| Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ... | Result(s) : 271694 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2024-04-18 | CVE-2024-30929 | cve | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php |
| N/A | 2024-04-18 | CVE-2024-32473 | cve | Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is... |
| N/A | 2024-04-18 | CVE-2024-3741 | cve | Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to t... |
| N/A | 2024-04-18 | CVE-2024-1491 | cve | The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-wei... |
| N/A | 2024-04-18 | CVE-2024-21846 | cve | An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-o... |
| N/A | 2024-04-18 | CVE-2024-21872 | cve | The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter. |
| N/A | 2024-04-18 | CVE-2024-22186 | cve | The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator. |
| N/A | 2024-04-18 | CVE-2024-3742 | cve | Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. |
| N/A | 2024-04-18 | CVE-2024-27306 | cve | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed i... |
| N/A | 2024-04-18 | CVE-2024-28185 | cve | Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker t... |
| N/A | 2024-04-18 | CVE-2024-28189 | cve | Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creatin... |
| N/A | 2024-04-18 | CVE-2024-29021 | cve | Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSR... |
| N/A | 2024-04-18 | CVE-2024-2796 | cve | A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer Portal in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. |
| N/A | 2024-04-18 | CVE-2024-30257 | cve | 1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may le... |
| N/A | 2024-04-18 | CVE-2024-30564 | cve | An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter o... |
| N/A | 2024-04-18 | CVE-2024-32466 | cve | Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even whe... |
| N/A | 2024-04-18 | CVE-2024-32470 | cve | Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and imme... |
| N/A | 2024-04-18 | CVE-2024-32475 | cve | Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header long... |
| N/A | 2024-04-18 | CVE-2024-32325 | cve | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. |
| N/A | 2024-04-18 | CVE-2024-32326 | cve | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. |
| Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ... | Result(s) : 271694 |
