981
|
7.5 |
HIGH
Network
wago
|
750-363\/040-000_firmware 750-362\/040-000_firmware 750-362\/000-001_firmware 750-891_firmware 750-365\/040-010_firmware 750-364\/040-010_firmware 750-362_firmware 750-363_firmwa…
|
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2023-1150
|
2024-10-2 15:15 |
2023-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
982
|
5.3 |
MEDIUM
Network
phoenixcontact
|
fl_mguard_2102_firmware fl_mguard_4102_pci_firmware fl_mguard_4102_pcie_firmware fl_mguard_4302_firmware fl_mguard_centerport_firmware fl_mguard_centerport_vpn-1000_firmware fl_mgua…
|
Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the …
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2023-2673
|
2024-10-2 15:15 |
2023-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
983
|
6.1 |
MEDIUM
Network
|
ckeditor
|
ckeditor5
|
CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45613
|
2024-10-2 07:15 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
984
|
9.8 |
CRITICAL
Network
totolink
|
a3300r_firmware
|
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
|
CWE-78
OS Command
|
CVE-2024-23058
|
2024-10-2 06:35 |
2024-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
985
|
9.8 |
CRITICAL
Network
tenda
|
ax1803_firmware
|
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-51958
|
2024-10-2 06:35 |
2024-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
986
|
7.8 |
HIGH
Local
|
archive_project
|
archive
|
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.
|
NVD-CWE-noinfo
|
CVE-2023-39137
|
2024-10-2 06:35 |
2023-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
987
|
5.5 |
MEDIUM
Local
|
ziparchive_project
|
ziparchive
|
An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.
|
NVD-CWE-noinfo
|
CVE-2023-39136
|
2024-10-2 06:35 |
2023-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
988
|
6.5 |
MEDIUM
Network
|
apache
|
druid
|
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid a…
|
NVD-CWE-noinfo
|
CVE-2024-45537
|
2024-10-2 05:41 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
989
|
4.9 |
MEDIUM
Network
|
formtools
|
form_tools
|
A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts …
|
CWE-94
Code Injection
|
CVE-2024-6936
|
2024-10-2 05:37 |
2024-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
990
|
4.6 |
MEDIUM
Physics
|
ibm
|
infosphere_information_server
|
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-37533
|
2024-10-2 05:35 |
2024-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|