CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

CVE-2024-37826

A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2024-37826

CVE-2024-37826 describes a NULL pointer dereference in vercot Serva v4.6.0 that can cause a Denial of Service (DoS) via a crafted HTTP request. Public sources (NVD, CVE listing, Red Hat, CNNVD, CVE database) corroborate the same issue. According to the available data, the attack vector is NETWORK...

CVE-2024-37826

A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2024-6908

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...

Cisco Secure Email Gateway Server-Side Template Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

CVE-2024-23663

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

Fortinet FortiWeb - Unauthorized Configuration Download (FG-IR-22-460)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-460 advisory. - An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through...

CVE-2023-37929

CVE-2023-37929 refers to a buffer overflow in the CGI program of the Zyxel VMG3625-T50B firmware (V5.50(ABPM.8)C0). The vulnerability allows an authenticated remote attacker to trigger denial of service by sending a crafted HTTP request to the affected device. CVSSv3.1 metrics indicate an attacke...

Zyxel VMG3625-T50B 安全漏洞

The Zyxel VMG3625-T50B is a WiFi device from China's Heqin Technology Zyxel. A security vulnerability exists in the Zyxel VMG3625-T50B V5.50ABPM.8C0 firmware version, which originates from a CGI program that contains a buffer overflow vulnerability that could allow an authenticated, remote attack...

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

CVE-2024-0840

CVE-2024-0840 affects Grandstream UCM Series IP PBX firmwares prior to 1.0.20.52 (UCM6202/6204/6208/6510). A parameter injection vulnerability in the HTTP interface allows a remote, authenticated attacker to execute arbitrary code by sending a crafted HTTP request; authentication may be possible ...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

CVE-2024-32394

CVE-2024-32394 affects Ruijie RG-RSR10-01G-T(WA)-S devices (RSR 3.0(1)B9P2 and RSR10-01G-TW-S 07150910). The issue permits remote code execution via a crafted HTTP request, with CVSSv3.1 metrics indicating adjacent access, no privileges required, and user interaction not needed; impact is High on...