CVE-2024-24292 - Aliconnect SDK Prototype Pollution Vulnerability
CVE ID : CVE-2024-24292
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-24292
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-38985 - JanryWang Products Prototype Pollution Vulnerability
CVE ID : CVE-2024-38985
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-38985
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-38988 - Alizea Unflatto Prototype Pollution Vulnerability
CVE ID : CVE-2024-38988
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-38988
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-56975 - InvoicePlane Remote Code Execution Vulnerability
CVE ID : CVE-2024-56975
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-56975
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-57083 - Redoc Prototype Pollution Vulnerability
CVE ID : CVE-2024-57083
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-57083
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-6875 - Red Hat Data Grid Infinispan Buffer Overflow
CVE ID : CVE-2024-6875
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-6875
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22953 - Epicor HCM SQL Injection Vulnerability
CVE ID : CVE-2025-22953
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A SQL injection vulnerability exists in the Epicor HCM 2021 1.9, specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting malicious SQL payloads into the filter parameter, enabling the unauthorized execution of arbitrary SQL commands on the backend database. If certain features (like xp_cmdshell) are enabled, this may lead to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22953
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A SQL injection vulnerability exists in the Epicor HCM 2021 1.9, specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting malicious SQL payloads into the filter parameter, enabling the unauthorized execution of arbitrary SQL commands on the backend database. If certain features (like xp_cmdshell) are enabled, this may lead to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28254 - Leantime Cross-Site Scripting (XSS)
CVE ID : CVE-2025-28254
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28254
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28256 - Totolink A3100R Remote Code Execution Vulnerability
CVE ID : CVE-2025-28256
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28256
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2927 - ESAFENET CDG SQL Injection Vulnerability
CVE ID : CVE-2025-2927
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2927
Published : March 28, 2025, 9:15 p.m. | 44 minutes ago
Description : A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-23338 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2024-23338
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53427. Reason: This candidate is a duplicate of CVE-2024-53427. Notes: All CVE users should reference CVE-2024-53427 instead of this candidate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-23338
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53427. Reason: This candidate is a duplicate of CVE-2024-53427. Notes: All CVE users should reference CVE-2024-53427 instead of this candidate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58128 - MISP Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-58128
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58128
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58129 - MISP Cross-Site Scripting
CVE ID : CVE-2024-58129
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58129
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58130 - MISP Unsanitized Non-JSON Response Vulnerability
CVE ID : CVE-2024-58130
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58130
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25579 - TOTOLINK A3002R Authentication Bypass Command Injection Vulnerability
CVE ID : CVE-2025-25579
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25579
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28087 - Sourcecodester Online Exam System SQL Injection Vulnerability
CVE ID : CVE-2025-28087
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28087
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28089 - Maccms SSRF Vulnerability
CVE ID : CVE-2025-28089
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28089
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28090 - Maccms Server-Side Request Forgery (SSRF)
CVE ID : CVE-2025-28090
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28090
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28091 - Maccms10 SSRF in Add Article
CVE ID : CVE-2025-28091
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28091
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28092 - ShopXO SSRF
CVE ID : CVE-2025-28092
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28092
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28093 - ShopXO SSRF
CVE ID : CVE-2025-28093
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28093
Published : March 28, 2025, 10:15 p.m. | 3 hours, 44 minutes ago
Description : ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...