Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-30586 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30585 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30584 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. Published: March 28, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30583 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29898 |
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29897 |
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29882 |
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29200 |
Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0. Published: March 28, 2024; 10:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28109 |
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2. Published: March 28, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6437 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported. Published: March 28, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30596 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. Published: March 28, 2024; 9:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30594 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. Published: March 28, 2024; 9:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30593 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. Published: March 28, 2024; 9:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29896 |
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0. Published: March 28, 2024; 9:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27775 |
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash Published: March 28, 2024; 9:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30595 |
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. Published: March 28, 2024; 8:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30422 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1. Published: March 28, 2024; 5:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30421 |
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. Published: March 28, 2024; 5:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2818 |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. Published: March 28, 2024; 4:15:26 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6371 |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. Published: March 28, 2024; 4:15:26 AM -0400 |
V3.x:(not available) V2.0:(not available) |