derbynet CVE Vulnerabilities & Metrics

Focus on derbynet vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About derbynet Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with derbynet. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total derbynet CVEs: 11
Earliest CVE date: 12 Apr 2024, 13:15 UTC
Latest CVE date: 18 Apr 2024, 22:15 UTC

Latest CVE reference: CVE-2024-30929

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical derbynet CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	11
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS derbynet CVEs

These are the five CVEs with the highest CVSS scores for derbynet, sorted by severity first and recency.

CVE-2024-30929 derbynet Published on 18 Apr 2024, 22:15 UTC (CVSS: 0)
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php
CVE-2024-30928 derbynet Published on 18 Apr 2024, 22:15 UTC (CVSS: 0)
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc
CVE-2024-30927 derbynet Published on 18 Apr 2024, 22:15 UTC (CVSS: 0)
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.
CVE-2024-30926 derbynet Published on 18 Apr 2024, 22:15 UTC (CVSS: 0)
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component.
CVE-2024-30925 derbynet Published on 18 Apr 2024, 22:15 UTC (CVSS: 0)
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component.

All CVEs for derbynet

CVE-2024-30929 derbynet vulnerability CVSS: 0 18 Apr 2024, 22:15 UTC

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php

CVE-2024-30928 derbynet vulnerability CVSS: 0 18 Apr 2024, 22:15 UTC

SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc

CVE-2024-30927 derbynet vulnerability CVSS: 0 18 Apr 2024, 22:15 UTC

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.

CVE-2024-30926 derbynet vulnerability CVSS: 0 18 Apr 2024, 22:15 UTC

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component.

CVE-2024-30925 derbynet vulnerability CVSS: 0 18 Apr 2024, 22:15 UTC

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component.

CVE-2024-30924 derbynet vulnerability CVSS: 0 18 Apr 2024, 22:15 UTC

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component.

CVE-2024-30923 derbynet vulnerability CVSS: 0 18 Apr 2024, 21:15 UTC

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering

CVE-2024-30922 derbynet vulnerability CVSS: 0 18 Apr 2024, 21:15 UTC

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.

CVE-2024-30921 derbynet vulnerability CVSS: 0 18 Apr 2024, 21:15 UTC

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component.

CVE-2024-30920 derbynet vulnerability CVSS: 0 18 Apr 2024, 21:15 UTC

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component.

CVE-2024-31818 derbynet vulnerability CVSS: 0 12 Apr 2024, 13:15 UTC

Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.