CVE Notify
19.3K subscribers
4 photos
202K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2024-50658
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-50659
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-50660
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-53522
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-54724
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-54887
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-54994
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-54996
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-54997
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-54998
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-46310
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57471
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57479
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57480
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57482
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-42911
ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57473
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-57483
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22904
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-22906
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.

๐ŸŽ–@cveNotify