CVE-2024-57099 |
Description: ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57097 |
Description: ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57004 |
Description: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-56903 |
Description: A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-56902 |
Description: An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-55456 |
Description: lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-53943 |
Description: An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID field. If an administrator logs into the device, the injected script runs in their browser, executing the malicious payload.
EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
CVE-2024-53942 |
Description: An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input.
EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
CVE-2024-50656 |
Description: itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-36437 |
Description: The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|