7.5

CVSS3.1

CVE-2024-11310 - TRCore DVC - Arbitrary File Read through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

πŸ“… Published: Nov. 18, 2024, 6:07 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:17 p.m.

7.5

CVSS3.1

CVE-2024-11309 - TRCore DVC - Arbitrary File Read through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

πŸ“… Published: Nov. 18, 2024, 6:02 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:17 p.m.

3.8

CVSS3.1

CVE-2024-5030 - CM Table Of Contents – WordPress TOC Plugin < 1.2.3 - Settings Reset via CSRF

The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack

πŸ“… Published: Nov. 18, 2024, 6 a.m. πŸ”„ Last Modified: May 15, 2025, 6:02 p.m.

6.2

CVSS3.1

CVE-2024-11308 - TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.

πŸ“… Published: Nov. 18, 2024, 5:59 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:17 p.m.

8.4

CVSS3.1

CVE-2024-43704 - GPU DDK - PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are…

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.

πŸ“… Published: Nov. 18, 2024, 4:54 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-38828 - CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter

Spring MVC controller methods with an @RequestBody byte[]Β method parameter are vulnerable to a DoS attack.

πŸ“… Published: Nov. 18, 2024, 3:45 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2024-11306 - Altenergy Power Control Software database improper authorization

A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The expl…

πŸ“… Published: Nov. 18, 2024, 1:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2024-11305 - Altenergy Power Control Software status_zigbee get_status_zigbee sql injection

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated remo…

πŸ“… Published: Nov. 18, 2024, 12:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-52947 -

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the "Upgrade session" plugin has been enabled by an admin

πŸ“… Published: Nov. 18, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-52941 -

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user w…

πŸ“… Published: Nov. 18, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 7839 of 34,919
Β« previous page Β» next page
Filters