Search Results (26956 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-42748 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 9.8 Critical
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42547 1 Totolink 2 A3100r, A3100r Firmware 2024-08-13 9.8 Critical
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
CVE-2024-42545 1 Totolink 2 A3700r, A3700r Firmware 2024-08-13 9.8 Critical
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.
CVE-2024-42520 1 Totolink 2 A3002r, A3002r Firmware 2024-08-13 9.8 Critical
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
CVE-2024-41270 1 Appleboy 1 Gorush 2024-08-12 9.1 Critical
An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.
CVE-2024-42395 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2024-08-12 9.8 Critical
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-42394 3 Arubanetworks, Hp, Hpe 4 Arubaos, Instantos, Aruba Networking Instantos and 1 more 2024-08-12 9.8 Critical
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-42393 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2024-08-12 9.8 Critical
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-28739 1 Koha 1 Koha 2024-08-12 9.6 Critical
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.
CVE-2024-7528 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.8 Critical
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7530 1 Mozilla 1 Firefox 2024-08-12 9.8 Critical
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129.
CVE-2024-7525 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.1 Critical
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7522 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.1 Critical
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-7521 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 9.8 Critical
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-32758 1 Johnsoncontrols 2 Exacqvision Client, Exacqvision Server 2024-08-09 7.5 High
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
CVE-2024-7332 1 Totolink 2 Cp450, Cp450 Firmware 2024-08-09 9.8 Critical
A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-33959 1 Janobe 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more 2024-08-08 9.8 Critical
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in '/admin/mod_reports/printreport.php' parameter.
CVE-2024-41237 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-08 9.8 Critical
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
CVE-2024-33970 1 Janobe 6 Credit Card, Debit Card Payment, Paypal and 3 more 2024-08-08 9.8 Critical
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.
CVE-2024-33966 1 Janobe 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more 2024-08-08 9.8 Critical
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.