CVE ID : CVE-2024-42168 Published : Jan. 11, 2025, 3:15 a.m. | 1 day, 12 hours ago Description : HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content. Severity: 8.9 | HIGH Visit the…

CVE ID : CVE-2024-9188 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : Specially constructed queries cause cross platform scripting leaking administrator tokens Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-9134 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. Severity: 8.3 |…

CVE ID : CVE-2024-9132 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : The administrator is able to configure an insecure captive portal script Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-47519 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : Backup uploads to ETM subject to man-in-the-middle interception Severity: 8.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-12847 Published : Jan. 10, 2025, 8:15 p.m. | 1 day, 19 hours ago Description : NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited…

CVE ID : CVE-2025-22598 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected…

CVE ID : CVE-2025-22597 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected…

CVE ID : CVE-2025-22152 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can…

CVE ID : CVE-2024-57687 Published : Jan. 10, 2025, 2:15 p.m. | 2 days, 1 hour ago Description : An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the “Cookie” GET request parameter. Severity: 9.8 | CRITICAL Visit the link for more…