Lucene search
K

2429 matches found

NVD
NVD
added 2024/10/27 9:15 p.m.15 views

CVE-2024-10428

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function setipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The...

8.6CVSS0.1413EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/27 9:0 p.m.52 views

CVE-2024-10429 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

8.6CVSS0.17215EPSS
Exploits1References4
NVD
NVD
added 2024/10/25 11:15 a.m.11 views

CVE-2024-10377

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiate...

9.8CVSS0.00673EPSS
Exploits1References4
CVE
CVE
added 2024/10/25 11:0 a.m.50 views

CVE-2024-10376

Consolidated details from connected documents confirm CVE-2024-10376 affects ESAFENET CDG version 5, specifically the actionPassOrNotAutoSign function in AutoSignService.java. The root cause is manipulation of the UniqueId parameter leading to SQL injection, exploitable remotely and publicized. T...

9.8CVSS7AI score0.00719EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/10/23 12:15 p.m.13 views

CVE-2024-10277

A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has bee...

9.8CVSS0.00569EPSS
Exploits1References4
OSV
OSV
added 2024/10/23 8:15 a.m.3 views

CVE-2024-43924

Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7...

9.8CVSS5.8AI score0.0052EPSS
Exploits0References1
NVD
NVD
added 2024/10/23 8:15 a.m.26 views

CVE-2024-43924

Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7...

9.8CVSS0.0052EPSS
Exploits0References1
CVE
CVE
added 2024/10/23 7:30 a.m.58 views

CVE-2024-43924

CVE-2024-43924 concerns a Missing Authorization vulnerability in the WordPress plugin dFactory Responsive Lightbox, affecting versions from n/a to 2.4.7 and allowing access to functionality not properly constrained by ACLs. The issue is described as a Missing Authorization vulnerability with high...

9.8CVSS6.4AI score0.0052EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/23 7:30 a.m.19 views

CVE-2024-43924 WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7...

5.3CVSS0.0052EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.7 views

PT-2024-30785 · Unknown · Dfactory Responsive Lightbox

Name of the Vulnerable Software and Affected Versions: dFactory Responsive Lightbox versions 2.4.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For dFactory Responsiv...

9.8CVSS6.5AI score0.0052EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.4 views

WordPress plugin Responsive Lightbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.7AI score0.0052EPSS
Exploits0References1
CVE
CVE
added 2024/10/20 8:31 a.m.48 views

CVE-2024-10195

The CVE-2024-10195 entry concerns Tecno 4G Portable WiFi TR118 (V008-20220830). A vulnerability exists in the SMS Check module via the endpoint /goform/goform_get_cmd_process where manipulation of the order_by argument enables SQL injection. Exploitation is described as remote. Several sources co...

9.8CVSS5.5AI score0.00391EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/20 8:31 a.m.14 views

CVE-2024-10195 Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection

A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goformgetcmdprocess of the component SMS Check. The manipulation of the argument orderby leads to sql injection...

5.8CVSS7.3AI score0.00391EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/20 5:0 a.m.17 views

CVE-2024-10173 didi DDMQ Console Module improper authentication

A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has be...

7.5CVSS6.8AI score0.00702EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/10/18 7:0 p.m.12 views

CVE-2024-10122 Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the...

5.1CVSS7.2AI score0.00484EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/18 6:31 p.m.14 views

CVE-2024-10121 wfh45678 Radar Interface authorization

A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclos...

7.5CVSS6.7AI score0.00673EPSS
Exploits1References4
NVD
NVD
added 2024/10/17 8:15 p.m.15 views

CVE-2024-49282

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox responsive-lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through = 2.4.8...

5.9CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2024/10/17 8:15 p.m.14 views

CVE-2024-49280

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weblizar - WordPress Themes & Plugin Lightbox slider – Responsive Lightbox Gallery simple-lightbox-gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n...

6.5CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 7:16 p.m.39 views

CVE-2024-49280

CVE-2024-49280 concerns the WordPress plugin “Lightbox slider – Responsive Lightbox Gallery.” The vulnerability is a stored XSS arising from improper neutralization of input during web page generation, enabling stored cross-site scripting in affected pages. The entry states the issue affects vers...

6.5CVSS5.2AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/17 7:16 p.m.22 views

CVE-2024-49280 WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weblizar - WordPress Themes & Plugin Lightbox slider – Responsive Lightbox Gallery simple-lightbox-gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n...

6.5CVSS0.00245EPSS
Exploits0References1
Rows per page
Query Builder