4.8

CVSS3.1

CVE-2024-22247 -

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be …

πŸ“… Published: April 2, 2024, 3:49 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.4

CVSS3.1

CVE-2024-22246 -

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router…

πŸ“… Published: April 2, 2024, 3:48 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.7

CVSS3.1

CVE-2024-30248 - Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page

Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin p…

πŸ“… Published: April 2, 2024, 2:55 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2023-50313 - IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.

πŸ“… Published: April 2, 2024, 12:54 p.m. πŸ”„ Last Modified: Nov. 21, 2024, 8:36 a.m.

10

CVSS3.1

CVE-2024-2389 - Flowmon Unauthenticated Command Injection Vulnerability

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.Β  An unauthenticated userΒ can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.

πŸ“… Published: April 2, 2024, 12:22 p.m. πŸ”„ Last Modified: Dec. 16, 2025, 6:13 p.m.

7.2

CVSS3.1

CVE-2024-29949 -

There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands.

πŸ“… Published: April 2, 2024, 11:07 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.8

CVSS3.1

CVE-2024-29948 -

There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.

πŸ“… Published: April 2, 2024, 11:07 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

2.7

CVSS3.1

CVE-2024-29947 -

There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality.

πŸ“… Published: April 2, 2024, 11:06 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.8

CVSS3.1

CVE-2023-51456 -

A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg func…

πŸ“… Published: April 2, 2024, 10:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.8

CVSS3.1

CVE-2023-51455 -

A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sd…

πŸ“… Published: April 2, 2024, 10:31 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10472 of 34,919
Β« previous page Β» next page
Filters