Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-7104 | Code Injection vulnerability in SFS Winsure Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 |
| 2024-09-16 | CVE-2024-46419 | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. | 9.8 |
| 2024-09-16 | CVE-2024-46424 | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. | 7.5 |
| 2024-09-16 | CVE-2024-46451 | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | 9.8 |
| 2024-09-16 | CVE-2024-46937 | Authorization Bypass Through User-Controlled Key vulnerability in Mfasoft Secure Authentication Server An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. | 7.5 |
| 2024-09-16 | CVE-2024-22399 | Unspecified vulnerability in Apache Seata Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. | 9.8 |
| 2024-09-16 | CVE-2024-46970 | Cross-site Scripting vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | 6.1 |
| 2024-09-16 | CVE-2024-1578 | Unspecified vulnerability in Rfideas Micard Plus BLE Firmware and Micard Plus CI Firmware The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. high complexity rfideas | 5.3 |
| 2024-09-16 | CVE-2024-39613 | Uncontrolled Search Path Element vulnerability in Mattermost Desktop Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. | 7.8 |
| 2024-09-16 | CVE-2024-45694 | Stack-based Buffer Overflow vulnerability in Dlink Dir-X4860 Firmware and Dir-X5460 Firmware The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 |