8.8

CVSS3.1

CVE-2024-4246 - Tenda i21 formQosManageDouble_auto stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 wa…

πŸ“… Published: April 27, 2024, 8:31 a.m. πŸ”„ Last Modified: Jan. 27, 2025, 6:28 p.m.

8.8

CVSS3.1

CVE-2024-4245 - Tenda i21 formQosManageDouble_user stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of thi…

πŸ“… Published: April 27, 2024, 7:31 a.m. πŸ”„ Last Modified: Jan. 27, 2025, 6:28 p.m.

2.7

CVSS3.1

CVE-2024-3034 - BackUpWordPress <= 3.13 - Authenticated (Admin+) Directory Traversal

The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the co…

πŸ“… Published: April 27, 2024, 4:33 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2838 - WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scr…

The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_sav…

πŸ“… Published: April 27, 2024, 3:33 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.4

CVSS3.1

CVE-2024-2258 - Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This…

πŸ“… Published: April 27, 2024, 3:33 a.m. πŸ”„ Last Modified: April 8, 2026, 7:21 p.m.

6.8

CVSS3.1

CVE-2024-2859 - By default, SANnav OVA is shipped with root user login enabled (CVE-2024-2859)

By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.

πŸ“… Published: April 27, 2024, 12:06 a.m. πŸ”„ Last Modified: Sept. 2, 2025, 6:31 p.m.

5.5

CVSS3.1

CVE-2023-52722 - ghostscript: eexec seeds other than the Type 1 standard are allowed while using SAFER mode

An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.

πŸ“… Published: April 27, 2024, midnight πŸ”„ Last Modified: June 23, 2025, 6:35 p.m.

7.7

CVSS3.1

CVE-2022-48685 -

An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation.

πŸ“… Published: April 27, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 7:15 p.m.

4.3

CVSS3.1

CVE-2024-33851 -

phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.)

πŸ“… Published: April 27, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.4

CVSS3.1

CVE-2022-48684 -

An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute …

πŸ“… Published: April 27, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 7:06 p.m.
Total resulsts: 349182
Page 10150 of 34,919
Β« previous page Β» next page
Filters