Total
26231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7463 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-08-15 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7464 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-08-15 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273557 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7465 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2024-08-15 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | |||||
| CVE-2024-20082 | 2024-08-14 | N/A | 9.8 CRITICAL | ||
| In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529. | |||||
| CVE-2024-39397 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | N/A | 9.0 CRITICAL |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed. | |||||
| CVE-2024-42543 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-08-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | |||||
| CVE-2024-38530 | 1 Openeclass | 1 Openeclass | 2024-08-13 | N/A | 9.8 CRITICAL |
| The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16. | |||||
| CVE-2024-6917 | 1 Veribase | 1 Order Management | 2024-08-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. | |||||
| CVE-2023-7249 | 1 Opentext | 1 Directory Services | 2024-08-13 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. | |||||
| CVE-2024-42547 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | |||||
| CVE-2024-7616 | 1 Edimax | 4 Ic-5150w, Ic-5150w Firmware, Ic-6220dc and 1 more | 2024-08-13 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-42545 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-08-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. | |||||
| CVE-2024-42520 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. | |||||
| CVE-2024-7311 | 1 Fabianros | 1 Online Bus Reservation Site | 2024-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273203. | |||||
| CVE-2024-38989 | 2024-08-13 | N/A | 9.8 CRITICAL | ||
| izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-43160 | 2024-08-13 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. | |||||
| CVE-2024-43153 | 2024-08-13 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10. | |||||
| CVE-2024-7094 | 2024-08-13 | N/A | 9.8 CRITICAL | ||
| The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. | |||||
| CVE-2024-43141 | 2024-08-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2. | |||||