CVE-2024-36042 |
Description: Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-3596 |
Description: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
EPSS Score: 0.16%
February 14th, 2025 (5 months ago)
|
CVE-2024-35627 |
Description: tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key.
EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
CVE-2024-35621 |
Description: A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35618 |
Description: PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35595 |
Description: An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35593 |
Description: An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35592 |
Description: An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35591 |
Description: An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35583 |
Description: A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|