Vulnerabilities (CVE)

Total 302408 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6917 1 Veribase 1 Order Management 2024-08-13 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2.
CVE-2023-7249 1 Opentext 1 Directory Services 2024-08-13 N/A 9.8 CRITICAL
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1.
CVE-2024-42745 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42748 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42547 1 Totolink 2 A3100r, A3100r Firmware 2024-08-13 N/A 9.8 CRITICAL
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
CVE-2024-42629 1 Frogcms Project 1 Frogcms 2024-08-13 N/A 8.8 HIGH
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.
CVE-2024-7616 1 Edimax 4 Ic-5150w, Ic-5150w Firmware, Ic-6220dc and 1 more 2024-08-13 5.2 MEDIUM 9.8 CRITICAL
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7408 1 Airveda 2 Pm2.5 Pm10 Monitor, Pm2.5 Pm10 Monitor Firmware 2024-08-13 N/A 6.5 MEDIUM
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.
CVE-2024-42632 1 Frogcms Project 1 Frogcms 2024-08-13 N/A 8.8 HIGH
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
CVE-2024-42630 1 Frogcms Project 1 Frogcms 2024-08-13 N/A 8.8 HIGH
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
CVE-2024-42626 1 Frogcms Project 1 Frogcms 2024-08-13 N/A 8.8 HIGH
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
CVE-2024-42545 1 Totolink 2 A3700r, A3700r Firmware 2024-08-13 N/A 9.8 CRITICAL
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.
CVE-2024-42520 1 Totolink 2 A3002r, A3002r Firmware 2024-08-13 N/A 9.8 CRITICAL
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
CVE-2024-41240 1 Lopalopa 1 Responsive School Management System 2024-08-13 N/A 6.1 MEDIUM
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
CVE-2024-7399 1 Samsung 1 Magicinfo 9 Server 2024-08-13 N/A 7.5 HIGH
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
CVE-2024-37129 1 Dell 1 Inventory Collector 2024-08-13 N/A 7.8 HIGH
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.
CVE-2022-4002 1 Motorola 2 Q14, Q14 Firmware 2024-08-13 N/A 7.2 HIGH
A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CVE-2022-4003 1 Motorola 2 Q14, Q14 Firmware 2024-08-13 N/A 6.5 MEDIUM
A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.
CVE-2024-7272 1 Ffmpeg 1 Ffmpeg 2024-08-13 7.5 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2023-1577 1 Lenovo 1 Drivers Management 2024-08-13 N/A 7.8 HIGH
A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.