Vulnerabilidades CVE

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerabili...

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, ...

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exch...

In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privile...

In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privile...

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows ...

The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's ide...

RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.

semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.1...

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel stora...

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.

A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter.

The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005.

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is n...

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence...

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is...

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.

Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume t...

A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.

FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.

A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parame...

A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request para...

Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of ...

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some ...

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php.

RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.

An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.

WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old passw...

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funcionar...

RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 v...

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForward function.

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.

The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php,...

An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This ...

An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possibl...

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.