Total
277633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7741 | 2 Ltcms, Wanglongcn | 2 Ltcms, Ltcms | 2024-08-21 | 5.3 Medium |
| A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7740 | 2 Ltcms, Wanglongcn | 2 Ltcms, Ltcms | 2024-08-21 | 7.3 High |
| A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-41332 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2024-08-21 | 6.5 Medium |
| Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. | ||||
| CVE-2024-7614 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 8.8 High |
| A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7615 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 8.8 High |
| A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7613 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 8.8 High |
| A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43022 | 1 Tosei | 1 Online Store Management System | 2024-08-21 | 7.5 High |
| An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. | ||||
| CVE-2024-42608 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php. | ||||
| CVE-2024-42579 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-36131 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-21 | 8.8 High |
| An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. | ||||
| CVE-2024-28740 | 1 Koha | 1 Koha | 2024-08-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. | ||||
| CVE-2024-20083 | 1 Mediatek | 24 Mt6765, Mt6768, Mt6779 and 21 more | 2024-08-21 | 9.8 Critical |
| In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502. | ||||
| CVE-2024-40893 | 1 Firewalla | 1 Box Software | 2024-08-21 | 6.8 Medium |
| Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes. | ||||
| CVE-2024-40892 | 1 Firewalla | 1 Box Software | 2024-08-21 | 7.1 High |
| A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely). | ||||
| CVE-2024-39094 | 1 Friendica | 1 Friendica | 2024-08-21 | 5.4 Medium |
| Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. | ||||
| CVE-2024-42950 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-08-21 | 7.5 High |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2022-26327 | 2024-08-21 | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63. | ||||
| CVE-2022-26328 | 2024-08-21 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63. | ||||
| CVE-2024-43410 | 1 Russh Project | 1 Russh | 2024-08-21 | 7.5 High |
| Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1. | ||||
| CVE-2024-33656 | 1 Ami | 1 Aptio V | 2024-08-21 | 7.8 High |
| The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms | ||||