| Page(s) : 1 ... 333 334 335 336 337 338 339 340 341 342 [343] 344 345 346 347 348 349 350 351 352 353 ... | Result(s) : 299076 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-05-01 | CVE-2025-46633 | cve | Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server... |
| N/A | 2025-05-01 | CVE-2025-46632 | cve | Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypte... |
| N/A | 2025-05-01 | CVE-2025-46631 | cve | Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS ... |
| N/A | 2025-05-01 | CVE-2025-46630 | cve | Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system manag... |
| N/A | 2025-05-01 | CVE-2025-46629 | cve | Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration... |
| N/A | 2025-05-01 | CVE-2025-46628 | cve | Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access... |
| N/A | 2025-05-01 | CVE-2025-46627 | cve | Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easil... |
| N/A | 2025-05-01 | CVE-2025-46626 | cve | Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decryp... |
| N/A | 2025-05-01 | CVE-2025-46625 | cve | Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web ... |
| N/A | 2025-05-01 | CVE-2025-46569 | cve | Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing docu... |
| 7.5 | 2025-05-01 | CVE-2025-46568 | cve | Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced ... |
| 7.8 | 2025-05-01 | CVE-2025-46567 | cve | LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory pro... |
| 9.8 | 2025-05-01 | CVE-2025-46566 | cve | DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patch... |
| N/A | 2025-05-01 | CVE-2025-46565 | cve | Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a fi... |
| N/A | 2025-05-01 | CVE-2025-46345 | cve | Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user th... |
| N/A | 2025-05-01 | CVE-2025-44867 | cve | Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers... |
| N/A | 2025-05-01 | CVE-2025-44866 | cve | Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to exec... |
| N/A | 2025-05-01 | CVE-2025-44865 | cve | Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to exe... |
| N/A | 2025-05-01 | CVE-2025-44864 | cve | Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to exe... |
| N/A | 2025-05-01 | CVE-2025-44835 | cve | D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell. |
| Page(s) : 1 ... 333 334 335 336 337 338 339 340 341 342 [343] 344 345 346 347 348 349 350 351 352 353 ... | Result(s) : 299076 |
