8

CVSS3.1

CVE-2024-45893 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

6.1

CVSS3.1

CVE-2024-30618 -

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 1:54 p.m.

8.1

CVSS3.1

CVE-2024-51329 -

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 6, 2024, 7:19 p.m.

8

CVSS3.1

CVE-2024-45882 -

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:53 p.m.

5.1

CVSS3.1

CVE-2024-45185 -

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS protocol.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: July 1, 2025, 3 p.m.

0.0

CVE-2024-48342 -

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2024, 7:15 a.m.

8

CVSS3.1

CVE-2024-45887 -

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 3:52 p.m.

8.4

CVSS3.1

CVE-2024-48336 -

The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a craft…

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2024, 8:35 p.m.

8.8

CVSS3.1

CVE-2024-30616 -

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 1:39 p.m.

9.8

CVSS3.1

CVE-2024-48061 -

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.

πŸ“… Published: Nov. 4, 2024, midnight πŸ”„ Last Modified: March 27, 2026, 3:51 p.m.
Total resulsts: 342372
Page 7364 of 34,238
Β« previous page Β» next page
Filters