U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,202 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-3042

A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431.

Published: March 28, 2024; 11:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-3041

A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 28, 2024; 11:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-3040

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 28, 2024; 11:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-3039

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 28, 2024; 11:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31140

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

Published: March 28, 2024; 11:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector

Published: March 28, 2024; 11:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

Published: March 28, 2024; 11:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

Published: March 28, 2024; 11:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

Published: March 28, 2024; 11:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

Published: March 28, 2024; 11:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30612

Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30604

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30603

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30602

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30601

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30600

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30599

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30598

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30597

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.

Published: March 28, 2024; 11:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)