51
|
9.8 |
CRITICAL
Network
nitropack
|
nitropack
|
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7.
Update
|
CWE-94
Code Injection
|
CVE-2024-43922
|
2024-09-20 06:44 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
52
|
8.8 |
HIGH
Adjacent
|
dlink
|
covr-x1870_firmware dir-x4860_firmware
|
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded…
Update
|
CWE-912
Hidden Functionality
|
CVE-2024-45696
|
2024-09-20 06:42 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
53
|
9.8 |
CRITICAL
Network
dlink
|
dir-x4860_firmware
|
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inj…
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-45698
|
2024-09-20 06:40 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
54
|
9.8 |
CRITICAL
Network
dlink
|
dir-x4860_firmware
|
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS comm…
Update
|
CWE-912
Hidden Functionality
|
CVE-2024-45697
|
2024-09-20 06:40 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
55
|
9.8 |
CRITICAL
Network
prixan
|
prixanconnect
|
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().
Update
|
CWE-89
SQL Injection
|
CVE-2023-40920
|
2024-09-20 06:35 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
56
|
6.7 |
MEDIUM
Local
|
watchguard
|
epp_firmware edr_firmware epdr_firmware panda_ad360_firmware
|
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-26237
|
2024-09-20 06:35 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
57
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the a…
New
|
CWE-78
OS Command
|
CVE-2024-9004
|
2024-09-20 06:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
58
|
- |
|
-
|
-
|
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.…
New
|
CWE-284
Improper Access Control
|
CVE-2024-9003
|
2024-09-20 06:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
59
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
New
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43496
|
2024-09-20 06:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
60
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
New
|
CWE-843
Type Confusion
|
CVE-2024-43489
|
2024-09-20 06:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|