7.8
CVE-2024-28729 -
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.
5.8
CVE-2024-23983 - Access rules for PingAccess may be circumvented with URL-encoded characters
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
0.0
CVE-2024-11105 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.3
CVE-2024-51484 - Insufficient Validation in Controllers (Activation/Deactivation) in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to chanβ¦
5.3
CVE-2024-51485 - Insufficient Validation in Plugins (Activation/Deactivation) in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change wβ¦
5.5
CVE-2024-51486 - Stored Cross-Site Scripting in Ampache
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URLβ-βFavicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript.β¦
5.3
CVE-2024-51487 - Insufficient Validation in Catalog (Activation/Deactivation) in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change wβ¦
5.3
CVE-2024-51488 - Insufficient Validation in Delete Message in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any useβ¦
5.3
CVE-2024-51489 - Insufficient Message Token Validation in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messagesβ¦
5.5
CVE-2024-51490 - Stored Cross-Site Scripting in Ampache
Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This β¦