9.1

CVSS3.1

CVE-2024-46937 -

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the…

πŸ“… Published: Sept. 16, 2024, midnight πŸ”„ Last Modified: Oct. 24, 2024, 5:35 p.m.

7.6

CVSS3.1

CVE-2024-42798 -

An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.

πŸ“… Published: Sept. 16, 2024, midnight πŸ”„ Last Modified: April 28, 2025, 2:56 p.m.

5.4

CVSS3.1

CVE-2024-11831 - Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a…

πŸ“… Published: Sept. 16, 2024, midnight πŸ”„ Last Modified: April 17, 2026, 2:16 a.m.

4.2

CVSS3.1

CVE-2024-42795 -

An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.

πŸ“… Published: Sept. 16, 2024, midnight πŸ”„ Last Modified: April 28, 2025, 3:08 p.m.

0.0

CVE-2024-44445 -

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“… Published: Sept. 16, 2024, midnight πŸ”„ Last Modified: Nov. 21, 2024, 10:15 p.m.

4.7

CVSS3.1

CVE-2024-42794 -

Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.

πŸ“… Published: Sept. 16, 2024, midnight πŸ”„ Last Modified: April 28, 2025, 3:09 p.m.

8.1

CVSS3.1

CVE-2024-45413 -

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE…

πŸ“… Published: Sept. 16, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2024-8876 - xiaohe4966 TpMeCMS lang path traversal

A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploi…

πŸ“… Published: Sept. 15, 2024, 10 p.m. πŸ”„ Last Modified: Sept. 20, 2024, 4:58 p.m.

5.3

CVSS4.0

CVE-2024-8875 - vedees wcms finder.php path traversal

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the…

πŸ“… Published: Sept. 15, 2024, 9:31 p.m. πŸ”„ Last Modified: Sept. 20, 2024, 10:44 p.m.

2.3

CVSS4.0

CVE-2024-8869 - TOTOLINK A720R exportOvpn os command injection

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. T…

πŸ“… Published: Sept. 15, 2024, 10:31 a.m. πŸ”„ Last Modified: Sept. 20, 2024, 4:59 p.m.
Total resulsts: 349182
Page 8561 of 34,919
Β« previous page Β» next page
Filters