Latest CVE Feed
-
8.6
CVSS31CVE-2024-12757
Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code.... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
9.8
CVSS31CVE-2024-57582
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.... Read more
Affected Products :- Published: Jan. 16, 2025
- Modified: Jan. 17, 2025
-
9.8
CVSS31CVE-2024-57581
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.... Read more
Affected Products :- Published: Jan. 16, 2025
- Modified: Jan. 17, 2025
-
9.8
CVSS31CVE-2024-57580
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.... Read more
Affected Products :- Published: Jan. 16, 2025
- Modified: Jan. 17, 2025
-
3.5
CVSS31CVE-2024-54681
Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application.... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
4.4
CVSS31CVE-2024-53683
A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the in... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
4.3
CVSS31CVE-2024-45832
Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information.... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
6.1
CVSS31CVE-2024-26157
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the clie... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
4.8
CVSS31CVE-2024-26156
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and ref... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
6.8
CVSS31CVE-2024-26155
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection ... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
4.8
CVSS31CVE-2024-26154
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few differen... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
7.4
CVSS31CVE-2024-26153
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user into submitting a "setconf" method request, not requir... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
6.3
CVSS31CVE-2025-0531
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/leaveroom.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remo... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
3.5
CVSS31CVE-2025-0530
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation of the argument type leads to cross site scripting. The a... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
5.3
CVSS31CVE-2025-0529
A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the argument username leads to stack-based buffer overflow. At... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
7.2
CVSS31CVE-2025-0528
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to com... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
0.0
NONECVE-2024-50967
The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information.... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
7.3
CVSS31CVE-2025-0527
A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /signupconfirm.php. The manipulation of the argument in_eml leads to sql injection. T... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
0.0
NONECVE-2024-13503
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclu... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
-
0.0
NONECVE-2024-13502
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025