Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.

MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. T…

FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.

An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack.

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: 2024-13362. Reason: This candidate is a reservation duplicate of 2024-13362. Notes: All CVE users should reference 2024-13362 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accident…

Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.