Show filters
285 Total Results
Displaying 21-30 of 285
Sort by:
Attacker Value
Unknown

CVE-2024-46382

Disclosure Date: September 19, 2024 (last updated September 26, 2024)
A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java.
Attacker Value
Unknown

CVE-2024-20381

Disclosure Date: September 11, 2024 (last updated October 09, 2024)
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.  This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.
Attacker Value
Unknown

CVE-2024-8568

Disclosure Date: September 08, 2024 (last updated September 17, 2024)
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Attacker Value
Unknown

CVE-2023-43078

Disclosure Date: August 28, 2024 (last updated December 20, 2024)
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
Attacker Value
Unknown

CVE-2024-8105

Disclosure Date: August 26, 2024 (last updated August 27, 2024)
A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised.
0
Attacker Value
Unknown

CVE-2024-20416

Disclosure Date: July 17, 2024 (last updated July 18, 2024)
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.
0
Attacker Value
Unknown

CVE-2024-6452

Disclosure Date: July 02, 2024 (last updated July 03, 2024)
A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235.
0
Attacker Value
Unknown

CVE-2024-0158

Disclosure Date: July 02, 2024 (last updated August 01, 2024)
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges
Attacker Value
Unknown

CVE-2024-2003

Disclosure Date: June 21, 2024 (last updated June 21, 2024)
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.
0
Attacker Value
Unknown

CVE-2024-5403

Disclosure Date: May 27, 2024 (last updated January 05, 2025)
ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server.
0