Skip to main content
CVE-2024-29237 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29236 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29235 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29234 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29233 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29232 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29231 MEDIUM This Month

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-29230 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29227 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-22138 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.20.47. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-25923 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.2.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-28013 MEDIUM This Month

Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-28006 MEDIUM This Month

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-31140 MEDIUM This Month

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-29897 MEDIUM This Month

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-28005 MEDIUM This Month

Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2,. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Aterm Wg1200Hs2 Firmware Aterm Wg1900Hp Firmware Aterm Wg1200Hp2 Firmware Aterm W1200Ex Ms Firmware +55
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-30421 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.4.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-2110 MEDIUM PATCH This Month

The Events Manager - Calendar, Bookings, Tickets, and more!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Events Manager
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-29240 MEDIUM This Month

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy