2011
|
8.1 |
HIGH
Network
|
portabilis
|
i-educar
|
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal vie…
|
CWE-862
Missing Authorization
|
CVE-2024-45058
|
2024-09-14 05:06 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2012
|
6.1 |
MEDIUM
Network
|
portabilis
|
i-educar
|
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45057
|
2024-09-14 05:03 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2013
|
7.5 |
HIGH
Network
huawei
|
harmonyos emui
|
Vulnerability of permission verification for APIs in the DownloadProviderMain module
Impact: Successful exploitation of this vulnerability will affect availability.
|
NVD-CWE-noinfo
|
CVE-2024-45442
|
2024-09-14 05:00 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2014
|
5.4 |
MEDIUM
Network
|
squaredup
|
squaredup_ds_for_scom
|
SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2024-45180
|
2024-09-14 04:55 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2015
|
8.1 |
HIGH
Network
|
idec
|
windo\/i-nv4 windldr
|
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user cre…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-41716
|
2024-09-14 04:53 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2016
|
4.3 |
MEDIUM
Network
|
audiobookshelf
|
audiobookshelf
|
audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` i…
|
CWE-22
Path Traversal
|
CVE-2024-43797
|
2024-09-14 04:49 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2017
|
9.8 |
CRITICAL
Network
zyxel
|
nwa110ax_firmware nwa1123-ac_pro_firmware nwa1123acv3_firmware nwa130be_firmware nwa210ax_firmware nwa220ax-6e_firmware nwa50ax_firmware nwa50ax_pro_firmware nwa55axe_firmware…
|
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4)
and e…
|
CWE-78
OS Command
|
CVE-2024-7261
|
2024-09-14 04:39 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2018
|
9.8 |
CRITICAL
Network
cisco
|
smart_license_utility
|
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-20439
|
2024-09-14 04:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2019
|
9.8 |
CRITICAL
Network
tenda
|
i29_firmware
|
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-50986
|
2024-09-14 04:35 |
2023-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2020
|
9.8 |
CRITICAL
Network
tenda
|
ax12_firmware
|
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
|
CWE-77
Command Injection
|
CVE-2023-49428
|
2024-09-14 04:35 |
2023-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|