1821
|
9.8 |
CRITICAL
Network
zyxel
|
nwa110ax_firmware nwa1123-ac_pro_firmware nwa1123acv3_firmware nwa130be_firmware nwa210ax_firmware nwa220ax-6e_firmware nwa50ax_firmware nwa50ax_pro_firmware nwa55axe_firmware…
|
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4)
and e…
|
CWE-78
OS Command
|
CVE-2024-7261
|
2024-09-14 04:39 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1822
|
9.8 |
CRITICAL
Network
cisco
|
smart_license_utility
|
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-20439
|
2024-09-14 04:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1823
|
9.8 |
CRITICAL
Network
tenda
|
i29_firmware
|
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-50986
|
2024-09-14 04:35 |
2023-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1824
|
9.8 |
CRITICAL
Network
tenda
|
ax12_firmware
|
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
|
CWE-77
Command Injection
|
CVE-2023-49428
|
2024-09-14 04:35 |
2023-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1825
|
9.8 |
CRITICAL
Network
tenda
|
ax12_firmware
|
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-49424
|
2024-09-14 04:35 |
2023-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1826
|
5.3 |
MEDIUM
Network
funnelforms
|
funnelforms_free
|
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
|
CWE-862
Missing Authorization
|
CVE-2024-7447
|
2024-09-14 04:33 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1827
|
5.3 |
MEDIUM
Network
permalink_manager_lite_project
|
permalink_manager_lite
|
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in al…
|
CWE-862
Missing Authorization
|
CVE-2024-8195
|
2024-09-14 04:28 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1828
|
5.5 |
MEDIUM
Local
|
cisco
|
duo_authentication_for_epic
|
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system.
This vulnerability is due to imprope…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2024-20503
|
2024-09-14 04:24 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1829
|
9.8 |
CRITICAL
Network
fabianros
|
hospital_management_system
|
A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component L…
|
CWE-89
SQL Injection
|
CVE-2024-8368
|
2024-09-14 04:23 |
2024-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1830
|
3.9 |
LOW
Physics
|
redhat opensc_project
|
enterprise_linux opensc
|
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially craft…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-45617
|
2024-09-14 04:21 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|