Total
24574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41459 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 9.8 CRITICAL |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex. | |||||
CVE-2024-41460 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 9.8 CRITICAL |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic. | |||||
CVE-2024-41461 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 9.8 CRITICAL |
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. | |||||
CVE-2024-7081 | 1 Tailoring Management System Project | 1 Tailoring Management System | 2024-07-26 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272366 is the identifier assigned to this vulnerability. | |||||
CVE-2024-6327 | 1 Progress | 1 Telerik Report Server | 2024-07-26 | N/A | 9.8 CRITICAL |
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | |||||
CVE-2024-6096 | 1 Progress | 1 Telerik Reporting | 2024-07-26 | N/A | 9.8 CRITICAL |
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||||
CVE-2023-45249 | 1 Acronis | 1 Cyber Infrastructure | 2024-07-26 | N/A | 9.8 CRITICAL |
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. | |||||
CVE-2024-24621 | 2024-07-26 | 10.0 HIGH | 9.8 CRITICAL | ||
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. | |||||
CVE-2024-38164 | 2024-07-26 | N/A | 9.6 CRITICAL | ||
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | |||||
CVE-2023-46943 | 1 Evershop | 1 Evershop | 2024-07-25 | N/A | 9.1 CRITICAL |
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. | |||||
CVE-2021-22502 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-07-25 | 10.0 HIGH | 9.8 CRITICAL |
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. | |||||
CVE-2024-41319 | 1 Totolink | 2 A6000r, A6000r Firmware | 2024-07-25 | N/A | 9.8 CRITICAL |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | |||||
CVE-2024-41914 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-07-25 | N/A | 9.0 CRITICAL |
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | |||||
CVE-2024-40422 | 1 Stitionai | 1 Devika | 2024-07-25 | N/A | 9.1 CRITICAL |
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system. | |||||
CVE-2021-1498 | 1 Cisco | 8 Hyperflex Hx220c Af M5, Hyperflex Hx220c All Nvme M5, Hyperflex Hx220c Edge M5 and 5 more | 2024-07-25 | 7.5 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2021-1497 | 1 Cisco | 8 Hyperflex Hx220c Af M5, Hyperflex Hx220c All Nvme M5, Hyperflex Hx220c Edge M5 and 5 more | 2024-07-25 | 10.0 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2021-20090 | 1 Buffalo | 4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more | 2024-07-25 | 7.5 HIGH | 9.8 CRITICAL |
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | |||||
CVE-2024-41703 | 1 Librechat | 1 Librechat | 2024-07-25 | N/A | 9.8 CRITICAL |
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.) | |||||
CVE-2024-41704 | 1 Librechat | 1 Librechat | 2024-07-25 | N/A | 9.8 CRITICAL |
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.) | |||||
CVE-2020-5902 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-07-25 | 10.0 HIGH | 9.8 CRITICAL |
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. |