Latest CVE Feed
-
0.0
NONECVE-2024-46451
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-46419
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
3.7
CVSS31CVE-2024-39772
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-7104
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-6401
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-7098
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
6.3
CVSS31CVE-2024-38315
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
4.3
CVSS31CVE-2024-8866
A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remot... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
5.9
CVSS31CVE-2024-45460
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
7.1
CVSS31CVE-2024-44053
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-44056
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
5.6
CVSS31CVE-2024-8880
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot of the component Template Handler. The manipulation of t... Read more
Affected Products : playsms- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
6.1
CVSS31CVE-2024-8776
SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
7.3
CVSS31CVE-2024-8862
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query l... Read more
Affected Products :- Published: Sep. 14, 2024
- Modified: Sep. 16, 2024
-
2.5
CVSS31CVE-2024-45835
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
9.8
CVSS31CVE-2024-45694
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
3.5
CVSS31CVE-2024-8863
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site... Read more
Affected Products : aim- Published: Sep. 14, 2024
- Modified: Sep. 16, 2024
-
5.5
CVSS31CVE-2024-8864
A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to c... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
3.5
CVSS31CVE-2024-8865
A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
3.5
CVSS31CVE-2024-8867
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads ... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024