CVE-2024-57966 |
Description: libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57669 |
Description: Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.
CVSS: HIGH (7.5) EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
CVE-2024-57522 |
Description: SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57498 |
Description: Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57452 |
Description: ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57451 |
Description: ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57450 |
Description: ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57238 |
Description: Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57237 |
Description: Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the browser to execute injected JavaScript code.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57175 |
Description: A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|