|
1911
|
5.4 |
MEDIUM
Network
|
squaredup
|
squaredup_ds_for_scom
|
SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2024-45180
|
2024-09-14 04:55 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1912
|
8.1 |
HIGH
Network
|
idec
|
windo\/i-nv4
windldr
|
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user cre…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-41716
|
2024-09-14 04:53 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1913
|
4.3 |
MEDIUM
Network
|
audiobookshelf
|
audiobookshelf
|
audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` i…
|
CWE-22
Path Traversal
|
CVE-2024-43797
|
2024-09-14 04:49 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1914
|
9.8 |
CRITICAL
Network
zyxel
|
nwa110ax_firmware
nwa1123-ac_pro_firmware
nwa1123acv3_firmware
nwa130be_firmware
nwa210ax_firmware
nwa220ax-6e_firmware
nwa50ax_firmware
nwa50ax_pro_firmware
nwa55axe_firmware…
|
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4)
and e…
|
CWE-78
OS Command
|
CVE-2024-7261
|
2024-09-14 04:39 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1915
|
9.8 |
CRITICAL
Network
cisco
|
smart_license_utility
|
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-20439
|
2024-09-14 04:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1916
|
9.8 |
CRITICAL
Network
tenda
|
i29_firmware
|
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-50986
|
2024-09-14 04:35 |
2023-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1917
|
9.8 |
CRITICAL
Network
tenda
|
ax12_firmware
|
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
|
CWE-77
Command Injection
|
CVE-2023-49428
|
2024-09-14 04:35 |
2023-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1918
|
9.8 |
CRITICAL
Network
tenda
|
ax12_firmware
|
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-49424
|
2024-09-14 04:35 |
2023-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1919
|
5.3 |
MEDIUM
Network
funnelforms
|
funnelforms_free
|
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
|
CWE-862
Missing Authorization
|
CVE-2024-7447
|
2024-09-14 04:33 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1920
|
5.3 |
MEDIUM
Network
permalink_manager_lite_project
|
permalink_manager_lite
|
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in al…
|
CWE-862
Missing Authorization
|
CVE-2024-8195
|
2024-09-14 04:28 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
