2021
|
8.8 |
HIGH
Adjacent
|
dlink
|
covr-x1870_firmware dir-x4860_firmware
|
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded…
|
CWE-912
Hidden Functionality
|
CVE-2024-45696
|
2024-09-20 06:42 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2022
|
9.8 |
CRITICAL
Network
dlink
|
dir-x4860_firmware
|
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inj…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-45698
|
2024-09-20 06:40 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2023
|
9.8 |
CRITICAL
Network
dlink
|
dir-x4860_firmware
|
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS comm…
|
CWE-912
Hidden Functionality
|
CVE-2024-45697
|
2024-09-20 06:40 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2024
|
9.8 |
CRITICAL
Network
prixan
|
prixanconnect
|
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().
|
CWE-89
SQL Injection
|
CVE-2023-40920
|
2024-09-20 06:35 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2025
|
6.7 |
MEDIUM
Local
|
watchguard
|
epp_firmware edr_firmware epdr_firmware panda_ad360_firmware
|
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-26237
|
2024-09-20 06:35 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2026
|
7.8 |
HIGH
Local
|
acronis
|
cyber_protect_home_office
|
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2022-46869
|
2024-09-20 06:15 |
2023-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2027
|
9.8 |
CRITICAL
Network
pluck-cms
|
pluck
|
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-43042
|
2024-09-20 06:01 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2028
|
8.8 |
HIGH
Network
|
churchcrm
|
churchcrm
|
ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authen…
|
CWE-89
SQL Injection
|
CVE-2024-39304
|
2024-09-20 05:59 |
2024-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2029
|
8.8 |
HIGH
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an…
|
CWE-94
Code Injection
|
CVE-2024-34344
|
2024-09-20 05:58 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2030
|
7.5 |
HIGH
Network
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-42352
|
2024-09-20 05:55 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|