|
256621
|
7.5 |
HIGH
Network
|
zyxel
|
zld_firmware
|
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware ver…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42058
|
2024-09-5 23:39 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256622
|
4.3 |
MEDIUM
Network
|
discourse
|
discourse_calendar
|
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious ac…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-21658
|
2024-09-5 23:39 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256623
|
5.4 |
MEDIUM
Network
|
azurecurve
|
toggle_show\/hide
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azurecurve azurecurve Toggle Show/Hide allows Stored XSS.This issue affects azurecurve Tog…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43961
|
2024-09-5 23:39 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256624
|
9.8 |
CRITICAL
Network
|
semtekyazilim
|
semtek_sempos
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects…
|
CWE-89
SQL Injection
|
CVE-2024-7078
|
2024-09-5 23:38 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256625
|
7.2 |
HIGH
Network
|
zyxel
|
zld_firmware
|
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series…
|
CWE-78
OS Command
|
CVE-2024-42059
|
2024-09-5 23:38 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256626
|
7.2 |
HIGH
Network
|
zyxel
|
zld_firmware
|
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series…
|
CWE-78
OS Command
|
CVE-2024-42060
|
2024-09-5 23:37 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256627
|
- |
|
-
|
-
|
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
|
-
|
CVE-2024-45692
|
2024-09-5 23:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256628
|
4.9 |
MEDIUM
Network
|
zyxel
|
zld_firmware
|
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series fi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-6343
|
2024-09-5 23:35 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256629
|
7.2 |
HIGH
Network
|
zyxel
|
zld_firmware
|
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an auth…
|
CWE-78
OS Command
|
CVE-2024-7203
|
2024-09-5 23:33 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256630
|
6.1 |
MEDIUM
Network
|
zyxel
|
zld_firmware
|
A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42061
|
2024-09-5 23:32 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
