6.5

CVSS3.1

CVE-2024-48052 -

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local res…

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: June 13, 2025, 12:21 a.m.

8

CVSS3.1

CVE-2024-45884 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

6.8

CVSS3.1

CVE-2024-34887 -

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 7:28 p.m.

7.5

CVSS3.1

CVE-2024-30619 -

Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online."

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 1:52 p.m.

9.1

CVSS3.1

CVE-2024-51127 - hornetq-core-client: Arbitrarily overwrite files or access sensitive information

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 21, 2024, 9:45 a.m.

9.8

CVSS3.1

CVE-2024-51327 -

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 3:02 p.m.

8

CVSS3.1

CVE-2024-45893 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

6.1

CVSS3.1

CVE-2024-30618 -

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 1:54 p.m.

8.1

CVSS3.1

CVE-2024-51329 -

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 7:19 p.m.

8

CVSS3.1

CVE-2024-45882 -

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:53 p.m.
Total resulsts: 342368
Page 7363 of 34,237
Β« previous page Β» next page
Filters