CVE-2024-8890

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-201
View all →

Vulnerability Description

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established.

Related Vulnerabilities

CVE-2023-48240

HIGH
CVSS:8.8(High)

XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki req...

CWE-2012023

CVE-2021-26566

CRITICAL
CVSS:9.0(Critical)

Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary command...

CWE-2012021

CVE-2025-48749

CRITICAL
CVSS:9.1(Critical)

Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.

CWE-2012025

CVE-2025-3529

HIGH
CVSS:8.2(High)

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible...

CWE-2012025

CVE-2024-25148

HIGH
CVSS:8.1(High)

In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter ...

CWE-2012024

CVE-2018-17245

CRITICAL
CVSS:9.8(Critical)

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintex...

CWE-2012018