| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54840. Reason: This candidate is a reservation duplicate of CVE-2024-54840. Notes: All CVE users should reference CVE-2024-54840 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |
| In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070. |
| A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. |
| Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request. |
| Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page. |
| CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. |
| CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. |
| CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. |
| CLTPHP <=6.0 is vulnerable to Directory Traversal. |
| CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. |
| Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. |
| Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). |
| Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. |
| Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user. |
| Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. |
| Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function. |
| Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command. |
| Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function. |
| Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. |