CVE-2024-48956

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-1394
View all →

Vulnerability Description

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.

Related Vulnerabilities

CVE-2024-29037

CRITICAL
CVSS:9.1(Critical)

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issu...

CWE-13942024

CVE-2024-29037

CRITICAL
CVSS:9.1(Critical)

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issu...

CWE-13942024

CVE-2023-6451

HIGH
CVSS:7.5(High)

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

CWE-13942023

CVE-2024-11619

LOW
CVSS:5.0(Medium)

A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipu...

CWE-13942024

CVE-2024-10748

LOW
CVSS:4.7(Medium)

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmod...

CWE-13942024

CVE-2025-26849

MEDIUM
CVSS:4.3(Medium)

There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall...

CWE-13942025