CVE-2024-45453

CVE-2024-45453 concerns the WordPress Maintenance Redirect plugin ≤ 2.0.1. The vulnerability is an Authentication Bypass by Spoofing that enables accessing functionality not properly constrained by ACLs. Affected software: Maintenance Redirect versions n/a through 2.0.1. Impact per sources: unaut...

CVE-2024-37779

CVE-2024-37779 affects WoodWing Elvis DAM v6.98.1 and describes an authenticated remote command execution via the Apache Ant script functionality. The Red Hat/NVD/CVE entries confirm the vulnerability and context (authenticated RCE, Ant script). Connected sources note that exploitation details ar...

CVE-2024-8963

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality...

Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders

Overview Multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2024-41929 OS command injection CWE-78 - CVE-2024-43778 Hidden functionality CWE-912 - CVE-2024-47001 Yoshiki Mori, Ushimaru...

CVE-2024-8963

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Ivanti Cloud Services Appliance 安全漏洞

The Ivanti Cloud Services Appliance Ivanti CSA is an Internet application from Ivanti Corporation, USA. It provides secure communications and functionality over the Internet. A security vulnerability exists in the Ivanti Cloud Services Appliance prior to version 4.6 Patch 519, which stems from th...

CVE-2024-47001

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

CVE-2024-47001

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

CVE-2024-47001

The CVE-2024-47001 entry concerns a Hidden functionality issue in TAKENAKA ENGINEERING CO., LTD. digital video recorders. Connected sources confirm the vulnerability affects multiple TAKENAKA models (e.g., HDVR-400, HDVR-800, HDVR-1600, AHD04T-A/AHD08T-A/AHD16T-A, NVR04T-A/NVR08T-A, NVR16T-A, wit...

TAKENAKA ENGINEERING多款产品 安全漏洞

TAKENAKA ENGINEERING HDVR-400 and others are a digital video recorder from TAKENAKA ENGINEERING. A security vulnerability exists in various TAKENAKA ENGINEERING products, which stems from a hidden functionality issue that could allow a remote, authenticated attacker to execute arbitrary operating...

CVE-2024-8110

Denial of Service DoS vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers...

CVE-2024-45696

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

CVE-2024-45697 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...

CVE-2024-45696 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

CVE-2024-45696 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

GHSA-6P2Q-8QFQ-WQ7X Withdrawn Advisory: Lunary improper access control vulnerability

Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...

Withdrawn Advisory: Lunary improper access control vulnerability

Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...

OSV-2024-1059 UNKNOWN READ in chunk_free_object

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538184 Crash type: UNKNOWN READ Crash state: chunkfreeobject fileclosefile sclose...

CVE-2024-8622

The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amchartsjavascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality. This mak...

Siemens SIMATIC RFID Readers Hidden Function Vulnerability

SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...