Latest critical severity Vulnerabilities

Student Information System v1.0 - Unauthenticated SQL Injection
Student Information System v1.0 - Insecure File Upload
SENEC: Storage Box V1,V2 and V3 using default credentials
SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted
WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based)
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1....
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
Tenda AX9 V22.03.01.46 is vulnerable to command injection.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.
Tenda Ax3 Firmware=16.03.12.11
Tenda AX3
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
Tenda Ax3 Firmware=16.03.12.11
Tenda AX3
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.
Mayurik Courier Management System=1.0
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and Mac...
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Asset...
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is abl...
In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL c...
Mypresta Product Tag Icons Pro<1.8.4
### Summary The `tj-actions/branch-names` GitHub Actions references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref v...
actions/tj-actions/branch-names<7.0.7
Unitronics Vision Series PLCs and HMIs use default passwords
Argument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host
Azure RTOS USBX Remote Code Execution Vulnerability
Microsoft Azure Rtos Usbx<6.3.0
Azure RTOS USBX Remote Code Execution Vulnerability
Microsoft Azure Rtos Usbx<6.3.0
Azure RTOS USBX Remote Code Execution Vulnerability
Microsoft Azure Rtos Usbx<6.3.0
Azure RTOS USBX Remote Code Execution Vulnerability
Microsoft Azure Rtos Usbx<6.3.0
Azure RTOS ThreadX Remote Code Execution Vulnerability
Microsoft Azure Rtos Threadx<6.3.0
Azure RTOS NetX Duo Remote Code Execution Vulnerability
Microsoft Azure Rtos Netx Duo<6.3.0
Azure RTOS NetX Duo Remote Code Execution Vulnerability
Microsoft Azure Rtos Netx Duo<6.3.0

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2023 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203