High
CVSS: 8.3
Yayın: 2025-01-10 22:15:27
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privil…
Medium
CVSS: 6.6
Yayın: 2025-01-10 22:15:26
A user with administrator privileges is able to retrieve authentication tokens
High
CVSS: 8.1
Yayın: 2025-01-10 22:15:26
The administrator is able to configure an insecure captive portal script
High
CVSS: 7.2
Yayın: 2025-01-10 22:15:26
A user with administrator privileges can perform command injection
Medium
CVSS: 4.6
Yayın: 2025-01-10 22:15:26
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on…
High
CVSS: 7.6
Yayın: 2025-01-10 22:15:26
A user with advanced report application access rights can perform actions for which they are not authorized
High
CVSS: 8.3
Yayın: 2025-01-10 22:15:26
Backup uploads to ETM subject to man-in-the-middle interception
Medium
CVSS: 6.4
Yayın: 2025-01-10 22:15:26
Specially constructed queries targeting ETM could discover active remote access sessions
Medium
CVSS: 6.8
Yayın: 2025-01-10 22:15:25
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
Medium
CVSS: 4.3
Yayın: 2025-01-10 21:15:13
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process bein…
Medium
CVSS: 6.5
Yayın: 2025-01-10 21:15:13
On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.
Medium
CVSS: 5.4
Yayın: 2025-01-10 21:15:13
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
Medium
CVSS: 5.4
Yayın: 2025-01-10 21:15:13
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
High
CVSS: 8.8
Yayın: 2025-01-10 21:15:12
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
Medium
CVSS: 6.5
Yayın: 2025-01-10 21:15:12
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
Medium
CVSS: 5.8
Yayın: 2025-01-10 20:15:30
On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP opti…
Medium
CVSS: 4.7
Yayın: 2025-01-10 20:15:30
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
Medium
CVSS: 6.1
Yayın: 2025-01-10 20:15:30
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup
Medium
CVSS: 4.7
Yayın: 2025-01-10 20:15:30
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function
Critical
CVSS: 9.8
Yayın: 2025-01-10 20:15:30
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This v…