CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-36493 |
Description: A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36426 |
Description: In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36295 |
Description: A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36290 |
Description: A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36272 |
Description: A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36258 |
Description: A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-35783 |
Description: A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022 SP1 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions < V2020 SP2 Update 5), SIMATIC Process Historian 2022 (All versions < V2022 SP1 Update 2), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-35278 |
Description: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request.
CVSS: MEDIUM (4.1) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-35277 |
Description: A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets
CVSS: HIGH (8.4) EPSS Score: 0.09%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-35276 |
Description: A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS: MEDIUM (5.0) EPSS Score: 0.09%
January 15th, 2025 (6 months ago)
|