PT-2024-39936 · Teamplus Technology · Team+

Name of the Vulnerable Software and Affected Versions: Team+ from TEAMPLUS TECHNOLOGY affected versions not specified Description: The issue concerns a failure to properly validate a specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands and potentiall...

UBUNTU-CVE-2024-48949

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg" validation...

UBUNTU-CVE-2024-47663

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834writefrequency clkgetrate can return 0. In such case ad9834calcfreqreg call will lead to division by zero. Checking 'if fout clkfreq / 2' doesn't protec...

PT-2024-18669 · Cisco · Cisco Meraki Z Series Teleworker Gateway +2

Name of the Vulnerable Software and Affected Versions: Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices affected versions not specified Description: The issue is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker cou...

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from improper user authorization and insufficient validation of command parameters. Allows an...

PLANET switch devices 跨站脚本漏洞

PLANET switch devices are a series of switch devices from the Chinese company PLANET. A cross-site scripting vulnerability exists in PLANET switch devices, which stems from improper validation of web application parameters and is susceptible to stored cross-site scripting attacks...

CVE-2024-47087

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters Client ID, DPID or BOID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive...

PT-2024-32401 · Unknown · Apex Softcell Ld Geo

Name of the Vulnerable Software and Affected Versions: Apex Softcell LD Geo affected versions not specified Description: The issue exists due to improper validation of certain parameters Client ID, DPID, or BOID in the API endpoint. An authenticated remote attacker could exploit this by...

Cisco IOS XR 安全漏洞

Cisco IOS XR is an operating system developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS XR that stems from incorrect validation of parameters passed to specific CLI commands...

Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Trusted Firmware-M version 2.0.0 and prior versions, which stems from a lack of parameter validation in the logging...

CVE-2024-8328

Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks...

Tenda G3 Buffer Overflow Vulnerability (CNVD-2024-40839)

Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 version 15.11.0.20, which is caused by the enable/level/module parameter of the formSetDebugCfg function in the /goform/setDebugCfg file failing to correctly validate the length of the input data,...

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform 跨站脚本漏洞

HWA JIUH DIGITAL Easy test Online Learning and Testing Platform is an Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL. A cross-site scripting vulnerability exists in HWA JIUH DIGITAL Easy test Online Learning and Testing Platform versions prior to 24A01, which stems from...

Gether 6SHR System SQL注入漏洞

Gether 6SHR System is a system from Gether, Inc. Gether 6SHR System suffers from a SQL injection vulnerability that originates from not properly validating specific page parameters, which allows remote attackers with regular privileges to inject SQL commands to read, modify, and delete database...

PT-2024-38633 · Sonaar · Mp3 Audio Player – Music Player

Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.7.0.1 Description: The issue is related to unauthorized arbitrary file deletion due to a missing capability check on t...

Cisco NX-OS Software 安全漏洞

Cisco NX-OS Software is a suite of data center-grade operating system software used by switches from Cisco USA. A security vulnerability exists in Cisco NX-OS Software that stems from insufficient validation of parameters for specific CLI commands. An attacker exploiting this vulnerability could...

Kashipara Music Management System SQL Injection Vulnerability (CNVD-2024-37436)

Kashipara Music Management System is a music management system from Kashipara. Kashipara Music Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the email parameter of /music/ajax.php?action=login against external SQL input, which c...

CVE-2024-7732

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

Online Bus Reservation Site SQL Injection Vulnerability

Online Bus Reservation Site is an online bus reservation site. A SQL injection vulnerability exists in Online Bus Reservation Site version 1.0 due to a lack of validation of parameter Email against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQ...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.4.0 through versions prior to 3.12.4, which stems from insufficient validation of parameters and allows an attacker to execute arbitrary JavaScript on the server side, which in turn...