VYPR

CVEs

101,963 total · page 641 of 2,040

  • CVE-2023-41610HigSep 18, 2024
    risk 0.57cvss 8.8epss 0.00

    Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.

  • CVE-2023-47105HigSep 18, 2024
    risk 0.49cvss 8.6epss 0.02

    exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

  • CVE-2024-46086HigSep 18, 2024
    risk 0.57cvss 8.8epss 0.00

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123

  • CVE-2024-5958HigSep 18, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection. This issue affects Panel: before v2.3.24.

  • CVE-2024-46598HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46597HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46596HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46595HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46594HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46593HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46592HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46591HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46590HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46589HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46588HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46586HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46585HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46584HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46583HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46582HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46581HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46580HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46571HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46568HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46567HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46566HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46565HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46564HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46561HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46560HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46559HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46558HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46557HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46556HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46555HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46554HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46553HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46552HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46551HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46550HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-45858HigSep 18, 2024
    risk 0.44cvss 7.8epss 0.00

    An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval…

  • CVE-2024-39590HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of…

  • CVE-2024-39589HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of…

  • CVE-2024-36981HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP…

  • CVE-2024-36980HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP…

  • CVE-2023-49203HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.

  • CVE-2023-28457HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.

  • CVE-2023-28456HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.

  • CVE-2023-28455HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS.

  • CVE-2023-28452HigSep 18, 2024
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the…