CVE-2024-57099 |
Description: ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57098 |
Description: Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57097 |
Description: ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-57004 |
Description: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-56946 |
Description: Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-56921 |
Description: An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-56903 |
Description: A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-56902 |
Description: An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-56901 |
Description: A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision GV-ASWeb version 6.1.1.0 or less allows attackers to arbitrarily create Admin accounts via a crafted GET request method.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-56898 |
Description: Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request.
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|