141
|
8.1 |
HIGH
Network
|
totolink
|
a720r_firmware
|
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack…
Update
|
CWE-78
OS Command
|
CVE-2024-8869
|
2024-09-21 01:59 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
142
|
7.5 |
HIGH
Network
xiaohe4966
|
tpmecms
|
A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipu…
Update
|
CWE-22
Path Traversal
|
CVE-2024-8876
|
2024-09-21 01:58 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
143
|
6.7 |
MEDIUM
Local
|
cisco
|
identity_services_engine
|
A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system a…
Update
|
CWE-78
OS Command
|
CVE-2024-20469
|
2024-09-21 01:58 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
144
|
4.7 |
MEDIUM
Network
|
send_project
|
send
|
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-43799
|
2024-09-21 01:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
145
|
7.5 |
HIGH
Network
opendaylight
|
authentication\ _authorization_and_accounting
|
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue con…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46943
|
2024-09-21 01:56 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
146
|
8.8 |
HIGH
Network
|
qnap
|
qts quts_hero
|
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execu…
Update
|
CWE-120 CWE-122
Classic Buffer Overflow Heap-based Buffer Overflow
|
CVE-2024-32763
|
2024-09-21 01:49 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
147
|
4.7 |
MEDIUM
Network
|
qnap
|
qts quts_hero
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands …
Update
|
CWE-78
OS Command
|
CVE-2024-21906
|
2024-09-21 01:49 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
148
|
9.8 |
CRITICAL
Network
playsms
|
playsms
|
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot …
Update
|
CWE-94
Code Injection
|
CVE-2024-8880
|
2024-09-21 01:41 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
149
|
7.8 |
HIGH
Local
|
qnap
|
qts quts_hero
|
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perfo…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-39298
|
2024-09-21 01:39 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
150
|
6.1 |
MEDIUM
Network
|
intumit
|
smartrobot_firmware
|
SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting at…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8776
|
2024-09-21 01:38 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|