5.4

CVSS3.1

CVE-2024-57438 -

Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.

πŸ“… Published: Jan. 29, 2025, midnight πŸ”„ Last Modified: May 14, 2025, 6:26 p.m.

9.8

CVSS3.1

CVE-2024-57395 -

Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.

πŸ“… Published: Jan. 29, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-57436 -

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.

πŸ“… Published: Jan. 29, 2025, midnight πŸ”„ Last Modified: May 14, 2025, 6:26 p.m.

0

CVSS3.1

CVE-2024-57965 -

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.

πŸ“… Published: Jan. 29, 2025, midnight πŸ”„ Last Modified: Sept. 19, 2025, 7:38 p.m.

8.8

CVSS3.1

CVE-2024-48761 -

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.

πŸ“… Published: Jan. 29, 2025, midnight πŸ”„ Last Modified: May 23, 2025, 3:26 p.m.

6.1

CVSS3.1

CVE-2024-51182 -

HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter.

πŸ“… Published: Jan. 29, 2025, midnight πŸ”„ Last Modified: May 23, 2025, 3:25 p.m.

7.8

CVSS3.1

CVE-2024-57509 -

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.

πŸ“… Published: Jan. 29, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2025-0791 - ESAFENET CDG sdDoneDetail.jsp sql injection

A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the…

πŸ“… Published: Jan. 28, 2025, 11:31 p.m. πŸ”„ Last Modified: May 23, 2025, 2:43 p.m.

5.3

CVSS4.0

CVE-2025-0790 - ESAFENET CDG doneDetail.jsp cross site scripting

A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and…

πŸ“… Published: Jan. 28, 2025, 11:31 p.m. πŸ”„ Last Modified: May 23, 2025, 2:42 p.m.

5.3

CVSS4.0

CVE-2025-0789 - ESAFENET CDG doneDetail.jsp sql injection

A vulnerability classified as critical has been found in ESAFENET CDG V5. This affects an unknown part of the file /doneDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be…

πŸ“… Published: Jan. 28, 2025, 11 p.m. πŸ”„ Last Modified: May 23, 2025, 2:39 p.m.
Total resulsts: 347742
Page 6778 of 34,775
Β« previous page Β» next page
Filters