Total
23723 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-3273 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-04-15 | 7.5 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
CVE-2024-3781 | 2024-04-15 | N/A | 9.1 CRITICAL | ||
Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04. | |||||
CVE-2023-48710 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0. | |||||
CVE-2024-2952 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server. | |||||
CVE-2024-1741 | 2024-04-15 | N/A | 9.1 CRITICAL | ||
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data. | |||||
CVE-2023-51409 | 2024-04-15 | N/A | 10.0 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. | |||||
CVE-2024-3704 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database. | |||||
CVE-2024-28878 | 2024-04-15 | N/A | 9.6 CRITICAL | ||
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. | |||||
CVE-2024-3765 | 2024-04-15 | 10.0 HIGH | 9.8 CRITICAL | ||
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation with the input ff00000000000000000000000000f103250000007b202252657422203a203130302c202253657373696f6e494422203a202230783022207d0a leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-3777 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. | |||||
CVE-2024-32128 | 2024-04-15 | N/A | 9.3 CRITICAL | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. | |||||
CVE-2024-29844 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. | |||||
CVE-2024-29836 | 2024-04-15 | N/A | 9.8 CRITICAL | ||
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site. | |||||
CVE-2023-33045 | 1 Qualcomm | 258 Ar8035, Ar8035 Firmware, Csr8811 and 255 more | 2024-04-12 | N/A | 9.8 CRITICAL |
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. | |||||
CVE-2023-33028 | 1 Qualcomm | 352 Ar8035, Ar8035 Firmware, Ar9380 and 349 more | 2024-04-12 | N/A | 9.8 CRITICAL |
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | |||||
CVE-2023-28581 | 1 Qualcomm | 52 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 49 more | 2024-04-12 | N/A | 9.8 CRITICAL |
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. | |||||
CVE-2023-28562 | 1 Qualcomm | 136 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 133 more | 2024-04-12 | N/A | 9.8 CRITICAL |
Memory corruption while handling payloads from remote ESL. | |||||
CVE-2023-28561 | 1 Qualcomm | 2 Qcn7606, Qcn7606 Firmware | 2024-04-12 | N/A | 9.8 CRITICAL |
Memory corruption in QESL while processing payload from external ESL device to firmware. | |||||
CVE-2023-28543 | 1 Qualcomm | 8 Qcs405, Qcs405 Firmware, Qcs605 and 5 more | 2024-04-12 | N/A | 9.8 CRITICAL |
A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source). | |||||
CVE-2023-24855 | 1 Qualcomm | 126 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 123 more | 2024-04-12 | N/A | 9.8 CRITICAL |
Memory corruption in Modem while processing security related configuration before AS Security Exchange. |