Total
277619 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42737 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 9.8 Critical |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-6823 | 1 Davidlingren | 1 Media Library Assistant | 2024-08-13 | 8.8 High |
| The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-6917 | 1 Veribase | 2 Order Management, Veribase Order Management | 2024-08-13 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. | ||||
| CVE-2024-42625 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 5.4 Medium |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add | ||||
| CVE-2024-42747 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 7.3 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 7.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-43231 | 2024-08-13 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3. | ||||
| CVE-2024-21550 | 1 Steve-community | 1 Steve | 2024-08-13 | 6.1 Medium |
| SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface. | ||||
| CVE-2024-27442 | 1 Zimbra | 1 Collaboration | 2024-08-13 | 7.8 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. | ||||
| CVE-2024-38530 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2024-08-13 | 9.8 Critical |
| The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16. | ||||
| CVE-2023-7249 | 1 Opentext | 1 Directory Services | 2024-08-13 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. | ||||
| CVE-2024-6788 | 1 Phoenixcontact | 4 Charx Sec 3000, Charx Sec 3050, Charx Sec 3100 and 1 more | 2024-08-13 | 8.6 High |
| A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password. | ||||
| CVE-2024-42736 | 1 Totolink | 1 X5000r Firmware | 2024-08-13 | 7.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42740 | 1 Totolink | 1 X5000r Firmware | 2024-08-13 | 6.8 Medium |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42745 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 9.8 Critical |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42748 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 9.8 Critical |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42547 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-13 | 9.8 Critical |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | ||||
| CVE-2024-42629 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 5.4 Medium |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10. | ||||
| CVE-2024-43156 | 2024-08-13 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10. | ||||
| CVE-2024-43127 | 2024-08-13 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11. | ||||