The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2024-22722 | Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. | -- | Apr 11, 2024 | n/a |
CVE-2024-22723 | Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the media_folder parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the \'media/\' directory) to access sensitive files in other parts of the application\'s file system. | -- | Feb 28, 2024 | n/a |
CVE-2024-22724 | An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. | -- | Mar 21, 2024 | n/a |
CVE-2024-22725 | Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server\'s error reporting. | -- | Jan 24, 2024 | n/a |
CVE-2024-22727 | Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB. | -- | Feb 20, 2024 | n/a |
CVE-2024-22729 | NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | -- | Jan 25, 2024 | n/a |
CVE-2024-22733 | TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker. | -- | Nov 4, 2024 | n/a |
CVE-2024-22734 | An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components. | -- | Apr 12, 2024 | n/a |
CVE-2024-22749 | GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 | -- | Jan 25, 2024 | n/a |
CVE-2024-22751 | D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. | -- | Jan 25, 2024 | n/a |
CVE-2024-22752 | Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory. | -- | Mar 7, 2024 | n/a |
CVE-2024-22768 | Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | -- | Jan 23, 2024 | n/a |
CVE-2024-22769 | Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | -- | Jan 23, 2024 | n/a |
CVE-2024-22770 | Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | -- | Jan 23, 2024 | n/a |
CVE-2024-22771 | Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | -- | Jan 23, 2024 | n/a |
CVE-2024-22772 | Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. | -- | Jan 23, 2024 | n/a |
CVE-2024-22773 | Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | -- | Feb 6, 2024 | n/a |
CVE-2024-22774 | An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. | -- | May 14, 2024 | n/a |
CVE-2024-22776 | Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields. | -- | Feb 23, 2024 | n/a |
CVE-2024-22778 | HackMD CodiMD <2.5.2 is vulnerable to Denial of Service. | -- | Feb 22, 2024 | n/a |
CVE-2024-22779 | Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. | -- | Feb 2, 2024 | n/a |
CVE-2024-22780 | Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter. | -- | Apr 2, 2024 | n/a |
CVE-2024-22795 | Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. | -- | Feb 8, 2024 | n/a |
CVE-2024-22807 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption. | -- | Apr 22, 2024 | n/a |
CVE-2024-22808 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card\'s name in the device memory. | -- | Apr 22, 2024 | n/a |
CVE-2024-22809 | Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code\'s shared folder and view sensitive information. | -- | Apr 22, 2024 | n/a |
CVE-2024-22811 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory. | -- | Apr 22, 2024 | n/a |
CVE-2024-22813 | An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller. | -- | Apr 22, 2024 | n/a |
CVE-2024-22815 | An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands. | -- | Apr 22, 2024 | n/a |
CVE-2024-22817 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte | -- | Jan 18, 2024 | n/a |
CVE-2024-22818 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save | -- | Jan 18, 2024 | n/a |
CVE-2024-22819 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. | -- | Jan 18, 2024 | n/a |
CVE-2024-22824 | An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. | -- | Feb 20, 2024 | n/a |
CVE-2024-22830 | Anti-Cheat Expert\'s Windows kernel module ACE-BASE.sys version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level. | -- | May 1, 2024 | n/a |
CVE-2024-22836 | An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server. | -- | Feb 8, 2024 | n/a |
CVE-2024-22851 | Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | -- | Feb 2, 2024 | n/a |
CVE-2024-22852 | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload. | -- | Feb 6, 2024 | n/a |
CVE-2024-22853 | D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | -- | Feb 6, 2024 | n/a |
CVE-2024-22854 | DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form. | -- | Feb 16, 2024 | n/a |
CVE-2024-22855 | A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | -- | Jun 13, 2024 | n/a |
CVE-2024-22856 | A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests. | -- | Apr 22, 2024 | n/a |
CVE-2024-22857 | Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a check was missing in zlog_rule_new() while copying the record_name from file_path + 1 which caused the buffer overflow. An attacker can exploit this vulnerability to overwrite the zlog_record_fn record_func function pointer to get arbitrary code execution or potentially cause remote code execution (RCE). | -- | Feb 29, 2024 | n/a |
CVE-2024-22859 | Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem. | -- | Feb 1, 2024 | n/a |
CVE-2024-22860 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | -- | Jan 29, 2024 | n/a |
CVE-2024-22861 | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | -- | Jan 29, 2024 | n/a |
CVE-2024-22862 | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | -- | Jan 29, 2024 | n/a |
CVE-2024-22871 | An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function. | -- | Feb 29, 2024 | n/a |
CVE-2024-22873 | Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request. | -- | Feb 26, 2024 | n/a |
CVE-2024-22876 | StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. | -- | Jan 19, 2024 | n/a |
CVE-2024-22877 | StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened. | -- | Jan 19, 2024 | n/a |