CVE-2024-54658 |
Description: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
EPSS Score: 0.07%
February 11th, 2025 (5 months ago)
|
CVE-2024-48170 |
Description: PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.
EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
CVE-2024-47226 |
Description: A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties have disputed this as not a vulnerability. It is argued that the configuration revision banner feature is meant to contain unsanitized HTML in order to display notifications to users. Since these fields are intended to display unsanitized HTML, this is working as intended.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
CVE-2024-46948 |
Description: Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
CVE-2024-46437 |
Description: A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
CVE-2024-46436 |
Description: Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
CVE-2024-46435 |
Description: A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
CVE-2024-46434 |
Description: Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
CVE-2024-46433 |
Description: A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
CVE-2024-46432 |
Description: Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|