Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-16 CVE-2024-57583 Command Injection vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2025-01-16 CVE-2024-41746 IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting.
network
low complexity
CWE-79
7.2
7.2
2025-01-16 CVE-2024-57769 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57770 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57775 SQL Injection vulnerability in Jfinaloa Project Jfinaloa
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
network
low complexity
jfinaloa-project CWE-89
8.8
8.8
2025-01-16 CVE-2024-57160 Cross-Site Request Forgery (CSRF) vulnerability in 07Fly Customer Relationship Management 1.3.9
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
network
low complexity
07fly CWE-352
4.3
4.3
2025-01-16 CVE-2024-57161 Cross-Site Request Forgery (CSRF) vulnerability in 07Fly Customer Relationship Management 1.3.9
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
network
low complexity
07fly CWE-352
4.3
4.3
2025-01-16 CVE-2024-57162 SQL Injection vulnerability in Campcodes Cybercafe Management System 1.0
Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php.
network
low complexity
campcodes CWE-89
7.2
7.2
2025-01-16 CVE-2018-25108 An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
network
low complexity
CWE-770
7.5
7.5
2025-01-16 CVE-2024-12427 Missing Authorization vulnerability in Mondula Multi Step Form
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23.
network
low complexity
mondula CWE-862
5.3
5.3