Skip to main content
CVE-2024-42681 HIGH POC PATCH This Week

Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-42676 HIGH POC This Week

File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Enterprise Resource Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-7832 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dns 120 Firmware Dnr 202L Firmware Dns 315L Firmware +17
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
2.1%
CVE-2024-7831 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dns 120 Firmware Dnr 202L Firmware Dns 315L Firmware +17
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.8%
CVE-2024-7830 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dns 120 Firmware Dnr 202L Firmware Dns 315L Firmware +17
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.8%
CVE-2024-7829 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dns 120 Firmware Dnr 202L Firmware Dns 315L Firmware +17
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.8%
CVE-2024-7828 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dns 120 Firmware Dnr 202L Firmware Dns 315L Firmware +17
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
16.2%
CVE-2024-43373 HIGH POC PATCH This Week

webcrack is a tool for reverse engineering javascript. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Node.js Path Traversal RCE Microsoft Webcrack
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-42679 HIGH POC This Week

SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Super Easy Enterprise Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42987 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Tenda Denial Of Service +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-42986 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42985 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42984 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42983 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42982 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42981 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42980 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42979 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42977 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42976 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42974 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42973 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42969 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42968 HIGH POC This Week

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42955 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42954 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42953 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42952 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42951 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42950 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42949 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42948 HIGH POC THREAT This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
10.7%
CVE-2024-42946 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42945 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42944 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42943 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42942 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42941 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42940 HIGH POC This Week

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-22218 HIGH This Week

XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XXE
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-43357 HIGH This Week

ECMA-262 is the language specification for the scripting language ECMAScript. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Mozilla
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-6456 HIGH This Week

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-7628 HIGH PATCH This Week

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Apple WordPress Google Mstore Api
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-7624 HIGH PATCH This Week

The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Zephyr Project Manager
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-34743 HIGH PATCH This Week

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34741 HIGH PATCH This Week

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34740 HIGH PATCH This Week

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34739 HIGH PATCH This Week

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34738 HIGH PATCH This Week

In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34737 HIGH PATCH This Week

In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy