Latest CVE Feed
-
7.2
HIGHCVE-2024-4502
A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240428. Affected is an unknown function of the file /view/dhcp/dhcpClient/dhcp_client_commit.php. The manipulation of the argument ifName leads to os command injection. It is p... Read more
- Published: May. 05, 2024
- Modified: Aug. 21, 2025
-
7.2
HIGHCVE-2024-4501
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. This issue affects some unknown processing of the file /view/bugSolve/captureData/commit.php. The manipulation of the argument tcpDump leads to os command injection.... Read more
- Published: May. 05, 2024
- Modified: Aug. 21, 2025
-
4.3
MEDIUMCVE-2025-8891
The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attacker... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 21, 2025
-
8.8
HIGHCVE-2022-2433
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to ca... Read more
Affected Products : ajax_load_more- EPSS Score: %0.88
- Published: Sep. 06, 2022
- Modified: Aug. 21, 2025
-
9.1
CRITICALCVE-2024-39358
A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger th... Read more
- Published: Jan. 14, 2025
- Modified: Aug. 21, 2025
-
7.2
HIGHCVE-2024-4510
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_... Read more
- Published: May. 06, 2024
- Modified: Aug. 21, 2025
-
7.2
HIGHCVE-2024-5336
A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. This vulnerability affects the function addVlan of the file /view/networkConfig/vlan/vlan_add_commit.php. The manipulation of the argument phyport leads to os comma... Read more
- Published: May. 25, 2024
- Modified: Aug. 21, 2025
-
7.2
HIGHCVE-2024-5337
A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical. This issue affects some unknown processing of the file /view/systemConfig/sys_user/user_commit.php. The manipulation of the argument email2/user_name leads to os command... Read more
- Published: May. 25, 2024
- Modified: Aug. 21, 2025
-
7.2
HIGHCVE-2024-5340
A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection... Read more
- Published: May. 25, 2024
- Modified: Aug. 21, 2025
-
7.2
HIGHCVE-2024-5339
A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/vpn/autovpn/online_check.php. The manipulation of the argument peernode leads to os c... Read more
- Published: May. 25, 2024
- Modified: Aug. 21, 2025
-
9.1
CRITICALCVE-2024-39357
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque... Read more
- Published: Jan. 14, 2025
- Modified: Aug. 21, 2025
-
7.2
HIGHCVE-2024-5338
A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possibl... Read more
- Published: May. 25, 2024
- Modified: Aug. 21, 2025
-
8.2
HIGHCVE-2015-8397
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash... Read more
- EPSS Score: %2.06
- Published: Jan. 12, 2016
- Modified: Aug. 21, 2025
-
10.0
CRITICALCVE-2015-8396
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image... Read more
- EPSS Score: %23.52
- Published: Jan. 12, 2016
- Modified: Aug. 21, 2025
-
9.8
CRITICALCVE-2024-22391
A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger t... Read more
- Published: Apr. 25, 2024
- Modified: Aug. 21, 2025
-
9.8
CRITICALCVE-2024-22373
An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file ... Read more
- Published: Apr. 25, 2024
- Modified: Aug. 21, 2025
-
8.8
HIGHCVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated ... Read more
- Published: Apr. 17, 2024
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2023-45209
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can ma... Read more
- Published: Apr. 17, 2024
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2023-43491
An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an... Read more
- Published: Apr. 17, 2024
- Modified: Aug. 21, 2025
-
9.1
CRITICALCVE-2024-39359
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP req... Read more
- Published: Jan. 14, 2025
- Modified: Aug. 21, 2025