The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-30858 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. | -- | Apr 2, 2024 |
| CVE-2024-30859 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php. | -- | Apr 2, 2024 |
| CVE-2024-30860 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php. | -- | Apr 2, 2024 |
| CVE-2024-30861 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php. | -- | Apr 2, 2024 |
| CVE-2024-30862 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php. | -- | Apr 2, 2024 |
| CVE-2024-30863 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php. | -- | Apr 2, 2024 |
| CVE-2024-30864 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php. | -- | Apr 1, 2024 |
| CVE-2024-30865 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php. | -- | Apr 1, 2024 |
| CVE-2024-30866 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php. | -- | Apr 1, 2024 |
| CVE-2024-30867 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php. | -- | Apr 2, 2024 |
| CVE-2024-30868 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. | -- | Apr 1, 2024 |
| CVE-2024-30870 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php. | -- | Apr 1, 2024 |
| CVE-2024-30871 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php. | -- | Apr 1, 2024 |
| CVE-2024-30872 | netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php. | -- | Apr 1, 2024 |
| CVE-2024-30878 | A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | -- | Apr 11, 2024 |
| CVE-2024-30879 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. | -- | Apr 11, 2024 |
| CVE-2024-30880 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function. | -- | Apr 11, 2024 |
| CVE-2024-30883 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function. | -- | Apr 11, 2024 |
| CVE-2024-30884 | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | -- | Apr 11, 2024 |
| CVE-2024-30885 | Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . | -- | Apr 11, 2024 |
| CVE-2024-30886 | A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. | -- | Apr 23, 2024 |
| CVE-2024-30890 | Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component. | -- | Apr 25, 2024 |
| CVE-2024-30891 | A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. | -- | Apr 5, 2024 |
| CVE-2024-30915 | An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component. | -- | Apr 11, 2024 |
| CVE-2024-30916 | An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component. | LOW | Apr 11, 2024 |
| CVE-2024-30917 | An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | LOW | Apr 11, 2024 |
| CVE-2024-30920 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | -- | Apr 18, 2024 |
| CVE-2024-30921 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. | -- | Apr 18, 2024 |
| CVE-2024-30922 | SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. | -- | Apr 18, 2024 |
| CVE-2024-30923 | SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | -- | Apr 18, 2024 |
| CVE-2024-30924 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component. | -- | Apr 18, 2024 |
| CVE-2024-30925 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. | -- | Apr 18, 2024 |
| CVE-2024-30926 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. | -- | Apr 18, 2024 |
| CVE-2024-30927 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. | -- | Apr 18, 2024 |
| CVE-2024-30928 | SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via \'classids\' Parameter in ajax/query.slide.next.inc | -- | Apr 18, 2024 |
| CVE-2024-30929 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the \'back\' Parameter in playlist.php | -- | Apr 18, 2024 |
| CVE-2024-30938 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. | -- | Apr 19, 2024 |
| CVE-2024-30939 | An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. | -- | Apr 25, 2024 |
| CVE-2024-30946 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php. | -- | Apr 2, 2024 |
| CVE-2024-30950 | A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php. | -- | Apr 17, 2024 |
| CVE-2024-30951 | FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. | -- | Apr 17, 2024 |
| CVE-2024-30952 | A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action. | -- | Apr 17, 2024 |
| CVE-2024-30953 | A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module. | -- | Apr 17, 2024 |
| CVE-2024-30965 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php. | -- | Apr 2, 2024 |
| CVE-2024-30973 | An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. | -- | May 7, 2024 |
| CVE-2024-30974 | SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter. | -- | Apr 22, 2024 |
| CVE-2024-30977 | An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. | -- | Apr 8, 2024 |
| CVE-2024-30979 | Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php. | -- | Apr 17, 2024 |
| CVE-2024-30980 | SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page. | -- | Apr 17, 2024 |
| CVE-2024-30981 | SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL. | -- | Apr 17, 2024 |
