4.9

CVSS3.1

CVE-2024-53257 - Vitess allows HTML injection in /debug/querylogz & /debug/env

Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using …

πŸ“… Published: Dec. 3, 2024, 3:46 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2024-53999 - Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Fu…

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th…

πŸ“… Published: Dec. 3, 2024, 3:39 p.m. πŸ”„ Last Modified: June 27, 2025, 3:16 p.m.

7.5

CVSS3.1

CVE-2024-54000 - Mobile Security Framework (MobSF) bypass of SSRF fix

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side …

πŸ“… Published: Dec. 3, 2024, 3:33 p.m. πŸ”„ Last Modified: June 27, 2025, 3:17 p.m.

0.0

CVE-2024-12101 -

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“… Published: Dec. 3, 2024, 3:11 p.m. πŸ”„ Last Modified: Dec. 3, 2024, 4:15 p.m.

7.5

CVSS3.1

CVE-2024-11391 - Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above,…

πŸ“… Published: Dec. 3, 2024, 2:34 p.m. πŸ”„ Last Modified: April 8, 2026, 5:32 p.m.

6.1

CVSS3.1

CVE-2024-11200 - Goodlayers Core <= 2.0.7 - Reflected Cross-Site Scripting via 'font-family'

The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w…

πŸ“… Published: Dec. 3, 2024, 1:55 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-12095 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Dec. 3, 2024, 12:30 p.m. πŸ”„ Last Modified: Feb. 11, 2025, 2:15 a.m.

5.5

CVSS3.1

CVE-2024-9978 - Liteos_a has an out-of-bounds read vulnerability

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

πŸ“… Published: Dec. 3, 2024, 12:15 p.m. πŸ”„ Last Modified: Dec. 11, 2024, 5:20 p.m.

8.3

CVSS3.1

CVE-2024-42422 -

Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

πŸ“… Published: Dec. 3, 2024, 12:15 p.m. πŸ”„ Last Modified: Feb. 3, 2025, 2:40 p.m.

5.5

CVSS3.1

CVE-2024-12082 - Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

πŸ“… Published: Dec. 3, 2024, 12:15 p.m. πŸ”„ Last Modified: Dec. 11, 2024, 5:12 p.m.
Total resulsts: 347730
Page 7493 of 34,773
Β« previous page Β» next page
Filters