Security Vulnerabilities - CVEs Published In July 2024
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.
CVSS Score
2.7
EPSS Score
0.001
Published
2024-07-16
ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-07-16
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.
CVSS Score
9.3
EPSS Score
0.002
Published
2024-07-16
An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality.
CVSS Score
9.8
EPSS Score
0.013
Published
2024-07-16
This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server.
This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE
See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives).
This vulnerability was reported via our Bug Bounty program.
CVSS Score
7.3
EPSS Score
0.003
Published
2024-07-16
An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-07-16
Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website.
CVSS Score
7.4
EPSS Score
0.002
Published
2024-07-16
SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-07-16
Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-07-16
open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-07-16