Total
26071 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7731 | 1 Secom | 1 Dr.id Access Control | 2024-08-22 | N/A | 9.8 CRITICAL |
| Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-45168 | 2024-08-22 | N/A | 9.1 CRITICAL | ||
| An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable. | |||||
| CVE-2024-45166 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. There is an access violation and EIP overwrite after five logins. | |||||
| CVE-2023-26211 | 1 Fortinet | 1 Fortisoar | 2024-08-22 | N/A | 9.0 CRITICAL |
| An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. | |||||
| CVE-2024-7707 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-22 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7743 | 1 Ltcms | 1 Ltcms | 2024-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7909 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-08-21 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7742 | 1 Ltcms | 1 Ltcms | 2024-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7740 | 1 Ltcms | 1 Ltcms | 2024-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7614 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7615 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7613 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-21 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-28740 | 1 Koha | 1 Koha | 2024-08-21 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. | |||||
| CVE-2024-20083 | 2024-08-21 | N/A | 9.8 CRITICAL | ||
| In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502. | |||||
| CVE-2024-42572 | 1 Arajajyothibabu | 1 School Management System | 2024-08-21 | N/A | 9.8 CRITICAL |
| School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. | |||||
| CVE-2024-42563 | 2024-08-21 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. | |||||
| CVE-2024-42556 | 2024-08-21 | N/A | 9.8 CRITICAL | ||
| Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php. | |||||
| CVE-2024-28000 | 2024-08-21 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. | |||||
| CVE-2024-35540 | 1 Typecho | 1 Typecho | 2024-08-21 | N/A | 9.0 CRITICAL |
| A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-8003 | 1 Gotribe | 1 Gotribe-admin | 2024-08-21 | 2.7 LOW | 9.8 CRITICAL |
| A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The patch is identified as 45ac90d6d1f82716f77dbcdf8e7309c229080e3c. It is recommended to apply a patch to fix this issue. | |||||