PT-2024-4146 · NetGear · Netgear Wnr614

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 version 1.1.0.54 1.0.1 Description: The issue is related to weaknesses in the authentication procedure of the Netgear WNR614 N300 Wi-Fi router. This allows attackers to bypass authentication and access the administrative...

CVE-2024-36674

LyLmespage v1.9.5 is vulnerable to Cross Site Scripting XSS via admin/link.php...

Cross-site Scripting

Overview Affected versions of this package are vulnerable to Cross-site Scripting through the dynamic setting of form legends in administrative interfaces. An attacker can execute arbitrary scripts in the context of the administrator's session by injecting malicious content into form fields that...

cjkcms-seo (=2.4.0), wagtail-liveedit (>=0.0.9 <=0.0.10) +8 more potentially affected by CVE-2024-35228 via wagtail (>=6.0.0 <=6.0.2)

wagtail PYPI version =6.0.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-35228 Source advisory: OSV:GHSA-XXFM-VMCF-G33F...

Shield Security – Smart Bot Blocking & Intrusion Prevention Security < 19.1.11 - Cross-Site Request Forgery

Description The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible fo...

CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...

CVE-2023-46297

CVE-2023-46297 affects Mercusys MW325R EU V3 (firmware 1.11.0 221019). An unauthenticated HTTP request can render the admin interface unreachable/invisible; data verification is not performed, and affected UI files become unavailable. The web server remains up, but the admin UI is hidden, typical...

SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled...

GHSA-PPM4-R2VC-PG74 SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled...

CVE-2024-35511

phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php...

CVE-2024-35559

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/infoMovedeal.php?mudi=rev&nohrefStr=close...

CVE-2024-34241

A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...

PT-2024-25762 · Rocketsoft · Rocket Lms

Name of the Vulnerable Software and Affected Versions: Rocketsoft Rocket LMS version 1.9 Description: A cross-site scripting XSS issue allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications, potentially compromisi...

PT-2024-40068 · Ez Systems +2 · Ez Platform +5

Name of the Vulnerable Software and Affected Versions: eZ Platform versions 1.13.x through 3.1.2 eZ Platform EE versions 2.5.13 through 3.1.2 CKEditor versions prior to 4.14 AlloyEditor versions prior to 2.11.9 Description: There are two security issues of low to medium severity. The first issue ...

CVE-2024-26007

An improper check or handling of exceptional conditions vulnerability CWE-703 in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests...

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

CVE-2024-35011

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/infoTypedeal.php?mudi=rev&nohrefStr=close...