Search Results (120764 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3910 1 Tenda 2 Ac500, Ac500 Firmware 2025-01-21 8.8 High
A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3486 1 Microfocus 1 Imanager 2025-01-21 7.8 High
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
CVE-2024-3969 1 Microfocus 1 Imanager 2025-01-21 7.8 High
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
CVE-2024-3483 1 Microfocus 1 Imanager 2025-01-21 7.8 High
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
CVE-2024-3967 1 Microfocus 1 Imanager 2025-01-21 7.6 High
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
CVE-2024-3968 1 Microfocus 1 Imanager 2025-01-21 7.8 High
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
CVE-2024-3695 1 Oretnom23 1 Computer Laboratory Management System 2025-01-21 3.5 Low
A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability.
CVE-2024-3872 1 Mattermost 1 Mattermost Mobile 2025-01-21 3.1 Low
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.
CVE-2024-22889 1 Plone 1 Plone 2025-01-21 5.5 Medium
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
CVE-2024-27765 1 Jeewms 1 Jeewms 2025-01-21 7.5 High
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
CVE-2024-3875 1 Tenda 2 F1202, F1202 Firmware 2025-01-21 8.8 High
A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260909 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3876 1 Tenda 2 F1202, F1202 Firmware 2025-01-21 8.8 High
A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260910 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3877 1 Tenda 2 F1202, F1202 Firmware 2025-01-21 8.8 High
A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3878 1 Tenda 2 F1202, F1202 Firmware 2025-01-21 8.8 High
A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-31981 1 Xwiki 1 Xwiki 2025-01-21 10 Critical
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading.
CVE-2024-31983 1 Xwiki 1 Xwiki 2025-01-21 10 Critical
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations.
CVE-2024-31984 1 Xwiki 1 Xwiki 2025-01-21 10 Critical
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page.
CVE-2024-31987 1 Xwiki 1 Xwiki 2025-01-21 10 Critical
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.
CVE-2024-2022 1 Netentsec 1 Application Security Gateway 2025-01-21 6.3 Medium
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2021 1 Netentsec 1 Application Security Gateway 2025-01-21 6.3 Medium
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.