Search
Search Results (865 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10654 | 1 Totolink | 1 Lr350 | 2024-11-05 | 5.3 Medium |
| A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-47904 | 1 Siemens | 4 Intermesh 7177 Hybrid2.0 Subscriber, Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber and 1 more | 2024-10-30 | 7.8 High |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges. | ||||
| CVE-2024-47653 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | 6.5 Medium |
| This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users. | ||||
| CVE-2024-48941 | 1 Syracom | 1 Secure Login | 2024-10-11 | 9.1 Critical |
| The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted. | ||||
| CVE-2024-8253 | 1 Pickplugins | 1 Post Grid | 2024-09-25 | 8.8 High |
| The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator. | ||||