CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-34204

Description: TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34203

Description: TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34202

Description: TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34201

Description: TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34200

Description: TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34199

Description: TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34196

Description: Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34193

Description: smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34191

Description: htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-34161

Description: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (5 months ago)