9

CVSS3.1

CVE-2024-2692 - SiYuan 3.0.3 - RCE via Server Side XSS

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.

πŸ“… Published: April 4, 2024, 1:26 a.m. πŸ”„ Last Modified: May 19, 2025, 5:15 p.m.

7.3

CVSS3.1

CVE-2024-3273 - D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the arg…

πŸ“… Published: April 4, 2024, 1 a.m. πŸ”„ Last Modified: Oct. 30, 2025, 7:53 p.m.

9.8

CVSS3.1

CVE-2024-3272 - D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The ma…

πŸ“… Published: April 4, 2024, 1 a.m. πŸ”„ Last Modified: Oct. 30, 2025, 7:52 p.m.

4.3

CVSS3.1

CVE-2024-29225 -

WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.

πŸ“… Published: April 4, 2024, 12:04 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.1

CVSS3.1

CVE-2024-26258 -

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.

πŸ“… Published: April 4, 2024, 12:03 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-25568 -

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1…

πŸ“… Published: April 4, 2024, 12:02 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-29167 -

SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-28520 -

File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain sensitive information via the uploadfile.php component.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.9

CVSS3.1

CVE-2024-30260 - Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, str…

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2025, 5:15 p.m.

4.7

CVSS3.1

CVE-2023-25200 -

An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10436 of 34,919
Β« previous page Β» next page
Filters