CVE-2024-30571

An information leak in the BRStop.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-30569

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-30571

An information leak in the BRStop.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-30570

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-30571

CVE-2024-30571 describes an information disclosure in the Netgear R6850 router (v1.1.0.88) where the BRS_top.html component exposes sensitive information without authentication. The available connected records consistently identify this as an information-leak issue tied to that HTML component, wi...

CVE-2024-30569

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-30569

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-30569

Affected product: Netgear R6850 router, version 1.1.0.88. Vulnerability: Information disclosure in the currentsetting.htm page, exposing sensitive system information without authentication. Root cause (per sources): Hidden interface in currentsetting.htm that is not protected by authentication; u...

GHSA-J4PC-VQVC-4P9X Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateLCARelation...

CVE-2024-23119

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-23117

Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-23118

Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-23116

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateLCARelation...

CVE-2024-23115

Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateGroups function...

CVE-2024-0637

Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateDirectory...

GitLab Label Description Uncontrolled Resource Consumption Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of GitLab. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of label descriptions. By sending a crafted request, an attacker can consu...

PT-2024-15936 · WordPress · Wp Erp

Name of the Vulnerable Software and Affected Versions: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress versions up to, and including, 1.12.9 Description: The issue is related to time-based SQL Injection via the id parameter in the...

CVE-2024-1364

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's customid in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-1499

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings'titletags' parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-28339

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required...