Vulnerabilities (CVE)

Filtered by CWE-425
Total 168 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1798 1 Midicart 3 Midicart Php, Midicart Php Maxi, Midicart Php Plus 2024-11-20 6.4 MEDIUM 9.1 CRITICAL
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
CVE-2024-11049 2024-11-12 2.6 LOW 3.7 LOW
A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-33897 1 Hms-networks 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more 2024-10-10 N/A 9.1 CRITICAL
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
CVE-2024-45195 1 Apache 1 Ofbiz 2024-09-06 N/A 7.5 HIGH
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
CVE-2024-42001 1 Vonets 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more 2024-08-20 N/A 9.8 CRITICAL
An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.
CVE-2024-7753 1 Oretnom23 1 Clinic\'s Patient Management System 2024-08-19 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7153 2024-07-29 5.0 MEDIUM 5.3 MEDIUM
A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7080 1 Insurance Management System Project 1 Insurance Management System 2024-07-26 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability.