A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to...
4.3CVSS
6.7AI Score
0.0004EPSS
A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-4172 idcCMS cross-site request forgery
A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to...
4.3CVSS
5AI Score
0.0004EPSS
A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this...
8.8CVSS
7AI Score
0.0004EPSS
A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this...
8.8CVSS
8.8AI Score
0.0004EPSS
CVE-2024-4170 Tenda 4G300 sub_429A30 stack-based overflow
A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this...
8.8CVSS
9AI Score
0.0004EPSS
A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability....
8.8CVSS
7AI Score
0.0004EPSS
A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability....
8.8CVSS
8.9AI Score
0.0004EPSS
A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier....
8.8CVSS
6.9AI Score
0.0004EPSS
A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier....
8.8CVSS
8.8AI Score
0.0004EPSS
CVE-2024-4168 Tenda 4G300 sub_4260F0 stack-based overflow
A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability....
8.8CVSS
9AI Score
0.0004EPSS
CVE-2024-4167 Tenda 4G300 sub_422AA4 stack-based overflow
A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier....
8.8CVSS
8.9AI Score
0.0004EPSS
6.9AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc...
7.5AI Score
0.0004EPSS
Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php...
6.9AI Score
0.0004EPSS
Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted...
6.8AI Score
0.0004EPSS
CosmWasm affected by arithmetic overflows
Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: Uint{256,512}::pow / Int{256,512}::pow Int{256,512}::neg Affected if...
7.3AI Score
CosmWasm affected by arithmetic overflows
Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: Uint{256,512}::pow / Int{256,512}::pow Int{256,512}::neg Affected if...
7.3AI Score
Arithmetic overflows in cosmwasm-std
Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: Uint{256,512}::pow / Int{256,512}::pow Int{256,512}::neg Affected if...
7.3AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1322-2)
The remote host is missing an update for...
7.8CVSS
8.3AI Score
EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1332-1)
The remote host is missing an update for...
7.8CVSS
8.1AI Score
EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1332-2)
The remote host is missing an update for...
7.8CVSS
8.1AI Score
EPSS
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php...
7.8AI Score
0.0004EPSS
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php...
7.5AI Score
0.0004EPSS
An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php...
7.8AI Score
0.0004EPSS
An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php...
7.5AI Score
0.0004EPSS
An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php...
7.8AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1528)
The remote host is missing an update for the Huawei...
5.9CVSS
6.2AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1547)
The remote host is missing an update for the Huawei...
5.9CVSS
6.2AI Score
0.963EPSS
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php...
7.7AI Score
0.0004EPSS
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings...
7AI Score
0.0004EPSS
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings...
7.3AI Score
0.0004EPSS
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege...
6.6AI Score
0.0004EPSS
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege...
6.9AI Score
0.0004EPSS
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id...
7.3AI Score
0.001EPSS
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id...
7AI Score
0.001EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1322-1)
The remote host is missing an update for...
7.8CVSS
8.3AI Score
EPSS
Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-6739-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6739-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only...
7.8CVSS
7.6AI Score
0.003EPSS
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege...
6.8AI Score
0.0004EPSS
EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2024-1547)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.4AI Score
0.963EPSS
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6740-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6740-1 advisory. A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a...
7.8CVSS
8.1AI Score
0.003EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
7.2AI Score
0.003EPSS
Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings...
7.2AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.8AI Score
0.963EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1321-1)
The remote host is missing an update for...
7.8CVSS
7.2AI Score
EPSS
dolibarr/dolibarr is vulnerable to Session Hijacking. The vulnerability is due to inadequate user session management, allowing authenticated attackers to hijack victim users' session cookies and gain access to the CSRF protection tokens through interaction with a malicious web page, consequently...
6.8AI Score
0.0004EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8.4AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8AI Score
EPSS
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id...
7.2AI Score
0.001EPSS