7.1
CVE-2024-51557 - No Rate Limiting Vulnerability in Wave 2.0
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted s…
7.1
CVE-2024-51556 - Sensitive Information Disclosure Vulnerability in Wave 2.0
This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive…
4.4
CVE-2024-10523 - Information Disclosure Vulnerability in TP-Link IoT Smart Hub
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable devi…
9.2
CVE-2024-10035 - Code Injection in BG-TEK's CoslatV3
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies Coslat…
8.3
CVE-2024-36485 - SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
7.2
CVE-2024-51661 - WordPress Media Library Assistant plugin <= 3.19 - Remote Code Execution (RCE) vulnerability
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.19.
8.3
CVE-2024-48878 - SQL Injection
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
5.9
CVE-2024-10389 - Path Traversal in Safearchive
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc
7.8
CVE-2024-38424 - Use After Free in GPS
Memory corruption during GNSS HAL process initialization.
7.8
CVE-2024-38423 - Buffer Copy Without Checking Size of Input in Graphics Linux
Memory corruption while processing GPU page table switch.