Page(s) : 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 ... | Result(s) : 271811 |
Alerts
DATE | NAME | CATEGORIES | DETAIL | |
---|---|---|---|---|
N/A | 2024-04-18 | CVE-2024-1491 | cve | The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-wei... |
N/A | 2024-04-18 | CVE-2024-21846 | cve | An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-o... |
N/A | 2024-04-18 | CVE-2024-21872 | cve | The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter. |
N/A | 2024-04-18 | CVE-2024-22186 | cve | The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator. |
N/A | 2024-04-18 | CVE-2024-3742 | cve | Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. |
N/A | 2024-04-18 | CVE-2024-27306 | cve | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed i... |
N/A | 2024-04-18 | CVE-2024-28185 | cve | Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker t... |
N/A | 2024-04-18 | CVE-2024-28189 | cve | Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creatin... |
N/A | 2024-04-18 | CVE-2024-29021 | cve | Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSR... |
N/A | 2024-04-18 | CVE-2024-2796 | cve | A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer Portal in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. |
N/A | 2024-04-18 | CVE-2024-30257 | cve | 1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may le... |
N/A | 2024-04-18 | CVE-2024-30564 | cve | An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter o... |
N/A | 2024-04-18 | CVE-2024-32466 | cve | Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even whe... |
N/A | 2024-04-18 | CVE-2024-32470 | cve | Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and imme... |
N/A | 2024-04-18 | CVE-2024-32475 | cve | Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header long... |
N/A | 2024-04-18 | CVE-2024-32325 | cve | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. |
N/A | 2024-04-18 | CVE-2024-32326 | cve | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. |
N/A | 2024-04-18 | CVE-2024-32327 | cve | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. |
N/A | 2024-04-18 | CVE-2024-32332 | cve | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. |
N/A | 2024-04-18 | CVE-2024-32333 | cve | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. |
Page(s) : 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 ... | Result(s) : 271811 |