CVE-2023-52948

Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors...

CVE-2022-49038

The CVE-2022-49038 vulnerability affects Synology Drive Client, where the OpenSSL DLL component allegedly contains functionality from an untrusted control sphere that enables local users to execute arbitrary code via unspecified vectors. Affected software: Synology Drive Client versions prior to ...

CVE-2022-49038

Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors...

CVE-2024-45453

CVE-2024-45453 concerns the WordPress Maintenance Redirect plugin ≤ 2.0.1. The vulnerability is an Authentication Bypass by Spoofing that enables accessing functionality not properly constrained by ACLs. Affected software: Maintenance Redirect versions n/a through 2.0.1. Impact per sources: unaut...

CVE-2024-37779

CVE-2024-37779 affects WoodWing Elvis DAM v6.98.1 and describes an authenticated remote command execution via the Apache Ant script functionality. The Red Hat/NVD/CVE entries confirm the vulnerability and context (authenticated RCE, Ant script). Connected sources note that exploitation details ar...

CVE-2024-8963

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality...

Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders

Overview Multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2024-41929 OS command injection CWE-78 - CVE-2024-43778 Hidden functionality CWE-912 - CVE-2024-47001 Yoshiki Mori, Ushimaru...

CVE-2024-8963

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Ivanti Cloud Services Appliance 安全漏洞

The Ivanti Cloud Services Appliance Ivanti CSA is an Internet application from Ivanti Corporation, USA. It provides secure communications and functionality over the Internet. A security vulnerability exists in the Ivanti Cloud Services Appliance prior to version 4.6 Patch 519, which stems from th...

CVE-2024-47001

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

CVE-2024-47001

The CVE-2024-47001 entry concerns a Hidden functionality issue in TAKENAKA ENGINEERING CO., LTD. digital video recorders. Connected sources confirm the vulnerability affects multiple TAKENAKA models (e.g., HDVR-400, HDVR-800, HDVR-1600, AHD04T-A/AHD08T-A/AHD16T-A, NVR04T-A/NVR08T-A, NVR16T-A, wit...

CVE-2024-47001

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

TAKENAKA ENGINEERING多款产品 安全漏洞

TAKENAKA ENGINEERING HDVR-400 and others are a digital video recorder from TAKENAKA ENGINEERING. A security vulnerability exists in various TAKENAKA ENGINEERING products, which stems from a hidden functionality issue that could allow a remote, authenticated attacker to execute arbitrary operating...

CVE-2024-8110

Denial of Service DoS vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers...

CVE-2024-45696

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

CVE-2024-45697 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...

CVE-2024-45696 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

CVE-2024-45696 D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the...

Withdrawn Advisory: Lunary improper access control vulnerability

Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...

GHSA-6P2Q-8QFQ-WQ7X Withdrawn Advisory: Lunary improper access control vulnerability

Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...