CVE-2024-36789 |
Description: An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-36788 |
Description: Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-36787 |
Description: An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-36783 |
Description: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-36782 |
Description: TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-36779 |
Description: Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
EPSS Score: 0.13%
February 14th, 2025 (5 months ago)
|
CVE-2024-36775 |
Description: A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-36774 |
Description: An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-36773 |
Description: A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-36745 |
Description: An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|