Total
18193 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42813 | 1 Trendnet | 1 Tew-752dru Firmware | 2024-08-20 | 9.8 Critical |
| In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
| CVE-2024-42571 | 1 School Management System Project | 1 School Management System | 2024-08-20 | 9.8 Critical |
| School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | ||||
| CVE-2024-43354 | 1 Mycred | 1 Mycred | 2024-08-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue affects myCred: from n/a through 2.7.2. | ||||
| CVE-2024-42757 | 1 Asus | 1 Rt-n15u Firmware | 2024-08-20 | 9.8 Critical |
| Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | ||||
| CVE-2024-43245 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-08-20 | 9.8 Critical |
| Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. | ||||
| CVE-2024-43261 | 1 Naderfar | 1 Compute Links | 2024-08-19 | 9.6 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1. | ||||
| CVE-2024-42843 | 1 Projectworlds | 1 Online Examination System | 2024-08-19 | 9.8 Critical |
| Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | ||||
| CVE-2024-42639 | 1 H3c | 1 Gr-1100-p | 2024-08-19 | 9.8 Critical |
| H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-6330 | 1 Geo My Wp | 1 Geo My Wp | 2024-08-19 | 9.8 Critical |
| The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. | ||||
| CVE-2024-42850 | 1 Silverpeas | 1 Silverpeas | 2024-08-19 | 9.8 Critical |
| An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. | ||||
| CVE-2024-42634 | 1 Tenda | 1 Ac9 | 2024-08-19 | 9.8 Critical |
| A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. | ||||
| CVE-2024-42637 | 1 H3c | 1 R3010 Firmware | 2024-08-19 | 9.8 Critical |
| H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-23168 | 1 Xiexe | 1 Xsoverlay | 2024-08-19 | 9.8 Critical |
| Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. | ||||
| CVE-2024-27730 | 1 Friendica | 1 Friendica | 2024-08-19 | 9.8 Critical |
| Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. | ||||
| CVE-2024-42360 | 1 Wurmlab | 1 Sequenceserver | 2024-08-16 | 9.8 Critical |
| SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2. | ||||
| CVE-2024-28986 | 1 Solarwinds | 2 Web Help Desk, Webhelpdesk | 2024-08-16 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. | ||||
| CVE-2024-38652 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 9.1 Critical |
| Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | ||||
| CVE-2024-33958 | 1 Janobe | 2 Enegosyo System, Young Entrepreneur E-negosyo System | 2024-08-15 | 9.8 Critical |
| SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' parameter. | ||||
| CVE-2024-33957 | 1 Janobe | 2 Enegosyo System, Young Entrepreneur E-negosyo System | 2024-08-15 | 9.8 Critical |
| SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter | ||||
| CVE-2024-42546 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-15 | 9.8 Critical |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function. | ||||