters