Show filters
675 Total Results
Displaying 41-50 of 675
Sort by:
Attacker Value
Unknown
CVE-2024-25563
Disclosure Date: November 13, 2024 (last updated February 27, 2025)
Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.
0
Attacker Value
Unknown
CVE-2024-24984
Disclosure Date: November 13, 2024 (last updated February 27, 2025)
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
0
Attacker Value
Unknown
CVE-2024-23198
Disclosure Date: November 13, 2024 (last updated February 27, 2025)
Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
0
Attacker Value
Unknown
CVE-2024-52353
Disclosure Date: November 11, 2024 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects allows DOM-Based XSS.This issue affects Christian Science Bible Lesson Subjects: from n/a through 2.0.
0
Attacker Value
Unknown
CVE-2024-50478
Disclosure Date: October 28, 2024 (last updated February 26, 2025)
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
0
Attacker Value
Unknown
CVE-2024-49629
Disclosure Date: October 20, 2024 (last updated February 26, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7.
0
Attacker Value
Unknown
CVE-2024-20470
Disclosure Date: October 02, 2024 (last updated February 26, 2025)
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials.
This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
0
Attacker Value
Unknown
CVE-2024-20393
Disclosure Date: October 02, 2024 (last updated February 26, 2025)
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.
This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.
0
Attacker Value
Unknown
CVE-2024-9355
Disclosure Date: October 01, 2024 (last updated March 05, 2025)
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
0
Attacker Value
Unknown
CVE-2024-40125
Disclosure Date: September 19, 2024 (last updated February 26, 2025)
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.
0