Search Results (366256 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3908 1 Tenda 2 Ac500, Ac500 Firmware 2025-01-17 6.3 Medium
A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261144. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7512 1 Concretecms 1 Concrete Cms 2025-01-17 4.8 Medium
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.6 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Versions below 9 are not affected. Thanks, m3dium for reporting. (CNA updated AC score to L based on CVSS 4.0 documentation)
CVE-2023-31752 1 Oretnom23 1 Employee And Visitor Gate Pass Logging System 2025-01-17 9.8 Critical
SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.
CVE-2023-42785 1 Fortinet 1 Fortios 2025-01-17 6.4 Medium
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
CVE-2023-42786 1 Fortinet 1 Fortios 2025-01-17 6.4 Medium
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
CVE-2024-32118 1 Fortinet 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager 2025-01-17 6.3 Medium
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
CVE-2024-33510 1 Fortinet 2 Fortios, Fortiproxy 2025-01-17 3.6 Low
AnĀ improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.
CVE-2024-35274 1 Fortinet 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager 2025-01-17 2.2 Low
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.
CVE-2024-47906 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 7.8 High
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
CVE-2024-11005 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11006 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2023-31762 1 Mydigoo 2 Dg-hamb, Dg-hamb Firmware 2025-01-17 7.5 High
Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.
CVE-2023-31761 1 Blitzwolf 2 Bw-is22, Bw-is22 Firmware 2025-01-17 7.5 High
Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.
CVE-2023-31759 1 Keruistore 2 Kerui W18, Kerui W18 Firmware 2025-01-17 7.5 High
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.
CVE-2021-3918 3 Debian, Json-schema Project, Redhat 8 Debian Linux, Json-schema, Acm and 5 more 2025-01-17 9.8 Critical
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2024-8495 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 7.5 High
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-8539 4 Apple, Ivanti, Linux and 1 more 4 Macos, Secure Access Client, Linux Kernel and 1 more 2025-01-17 7.1 High
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
CVE-2024-9843 2 Apple, Ivanti 2 Macos, Secure Access Client 2025-01-17 5 Medium
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
CVE-2024-9842 2 Ivanti, Microsoft 2 Secure Access Client, Windows 2025-01-17 7.3 High
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
CVE-2024-7571 2 Ivanti, Microsoft 2 Secure Access Client, Windows 2025-01-17 7.8 High
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.