๐จ CVE-2024-50659
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
๐@cveNotify
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
๐@cveNotify
๐จ CVE-2024-50660
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
๐@cveNotify
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
๐@cveNotify
๐จ CVE-2024-53522
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
๐@cveNotify
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
๐@cveNotify
HugeDomains
Hosxp.com is for sale | HugeDomains
Find a domain name today. We make it easy.
๐จ CVE-2024-54724
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
๐@cveNotify
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
๐@cveNotify
GitHub
detail/1.md at main ยท la12138la/detail
Contribute to la12138la/detail development by creating an account on GitHub.
๐จ CVE-2024-54887
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
๐@cveNotify
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
๐@cveNotify
GitHub
vulnerability-research/CVE-2024-54887 at main ยท JBince/vulnerability-research
Contribute to JBince/vulnerability-research development by creating an account on GitHub.
๐จ CVE-2024-54994
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
๐@cveNotify
GitHub
CVEs/CVE-2024-54994 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54996
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
๐@cveNotify
GitHub
CVEs/CVE-2024-54996 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54997
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
๐@cveNotify
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
๐@cveNotify
GitHub
CVEs/CVE-2024-54997 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54998
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
๐@cveNotify
GitHub
CVEs/CVE-2024-54998 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.
๐@cveNotify
GitHub
CVEs/CVE-2024-54999 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-46310
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint
๐@cveNotify
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint
๐@cveNotify
๐จ CVE-2024-57471
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
๐จ CVE-2024-57479
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
๐จ CVE-2024-57480
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
๐จ CVE-2024-57482
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
๐จ CVE-2024-42911
ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability.
๐@cveNotify
ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability.
๐@cveNotify
ECOVACS GLOBAL
Security Advisory - WiFi Remote Code Execution Vulnerability in Deebot Product Series
๐จ CVE-2024-57473
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
๐จ CVE-2024-57483
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.
๐@cveNotify
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.
๐@cveNotify
๐จ CVE-2025-22904
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.
๐@cveNotify
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.
๐@cveNotify
๐จ CVE-2025-22906
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.
๐@cveNotify
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.
๐@cveNotify
๐จ CVE-2025-22907
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.
๐@cveNotify
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.
๐@cveNotify