CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/09/05 1:0 p.m.•28 views

CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication

6.3CVSS0.00541EPSS

Vulnrichment•added 2024/09/05 1:0 p.m.•24 views

CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication

6.3CVSS7.2AI score0.00541EPSS

CVE•added 2024/09/05 1:0 p.m.•86 views

CVE-2024-8462

Windmill 1.380.0 is affected by CVE-2024-8462 in the HTTP Request Handler (backend/windmill-api/src/users.rs), leading to improper restriction of excessive authentication attempts. The vulnerability is exploitable remotely with high attack complexity and low reported impact; upgrading to version ...

6.3CVSS4.2AI score0.00541EPSS

Positive Technologies•added 2024/09/05 12:0 a.m.•3 views

PT-2024-39029 · Windmill · Windmill

Name of the Vulnerable Software and Affected Versions: Windmill version 1.380.0 Description: A vulnerability exists in the HTTP Request Handler component, affecting an unknown function of the file backend/windmill-api/src/users.rs. This issue leads to improper restriction of excessive...

6.3CVSS4.8AI score0.00541EPSS

Exploits0References14

NVD•added 2024/08/24 7:15 p.m.•16 views

CVE-2024-8133

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This...

9.8CVSS0.07945EPSS

CVE•added 2024/08/24 7:0 p.m.•76 views

CVE-2024-8133

CVE-2024-8133 affects D-Link NAS/DNS devices (e.g., DNS-120, DNS-320/320L/320LW, DNS-325, DNS-327L, DNS-1100-4, DNS-1550-04, etc.) and stems from command injection in the HTTP POST handler function listed as cgi_FMT_R5_SpareDsk_DiskMGR within /cgi-bin/hd_config.cgi. The vulnerability arises from ...

9.8CVSS7.8AI score0.07945EPSS

Exploits1References6Affected Software1

NVD•added 2024/08/24 6:15 p.m.•25 views

CVE-2024-8132

9.8CVSS0.22809EPSS

Vulnrichment•added 2024/08/24 3:31 p.m.•13 views

CVE-2024-8129 D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3_modify command injection

A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affecte...

6.5CVSS7.8AI score0.22247EPSS

Vulnrichment•added 2024/08/24 11:31 a.m.•25 views

CVE-2024-8128 D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_add_zip command injection

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Th...

6.5CVSS7.5AI score0.08031EPSS

CVE•added 2024/08/24 9:31 a.m.•63 views

CVE-2024-8127

The CVE-2024-8127 family affects D-Link NAS/DVR devices (DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW/321, DNR-322L, DNS-323/325/326/327L, DNR-326, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04) with a command-injection in the CGI unzip function of /cgi-bin/webfile_mgr.cgi ...

9.8CVSS7AI score0.06729EPSS

Exploits1References6Affected Software1

Positive Technologies•added 2024/08/24 12:0 a.m.•4 views

PT-2024-38817 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120 up to 20240814 D-Link DNR-202L up to 20240814 D-Link DNS-315L up to 20240814 D-Link DNS-320 up to 20240814 D-Link DNS-320L up to 20240814 D-Link DNS-320LW up to 20240814 D-Link DNS-321 up to 20240814 D-Link DNR-322L up to...

9.8CVSS7.5AI score0.08031EPSS

Exploits1References10

NVD•added 2024/08/13 1:24 a.m.•20 views

CVE-2024-7707

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow...

9.8CVSS0.01277EPSS

NVD•added 2024/07/28 2:15 p.m.•24 views

CVE-2024-7158

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

8.8CVSS0.03086EPSS

CVE•added 2024/07/28 1:31 p.m.•52 views

CVE-2024-7158

CVE-2024-7158 affects TOTOLINK A3100R (v4.1.2cu.5050_B20200504). The vulnerability is in the HTTP POST Request Handler’s setTelnetCfg function (/cgi-bin/cstecgi.cgi): manipulation of the telnet_enabled argument enables command injection. Impact is remote exploitation with potential high severity ...

8.8CVSS7AI score0.03086EPSS

Exploits1References4Affected Software1

Cvelist•added 2024/07/28 1:31 p.m.•24 views

CVE-2024-7158 TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection

6.5CVSS0.03086EPSS

NVD•added 2024/07/24 11:15 a.m.•28 views

CVE-2024-7066

A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/configtimesync.php of the component HTTP POST Request Handler. The manipulation of the argument ntpserver leads to os command...

9.8CVSS0.03366EPSS