CVE-2024-12913

The CVE-2024-12913 entry covers Megatek Communication System Azora Wireless Network Management with an SQL injection flaw caused by improper neutralization of special elements in SQL commands. Affected version="through 20250916" and the vulnerability is exploitable via a LOCAL vector with LOW pri...

CVE-2024-12913 SQLi in Megatek Communication System's Azora Wireless Network Management

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection. This issue affects Azora Wireless Network Management: through 20250916. NOTE: The vendor did not inform about th...

CLSA-2025-1757963029 kernel-uek: Fix of 194 CVEs

rds: tcp: block BH in TCP callbacks - kexec: Improve & fix crashexcludememrange to handle overlapping ranges - module: correctly exit modulekallsymsoneachsymbol when fn != 0 - module: potential uninitialized return in modulekallsymsoneachsymbol - module: use RCU to synchronize findmodule -...

CVE-2024-9324 Intelbras InControl Relatório de Operadores Page operador code injection

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack...

Cloud firewall management API SNAFU put 500k SonicWall customers at risk

TL;DR I found an IDOR in SonicWalls cloud management platform API Any user could add themselves to any account at any organisation using it Anyone could create a user account to exploit the issue, from the public internet Can be used to change firewall rules, or add rogue VPN users, for example...