8

CVSS3.1

CVE-2024-45885 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

6.8

CVSS3.1

CVE-2024-34891 -

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Sept. 4, 2025, 4:33 p.m.

8.5

CVSS3.1

CVE-2024-51408 -

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 10:06 p.m.

8

CVSS3.1

CVE-2024-51246 -

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 11, 2025, 3:06 p.m.

6.1

CVSS3.1

CVE-2024-51328 -

Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: May 7, 2025, 3:28 p.m.

5.3

CVSS4.0

CVE-2024-10746 - PHPGurukul Online Shopping Portal dom_data.php cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possi…

πŸ“… Published: Nov. 3, 2024, 11:31 p.m. πŸ”„ Last Modified: Nov. 5, 2024, 8:12 p.m.

5.3

CVSS4.0

CVE-2024-10745 - PHPGurukul Online Shopping Portal deferred_table.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to …

πŸ“… Published: Nov. 3, 2024, 11 p.m. πŸ”„ Last Modified: Nov. 5, 2024, 8:13 p.m.

5.3

CVSS4.0

CVE-2024-10744 - PHPGurukul Online Shopping Portal complex_header_2.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument script…

πŸ“… Published: Nov. 3, 2024, 10:31 p.m. πŸ”„ Last Modified: Nov. 5, 2024, 8:13 p.m.

5.3

CVSS4.0

CVE-2024-10743 - PHPGurukul Online Shopping Portal editable_ajax.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been classified as problematic. Affected is an unknown function of the file /shopping/admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php. The manipulation of the argument value leads to cross site sc…

πŸ“… Published: Nov. 3, 2024, 9:31 p.m. πŸ”„ Last Modified: Nov. 5, 2024, 8:13 p.m.

5.3

CVSS4.0

CVE-2024-10742 - code-projects Wazifa System control.php sql injection

A vulnerability was found in code-projects Wazifa System 1.0 and classified as critical. This issue affects some unknown processing of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed …

πŸ“… Published: Nov. 3, 2024, 9 p.m. πŸ”„ Last Modified: Nov. 5, 2024, 8:14 p.m.
Total resulsts: 342311
Page 7359 of 34,232
Β« previous page Β» next page
Filters