CVE-2024-33820 - Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the... read CVE-2024-33820
Published: May 01, 2024; 12:15:07 PM -0400

CVE-2024-34506 - An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousa... read CVE-2024-34506
Published: May 05, 2024; 3:15:07 PM -0400

CVE-2024-34507 - An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges... read CVE-2024-34507
Published: May 05, 2024; 3:15:07 PM -0400

CVE-2024-34510 - Gradio before 4.20 allows credential leakage on Windows.
Published: May 05, 2024; 4:15:07 PM -0400

CVE-2024-4549 - A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
Published: May 06, 2024; 10:15:08 AM -0400

CVE-2024-34470 - An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are pa... read CVE-2024-34470
Published: May 06, 2024; 11:15:24 AM -0400

CVE-2024-34472 - An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php ... read CVE-2024-34472
Published: May 06, 2024; 11:15:24 AM -0400

CVE-2024-33121 - Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.
Published: May 06, 2024; 4:15:11 PM -0400

CVE-2024-46540 - A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system p... read CVE-2024-46540
Published: September 30, 2024; 1:15:04 PM -0400

CVE-2024-47913 - An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized t... read CVE-2024-47913
Published: October 04, 2024; 6:15:02 PM -0400

CVE-2023-33538 - TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Published: June 07, 2023; 12:15:10 AM -0400

V3.1: 8.8 HIGH

CVE-2024-44068 - An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.
Published: October 07, 2024; 3:15:09 PM -0400

CVE-2025-43200 - This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18... read CVE-2025-43200
Published: June 16, 2025; 6:16:41 PM -0400

CVE-2024-46292 - A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's document... read CVE-2024-46292
Published: October 09, 2024; 12:15:04 PM -0400

CVE-2024-45184 - An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds w... read CVE-2024-45184
Published: October 11, 2024; 5:15:06 PM -0400

CVE-2024-48700 - Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.
Published: October 25, 2024; 2:15:04 PM -0400

CVE-2024-48112 - A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
Published: October 30, 2024; 5:15:14 PM -0400

CVE-2024-34402 - An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
Published: May 02, 2024; 9:15:48 PM -0400

CVE-2024-34403 - An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.
Published: May 02, 2024; 9:15:48 PM -0400

CVE-2024-33791 - A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function.
Published: May 03, 2024; 1:15:08 PM -0400