8.8
CVE-2024-1655 - ASUS WiFi Router - OS Command Injection
Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.
7.3
CVE-2024-3769 - PHPGurukul Student Record System login.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been discβ¦
7.2
CVE-2024-3778 - Ai3 QbiBot - Unrestricted File Upload
The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.
5.3
CVE-2024-3768 - PHPGurukul/itsourcecode News Portal search.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit hasβ¦
9.8
CVE-2024-3777 - Ai3 QbiBot - Broken Access Control
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.
5.3
CVE-2024-3767 - PHPGurukul News Portal edit-post.php sql injection
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed β¦
6.1
CVE-2024-3776 - Netvision airPASS - Reflected XSS
The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.
5.3
CVE-2024-3775 - aEnrich Technology a+HRD - Argument Injection
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.
5.3
CVE-2024-3774 - aEnrich Technology a+HRD - Exposure of Sensitive Data
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
6.5
CVE-2024-30840 -
A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.