RD55UP06-V, Security Vulnerabilities
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst...
7.5AI Score
0.0004EPSS
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php...
6.4AI Score
0.0004EPSS
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php...
7.3AI Score
0.0004EPSS
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst...
7.2AI Score
0.0004EPSS
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php...
7.5AI Score
0.0004EPSS
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php...
7.8AI Score
0.0004EPSS
Flowmon Unauthenticated Command Injection
This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...
10CVSS
7.3AI Score
0.003EPSS
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Summary Installation of a maliciously crafted plugin allows for remote code execution by an authenticated attacker. Details Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API....
8.8CVSS
8.2AI Score
0.001EPSS
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Summary Installation of a maliciously crafted plugin allows for remote code execution by an authenticated attacker. Details Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API....
8.8CVSS
8.2AI Score
0.001EPSS
CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...
9.9CVSS
10AI Score
0.001EPSS
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token...
7.6AI Score
0.0004EPSS
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php...
6.3AI Score
0.0004EPSS
Tinyproxy HTTP request parsing uninitialized memory vulnerability
Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially...
5.9CVSS
7.7AI Score
0.0004EPSS
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst...
7.4AI Score
0.0004EPSS
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php...
7.2AI Score
0.0004EPSS
SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id...
7.5AI Score
0.0004EPSS
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token...
7.5AI Score
0.0004EPSS
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst...
7.5AI Score
0.0004EPSS
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php...
7.3AI Score
0.0004EPSS
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php...
7.8AI Score
0.0004EPSS
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php...
7.9AI Score
0.0004EPSS
Tinyproxy HTTP Connection Headers use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1889 Tinyproxy HTTP Connection Headers use-after-free vulnerability May 1, 2024 CVE Number CVE-2023-49606 SUMMARY A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP...
9.8CVSS
10AI Score
0.001EPSS
Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java...
7.4AI Score
0.0004EPSS
Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java...
7.7AI Score
0.0004EPSS
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php...
7.3AI Score
0.0004EPSS
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style...
6.1AI Score
0.0004EPSS
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS...
6.3AI Score
0.0004EPSS
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS...
6.1AI Score
0.0004EPSS
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style...
6.3AI Score
0.0004EPSS
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php...
6.5AI Score
0.0004EPSS
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules...
6.3AI Score
0.0004EPSS
An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules...
6.1AI Score
0.0004EPSS
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar...
6.9AI Score
0.0004EPSS
Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar...
7.2AI Score
0.0004EPSS
An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt...
6.4AI Score
0.0004EPSS
An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt...
6.4AI Score
0.0004EPSS
An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt...
6.6AI Score
0.0004EPSS
An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt...
7.1AI Score
0.0004EPSS
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php...
6.6AI Score
0.0004EPSS
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php...
6.4AI Score
0.0004EPSS
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php...
6.4AI Score
0.0004EPSS
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence...
6.8AI Score
0.0004EPSS
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence...
6.5AI Score
0.0004EPSS
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence...
6AI Score
0.0004EPSS
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the...
6.1AI Score
0.0004EPSS
SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php...
8.2AI Score
0.0004EPSS
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php...
6.1AI Score
0.0004EPSS
SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID...
7.8AI Score
0.0004EPSS
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the...
6.3AI Score
0.0004EPSS
SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php...
7.8AI Score
0.0004EPSS