|
181
|
- |
|
-
|
-
|
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. Th…
New
|
-
|
CVE-2024-49734
|
2025-01-23 02:15 |
2025-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
4.3 |
MEDIUM
Network
|
07fly
|
07flycms
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-57161
|
2025-01-23 02:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
4.3 |
MEDIUM
Network
|
07fly
|
07flycms
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-57160
|
2025-01-23 02:15 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
8.8 |
HIGH
Network
|
jfinaloa_project
|
jfinaloa
|
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
Update
|
CWE-89
SQL Injection
|
CVE-2024-57775
|
2025-01-23 02:07 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
8.8 |
HIGH
Network
|
jfinaloa_project
|
jfinaloa
|
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
Update
|
CWE-89
SQL Injection
|
CVE-2024-57770
|
2025-01-23 02:07 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
8.8 |
HIGH
Network
|
jfinaloa_project
|
jfinaloa
|
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
Update
|
CWE-89
SQL Injection
|
CVE-2024-57769
|
2025-01-23 02:07 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
9.8 |
CRITICAL
Network
tenda
|
ac18_firmware
|
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
Update
|
CWE-77
Command Injection
|
CVE-2024-57583
|
2025-01-23 01:53 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
188
|
9.8 |
CRITICAL
Network
tenda
|
ac18_firmware
|
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-57575
|
2025-01-23 01:53 |
2025-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
189
|
9.9 |
CRITICAL
Network
|
simple-help
|
simplehelp
|
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate p…
Update
|
NVD-CWE-noinfo
|
CVE-2024-57726
|
2025-01-23 01:25 |
2025-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a thro…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-23992
|
2025-01-23 01:15 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
