8.8

CVSS3.1

CVE-2024-1655 - ASUS WiFi Router - OS Command Injection

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.

πŸ“… Published: April 15, 2024, 4:01 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.3

CVSS3.1

CVE-2024-3769 - PHPGurukul Student Record System login.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disc…

πŸ“… Published: April 15, 2024, 4 a.m. πŸ”„ Last Modified: Feb. 28, 2025, 6:13 p.m.

7.2

CVSS3.1

CVE-2024-3778 - Ai3 QbiBot - Unrestricted File Upload

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.

πŸ“… Published: April 15, 2024, 3:41 a.m. πŸ”„ Last Modified: April 8, 2025, 4:31 p.m.

5.3

CVSS4.0

CVE-2024-3768 - PHPGurukul/itsourcecode News Portal search.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has…

πŸ“… Published: April 15, 2024, 3:31 a.m. πŸ”„ Last Modified: April 8, 2025, 4:30 p.m.

9.8

CVSS3.1

CVE-2024-3777 - Ai3 QbiBot - Broken Access Control

The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.

πŸ“… Published: April 15, 2024, 3:26 a.m. πŸ”„ Last Modified: April 8, 2025, 4:31 p.m.

5.3

CVSS4.0

CVE-2024-3767 - PHPGurukul News Portal edit-post.php sql injection

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed …

πŸ“… Published: April 15, 2024, 3 a.m. πŸ”„ Last Modified: Sept. 27, 2025, 12:34 a.m.

6.1

CVSS3.1

CVE-2024-3776 - Netvision airPASS - Reflected XSS

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.

πŸ“… Published: April 15, 2024, 2:58 a.m. πŸ”„ Last Modified: April 8, 2025, 4:31 p.m.

5.3

CVSS3.1

CVE-2024-3775 - aEnrich Technology a+HRD - Argument Injection

aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.

πŸ“… Published: April 15, 2024, 2:41 a.m. πŸ”„ Last Modified: April 8, 2025, 4:30 p.m.

5.3

CVSS3.1

CVE-2024-3774 - aEnrich Technology a+HRD - Exposure of Sensitive Data

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.

πŸ“… Published: April 15, 2024, 2:14 a.m. πŸ”„ Last Modified: Nov. 17, 2025, 6:53 p.m.

6.5

CVSS3.1

CVE-2024-30840 -

A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 14, 2025, 1:40 p.m.
Total resulsts: 349182
Page 10299 of 34,919
Β« previous page Β» next page
Filters