Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9329 | 2024-09-30 | N/A | N/A | ||
| In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
| CVE-2024-24525 | 2024-08-29 | N/A | 9.8 CRITICAL | ||
| An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. | |||||
| CVE-2023-40819 | 1 Devlop.systems | 1 Id4portais | 2024-08-12 | N/A | 6.1 MEDIUM |
| ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability. | |||||
| CVE-2024-33433 | 2024-08-01 | N/A | 4.8 MEDIUM | ||
| Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. | |||||
| CVE-2024-31808 | 2024-08-01 | N/A | 8.8 HIGH | ||
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | |||||
| CVE-2023-7261 | 2024-07-03 | N/A | 7.3 HIGH | ||
| Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) | |||||
| CVE-2024-20306 | 2024-03-27 | N/A | 6.0 MEDIUM | ||
| A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system. | |||||
| CVE-2024-25979 | 2024-02-29 | N/A | 5.3 MEDIUM | ||
| The URL parameters accepted by forum search were not limited to the allowed parameters. | |||||