0.0

CVE-2024-48342 -

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2024, 7:15 a.m.

8

CVSS3.1

CVE-2024-45887 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

8.4

CVSS3.1

CVE-2024-48336 -

The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a craft…

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2024, 8:35 p.m.

8.8

CVSS3.1

CVE-2024-30616 -

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 1:39 p.m.

9.8

CVSS3.1

CVE-2024-48061 -

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: March 27, 2026, 3:51 p.m.

4.3

CVSS3.1

CVE-2024-45164 -

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authentic…

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 5:35 p.m.

8

CVSS3.1

CVE-2024-45885 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

6.8

CVSS3.1

CVE-2024-34891 -

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Sept. 4, 2025, 4:33 p.m.

8.5

CVSS3.1

CVE-2024-51408 -

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 10:06 p.m.

8

CVSS3.1

CVE-2024-51246 -

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 11, 2025, 3:06 p.m.
Total resulsts: 342307
Page 7358 of 34,231
Β« previous page Β» next page
Filters