CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that stems from the openvpn.cgi openvpnclientsetup function failing to properly filter construct command special characters, commands, etc. The...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's openport parameter failing to correctly filter constructed command special characters,...

PT-2025-2516 · Wavlink +1 · Wavlink Ac3000 +1

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A vulnerability exists in the openvpn client setup function of the openvpn.cgi functionality, allowing for arbitrary command execution through a specially crafted HTTP request. An attacke...

CVE-2024-46921

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of...

CVE-2024-57799

In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM In some cases, rkhdptxphyruntimeresume may be invoked before platformsetdrvdata is executed in -probe, leading to a NULL pointer dereference when using the retu...

CVE-2024-12568

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

CVE-2024-46921

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of...

SAMSUNG Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a series of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor that stems from the UE not limiting the number of attempts for the RRC setup process in 5G SA, resulting in a denial of service...

Exploit for Improper Check for Unusual or Exceptional Conditions in Jenkins

Intro This is an exploit for CVE-2024-43044, an arbitrary fil...

CVE-2024-12717

The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12717

CVE-2024-12717 affects the Aklamator INfeed WordPress plugin (≤2.0.0); insufficient sanitization/escaping of settings can let high-privilege users (e.g., Admin) perform Stored XSS even when unfiltered_html is disallowed (e.g., multisite). Public remediation/fix details are not provided in the sup...

CVE-2024-10562 Form Maker by 10Web < 1.15.31 - Admin+ Stored XSS

The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SUSE CVE-2024-56583

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix warning in migrateenable for boosted tasks When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID...

Exploit for Improper Initialization in Linux Linux_Kernel

It is an offensive tool for Linux. The repository appears to be...

CVE-2024-11849 Pods – Custom Content Types and Fields < 3.2.8.1 - Admin+ Stored XSS

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Exploit for Race Condition in Openbsd Openssh

Summary This is essentially a statistical vulnerability: a la...

Exploit for Integer Overflow or Wraparound in Microsoft

PoC exploit for CVE-2024-49112 is uncertain. It is an offensive...

CVE-2024-13104

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch t...

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2AdvanceSetup.cgi. An attacker can exploit this vulnerability to set the 2.4...