Skip to main content
CVE-2024-41592 HIGH POC This Week

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Vigor2952 Firmware Vigor2620 Firmware Vigor2915 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
1.4%
CVE-2024-39755 HIGH POC This Week

A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Anka Build Cloud
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-41922 HIGH POC This Week

A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Anka Build Cloud
NVD
CVSS 3.1
7.5
EPSS
8.1%
CVE-2024-41163 HIGH POC THREAT This Week

A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Anka Build Cloud
NVD
CVSS 3.1
7.5
EPSS
52.5%
CVE-2024-41589 HIGH This Week

DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vigor3910 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-9313 HIGH PATCH This Week

Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authd
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-42417 HIGH This Week

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 4.0
8.7
EPSS
6.8%
CVE-2024-41987 HIGH This Week

The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2023-37822 HIGH This Week

The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Homebase 2 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-46658 HIGH This Week

Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.0
EPSS
23.7%
CVE-2024-41596 HIGH This Week

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41595 HIGH This Week

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41590 HIGH This Week

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Vigor2765 Firmware Vigor2763 Firmware Vigor2135 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41588 HIGH This Week

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41586 HIGH This Week

A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Vigor3910 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-42415 HIGH This Week

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Libgsf
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-36474 HIGH This Week

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Libgsf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-47136 HIGH This Week

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Kostac Plc
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-47135 HIGH This Week

Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stack Overflow RCE Kostac Plc
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-47134 HIGH This Week

Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Memory Corruption Kostac Plc Programming Software
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41594 HIGH This Week

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware +21
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-5803 HIGH This Week

The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47614 HIGH PATCH This Week

async-graphql is a GraphQL server library implemented in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8352 HIGH PATCH This Week

The Social Web Suite - Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal WordPress Social Web Suite
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy