| Page(s) : 1 ... 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 [1586] 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 ... | Result(s) : 329663 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2024-12-06 | CVE-2024-54143 | cve | openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduce... |
| N/A | 2024-12-06 | CVE-2024-54749 | cve | Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Suppl... |
| 6.1 | 2024-12-06 | CVE-2024-55268 | cve | A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote ... |
| 7.8 | 2024-12-06 | CVE-2024-11220 | cve | A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code... |
| 7.5 | 2024-12-06 | CVE-2024-42494 | cve | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information fr... |
| 5.3 | 2024-12-06 | CVE-2024-47043 | cve | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the em... |
| 9.8 | 2024-12-06 | CVE-2024-47547 | cve | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brut... |
| 4.8 | 2024-12-06 | CVE-2024-48703 | cve | PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. |
| N/A | 2024-12-06 | CVE-2024-48871 | cve | The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check i... |
| 7.5 | 2024-12-06 | CVE-2024-51727 | cve | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial... |
| N/A | 2024-12-06 | CVE-2024-52320 | cve | The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code exe... |
| N/A | 2024-12-06 | CVE-2024-52558 | cve | The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program. |
| 6.5 | 2024-12-06 | CVE-2024-11729 | cve | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_... |
| 6.5 | 2024-12-06 | CVE-2024-11730 | cve | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX act... |
| N/A | 2024-12-06 | CVE-2024-53907 | cve | An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential de... |
| N/A | 2024-12-06 | CVE-2024-53908 | cve | An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle data... |
| N/A | 2024-12-06 | CVE-2024-10771 | cve | Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Servi... |
| N/A | 2024-12-06 | CVE-2024-10772 | cve | Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up ... |
| N/A | 2024-12-06 | CVE-2024-10773 | cve | The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user l... |
| N/A | 2024-12-06 | CVE-2024-10774 | cve | Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication. |
| Page(s) : 1 ... 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 [1586] 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 ... | Result(s) : 329663 |
