ID | CVSS | Summary | Last (major) update | Published | |
CVE-2023-1000 | None |
A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injecti
|
27-04-2024 - 09:15 | 27-04-2024 - 09:15 | |
CVE-2024-3342 | None |
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplie
|
27-04-2024 - 09:15 | 27-04-2024 - 09:15 | |
CVE-2024-4246 | None |
A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate
|
27-04-2024 - 09:15 | 27-04-2024 - 09:15 | |
CVE-2024-4245 | None |
A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attac
|
27-04-2024 - 08:15 | 27-04-2024 - 08:15 | |
CVE-2024-3034 | None |
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and
|
27-04-2024 - 05:15 | 27-04-2024 - 05:15 | |
CVE-2024-32405 | None |
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
|
27-04-2024 - 05:15 | 22-04-2024 - 20:15 | |
CVE-2024-2258 | None |
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insuffic
|
27-04-2024 - 04:15 | 27-04-2024 - 04:15 | |
CVE-2024-2838 | None |
The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output e
|
27-04-2024 - 04:15 | 27-04-2024 - 04:15 | |
CVE-2024-1394 | None |
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs?. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. Th
|
27-04-2024 - 01:15 | 21-03-2024 - 13:00 | |
CVE-2024-2859 | None |
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.
|
27-04-2024 - 00:15 | 27-04-2024 - 00:15 | |
CVE-2024-29963 | None |
Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.
|
26-04-2024 - 23:15 | 19-04-2024 - 04:15 | |
CVE-2024-28322 | None |
SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request.
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-30804 | None |
An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-31551 | None |
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-31741 | None |
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-31828 | None |
Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-3051 | None |
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-3052 | None |
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-4243 | None |
A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-4244 | None |
A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLease
|
26-04-2024 - 22:15 | 26-04-2024 - 22:15 | |
CVE-2024-29960 | None |
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decr
|
26-04-2024 - 22:15 | 19-04-2024 - 04:15 | |
CVE-2022-29622 | 7.5 |
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is
|
26-04-2024 - 22:15 | 16-05-2022 - 14:15 | |
CVE-2024-31502 | None |
An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff.
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-31601 | None |
An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-32878 | None |
Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully c
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-32881 | None |
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise o
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-32883 | None |
MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected secti
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-32887 | None |
Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-4239 | None |
A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overfl
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-4240 | None |
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This affects the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate t
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-4241 | None |
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can b
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2024-4242 | None |
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The a
|
26-04-2024 - 21:15 | 26-04-2024 - 21:15 | |
CVE-2022-48611 | None |
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
|
26-04-2024 - 20:15 | 26-04-2024 - 20:15 | |
CVE-2023-26603 | None |
JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer.
|
26-04-2024 - 20:15 | 26-04-2024 - 20:15 | |
CVE-2024-25343 | None |
Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.
|
26-04-2024 - 20:15 | 26-04-2024 - 20:15 | |
CVE-2024-28326 | None |
Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface.
|
26-04-2024 - 20:15 | 26-04-2024 - 20:15 | |
CVE-2024-4238 | None |
A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based bu
|
26-04-2024 - 20:15 | 26-04-2024 - 20:15 | |
CVE-2024-1725 | None |
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that
|
26-04-2024 - 20:15 | 07-03-2024 - 20:15 | |
CVE-2024-32884 | None |
gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilitie
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 | |
CVE-2024-32884 | None |
gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilitie
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 | |
CVE-2024-32880 | None |
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publi
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 | |
CVE-2024-33344 | None |
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 | |
CVE-2024-4235 | None |
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 | |
CVE-2024-28325 | None |
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.
|
26-04-2024 - 19:59 | 26-04-2024 - 19:15 | |
CVE-2024-4235 | None |
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 | |
CVE-2024-28327 | None |
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.
|
26-04-2024 - 19:59 | 26-04-2024 - 19:15 | |
CVE-2024-33342 | None |
D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 | |
CVE-2024-4237 | None |
A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It i
|
26-04-2024 - 19:59 | 26-04-2024 - 19:15 | |
CVE-2024-4236 | None |
A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain lead
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 | |
CVE-2024-33343 | None |
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
|
26-04-2024 - 19:59 | 26-04-2024 - 18:15 |