7.1

CVSS3.1

CVE-2024-32878 - Use of Uninitialized Variable Vulnerability in llama.cpp

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this un…

πŸ“… Published: April 26, 2024, 8:31 p.m. πŸ”„ Last Modified: Sept. 2, 2025, 6:30 p.m.

8.8

CVSS3.1

CVE-2024-4240 - Tenda W9 formQosManageDouble_user stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This affects the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of …

πŸ“… Published: April 26, 2024, 8:31 p.m. πŸ”„ Last Modified: Jan. 27, 2025, 6:30 p.m.

8.8

CVSS3.1

CVE-2024-4239 - Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The expl…

πŸ“… Published: April 26, 2024, 8:31 p.m. πŸ”„ Last Modified: Jan. 27, 2025, 6:30 p.m.

8.8

CVSS3.1

CVE-2024-4238 - Tenda AX1806 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotel…

πŸ“… Published: April 26, 2024, 8 p.m. πŸ”„ Last Modified: Jan. 27, 2025, 6:30 p.m.

7.8

CVSS3.1

CVE-2022-48611 -

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

πŸ“… Published: April 26, 2024, 7:40 p.m. πŸ”„ Last Modified: Dec. 10, 2024, 5:47 p.m.

8.8

CVSS3.1

CVE-2024-4237 - Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exp…

πŸ“… Published: April 26, 2024, 7 p.m. πŸ”„ Last Modified: Jan. 27, 2025, 6:30 p.m.

6.4

CVSS3.1

CVE-2024-32884 - gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious c…

πŸ“… Published: April 26, 2024, 6:04 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-4236 - Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may …

πŸ“… Published: April 26, 2024, 5:31 p.m. πŸ”„ Last Modified: July 13, 2025, 11:23 a.m.

2.7

CVSS3.1

CVE-2024-4235 - Netgear DG834Gv5 Web Management Interface cleartext storage

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disc…

πŸ“… Published: April 26, 2024, 5:31 p.m. πŸ”„ Last Modified: Nov. 20, 2025, 4:32 p.m.

9.1

CVSS3.1

CVE-2024-32880 - pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.

πŸ“… Published: April 26, 2024, 5:30 p.m. πŸ”„ Last Modified: Sept. 4, 2025, 2:23 p.m.
Total resulsts: 349182
Page 10152 of 34,919
Β« previous page Β» next page
Filters