A vulnerability, which was classified as critical, was found in NavigateCMS up to 2.9.4. This affects the function block
of the component Backend. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
NavigateCMS up to 2.9.4 Backend block block-order sql injection
- Virtual Patching
- July 27, 2021
- 10:04 am
CVE-2024-27521 : TOTOLINK A3300R 17.0.0CU.557_B20221024 SETOPMODECFG IMPROPER AUTHENTICATION
Description TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the
CVE-2024-25002 : BOSCH NETWORK SYNCHRONIZER STANDARD UP TO 9.29 DIAGNOSTICS INTERFACE OS COMMAND INJECTION
Description Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device.
CVE-2024-2862 : LG ELECTRONICS LED ASSISTANT 2.1.65 PASSWORD IMPROPER AUTHENTICATION
Description This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED