6.8

CVSS3.1

CVE-2023-51454 -

A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in t…

πŸ“… Published: April 2, 2024, 10:28 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3

CVSS3.1

CVE-2023-51453 -

A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the process_push_file function implemented in the libv2_s…

πŸ“… Published: April 2, 2024, 10:28 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3

CVSS3.1

CVE-2023-51452 -

A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pull_file_v2_proc function implemented in the libv2_s…

πŸ“… Published: April 2, 2024, 10:28 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.6

CVSS3.1

CVE-2023-6951 -

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction wit…

πŸ“… Published: April 2, 2024, 10:28 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3

CVSS3.1

CVE-2023-6950 -

An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself.

πŸ“… Published: April 2, 2024, 10:27 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.2

CVSS3.1

CVE-2023-6949 -

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authenticati…

πŸ“… Published: April 2, 2024, 10:27 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3

CVSS3.1

CVE-2023-6948 -

A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf function implemented in t…

πŸ“… Published: April 2, 2024, 10:27 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.3

CVSS3.1

CVE-2024-2745 - Rapid7 InsightVM Sensitive Information Exposure via URL

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded.Β  This vulnerability allows attackers to acquire sensitive in…

πŸ“… Published: April 2, 2024, 9:51 a.m. πŸ”„ Last Modified: Feb. 25, 2025, 6:36 p.m.

6.4

CVSS3.1

CVE-2024-1946 - Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Content

The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, t…

πŸ“… Published: April 2, 2024, 9:32 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-1807 - Product Sort and Display for WooCommerce <= 2.4.1 - Missing Authorization

The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated att…

πŸ“… Published: April 2, 2024, 9:32 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10473 of 34,919
Β« previous page Β» next page
Filters