CVE Daily
← All years

All CVEs — 2023

Page 3/217.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2023-12-28
Medium

CVE-2023-7133

A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The man…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2023-7132

A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the componen…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2023-7131

A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of…

CVSS: 6.3 CWE: CWE-89
Read more
Critical

CVE-2023-7163

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information…

CVSS: 10.0 CWE: CWE-20
Read more
Medium

CVE-2023-7129

A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter…

CVSS: 5.5 CWE: CWE-89
Read more
High

CVE-2023-52082

Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` sett…

CVSS: 8.8 CWE: CWE-89
Read more
Medium

CVE-2023-52081

ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the…

CVSS: 5.3 CWE: CWE-74
Read more
Medium

CVE-2023-52079

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the…

CVSS: 6.8 CWE: CWE-674
Read more
Medium

CVE-2023-50267

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This i…

CVSS: 4.3 CWE: CWE-269
Read more
Medium

CVE-2023-7128

A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The…

CVSS: 6.3 CWE: CWE-89
Read more
Medium

CVE-2023-7127

A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno le…

CVSS: 6.3 CWE: CWE-89
Read more
Medium

CVE-2023-50470

A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVSS: 5.4 CWE: CWE-79
Read more
High

CVE-2023-46987

SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.

CVSS: 8.8 CWE: CWE-94
Read more
Medium

CVE-2023-7126

A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of…

CVSS: 6.3 CWE: CWE-89
Read more
High

CVE-2023-50855

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.This issue affects Pre* Party Resource Hints: from n/a throu…

CVSS: 7.6 CWE: CWE-89
Read more
High

CVE-2023-50854

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a b…

CVSS: 7.6 CWE: CWE-89
Read more
High

CVE-2023-50853

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets an…

CVSS: 7.6 CWE: CWE-89
Read more
High

CVE-2023-50852

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calenda…

CVSS: 7.6 CWE: CWE-89
Read more
High

CVE-2023-50851

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue a…

CVSS: 7.6 CWE: CWE-89
Read more
High

CVE-2023-50849

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool…

CVSS: 7.6 CWE: CWE-89
Read more
High

CVE-2023-50848

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0.

CVSS: 7.6 CWE: CWE-89
Read more
Medium

CVE-2023-50873

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4.

CVSS: 4.3 CWE: CWE-352
Read more
Medium

CVE-2023-50860

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Bo…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2023-50859

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2023-50858

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login L…

CVSS: 5.4 CWE: CWE-352
Read more
High

CVE-2023-50857

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation…

CVSS: 7.6 CWE: CWE-89
Read more
High

CVE-2023-50856

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Creat…

CVSS: 7.6 CWE: CWE-89
Read more
Medium

CVE-2023-50836

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28.

CVSS: 5.9 CWE: CWE-79
Read more
Medium

CVE-2023-36381

Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5.

CVSS: 6.6 CWE: CWE-502
Read more
High

CVE-2023-32795

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3.

CVSS: 8.2 CWE: CWE-502
Read more
High

CVE-2023-32513

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25…

CVSS: 7.5 CWE: CWE-502
Read more
Medium

CVE-2023-27447

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS –…

CVSS: 5.3 CWE: CWE-200
Read more
High

CVE-2023-51501

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Un…

CVSS: 7.1 CWE: CWE-79
Read more
Medium

CVE-2023-50874

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects Wor…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2023-4672

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS.This issue affects ECOP: before 32255.

CVSS: 6.1 CWE: CWE-79
Read more
Critical

CVE-2023-4671

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.This issue affects ECOP:…

CVSS: 9.8 CWE: CWE-89
Read more
High

CVE-2023-50038

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.

CVSS: 8.8 CWE: CWE-434
Read more
Medium

CVE-2023-45701

HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against…

CVSS: 4.3 CWE: CWE-209
Read more
High

CVE-2023-50692

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.

CVSS: 8.8 CWE: CWE-434
Read more
Medium

CVE-2023-49469

Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function.

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2023-46989

SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.ph…

CVSS: 7.8 CWE: CWE-89
Read more
High

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4…

CVSS: 7.8 CWE: CWE-78
Read more
High

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.

CVSS: 8.8 CWE: CWE-862
Read more
Medium

CVE-2023-49229

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about…

CVSS: 4.3 CWE: CWE-862
Read more
Medium

CVE-2023-49228

An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute…

CVSS: 6.4 CWE: CWE-798
Read more
Medium

CVE-2023-7124

A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2023-34829

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.

CVSS: 6.5 CWE: CWE-319
Read more
Medium

CVE-2023-7123

A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_me…

CVSS: 6.3 CWE: CWE-89
Read more
2023-12-27
Critical

CVE-2023-6879

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().

CVSS: 9.0 CWE: CWE-20
Read more
Medium

CVE-2023-49003

An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.

CVSS: 5.3 CWE: CWE-862
Read more
Critical

CVE-2023-49001

An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.

CVSS: 9.8 CWE: CWE-94
Read more
Critical

CVE-2023-49000

An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: t…

CVSS: 9.8 CWE: CWE-94
Read more
Medium

CVE-2023-46918

Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be levera…

CVSS: 4.6 CWE: CWE-798
Read more
Critical

CVE-2023-51084

hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method.

CVSS: 9.8 CWE: CWE-787
Read more
High

CVE-2023-51080

The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.

CVSS: 7.5 CWE: CWE-787
Read more
High

CVE-2023-51075

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the…

CVSS: 7.5 CWE: CWE-835
Read more
Critical

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.

CVSS: 9.8 CWE: CWE-94
Read more
Medium

CVE-2023-46919

Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An a…

CVSS: 6.3 CWE: CWE-798
Read more
Critical

CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perfo…

CVSS: 9.8 CWE: CWE-94
Read more
Critical

CVE-2023-43481

An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.brows…

CVSS: 9.8 CWE: CWE-94
Read more
High

CVE-2023-52075

ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing…

CVSS: 7.5 CWE: CWE-755
Read more
High

CVE-2023-40038

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID,…

CVSS: 8.8 CWE: CWE-287
Read more
High

CVE-2023-52077

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call ad…

CVSS: 8.9 CWE: CWE-863
Read more
Medium

CVE-2023-51700

Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vul…

CVSS: 6.4 CWE: CWE-502
Read more
Medium

CVE-2023-51697

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This…

CVSS: 4.3 CWE: CWE-918
Read more
Medium

CVE-2023-51665

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerabi…

CVSS: 4.3 CWE: CWE-918
Read more
High

CVE-2023-51664

tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing…

CVSS: 7.3 CWE: CWE-74
Read more
High

CVE-2023-51443

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…

CVSS: 7.5 CWE: CWE-703
Read more
Critical

CVE-2023-50255

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Exec…

CVSS: 9.3 CWE: CWE-22
Read more
Medium

CVE-2023-7116

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTT…

CVSS: 6.3 CWE: CWE-78
Read more
Medium

CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to…

CVSS: 4.7 CWE: CWE-303
Read more
High

CVE-2023-3171

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to s…

CVSS: 7.5 CWE: CWE-789
Read more
Critical

CVE-2023-6190

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.T…

CVSS: 9.8 CWE: CWE-22
Read more
2023-12-26
High

CVE-2023-52096

SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protoco…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on…

CVSS: 6.1 CWE: CWE-601
Read more
Medium

CVE-2023-48003

An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebS…

CVSS: 6.1 CWE: CWE-601
Read more
Medium

CVE-2023-6268

The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could b…

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2023-6250

The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag

CVSS: 7.5 CWE: CWE-312
Read more
Medium

CVE-2023-6166

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2023-6155

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the s…

CVSS: 5.3 CWE: CWE-287
Read more
High

CVE-2023-6114

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory…

CVSS: 7.5 CWE: CWE-552
Read more
Critical

CVE-2023-5991

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated user…

CVSS: 9.8 CWE: CWE-22
Read more
Medium

CVE-2023-5980

The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta…

CVSS: 4.8 CWE: CWE-79
Read more
High

CVE-2023-5931

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to…

CVSS: 8.8 CWE: CWE-434
Read more
High

CVE-2023-5674

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low…

CVSS: 8.8 CWE: CWE-89
Read more
High

CVE-2023-5673

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.

CVSS: 8.8 CWE: CWE-434
Read more
Medium

CVE-2023-5672

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the con…

CVSS: 6.5 CWE: CWE-22
Read more
High

CVE-2023-5645

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low…

CVSS: 8.8 CWE: CWE-89
Read more
High

CVE-2023-5644

The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to A…

CVSS: 7.6 CWE: CWE-863
Read more
High

CVE-2023-5203

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attacker…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2023-52086

resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite has…

CVSS: 8.1 CWE: CWE-434
Read more
Critical

CVE-2023-51102

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2023-51101

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2023-51100

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo .

CVSS: 9.8 CWE: CWE-78
Read more
Critical

CVE-2023-51099

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .

CVSS: 9.8 CWE: CWE-78
Read more
Critical

CVE-2023-51098

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .

CVSS: 9.8 CWE: CWE-78
Read more
Critical

CVE-2023-51097

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2023-51094

Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.

CVSS: 9.8 CWE: CWE-78
Read more
Critical

CVE-2023-51093

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2023-51092

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2023-51091

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2023-51090

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2023-51095

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.

CVSS: 9.8 CWE: CWE-787
Read more
Low

CVE-2015-10127

A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scri…

CVSS: 3.5 CWE: CWE-79
Read more
Critical

CVE-2023-51467

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

CVSS: 9.8 CWE: CWE-918
Read more
High

CVE-2023-51107

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not…

CVSS: 7.5 CWE: CWE-369
Read more
High

CVE-2023-51106

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.

CVSS: 7.5 CWE: CWE-369
Read more
High

CVE-2023-51105

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.

CVSS: 7.5 CWE: CWE-369
Read more
High

CVE-2023-51104

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.

CVSS: 7.5 CWE: CWE-369
Read more
High

CVE-2023-51103

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.

CVSS: 7.5 CWE: CWE-369
Read more
Low

CVE-2014-125109

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.ph…

CVSS: 3.5 CWE: CWE-79
Read more
High

CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.

CVSS: 8.1 CWE: CWE-863
Read more
High

CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attac…

CVSS: 7.5 CWE: CWE-200
Read more
Medium

CVE-2012-10017

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request fo…

CVSS: 4.3 CWE: CWE-352
Read more
High

CVE-2023-5180

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An…

CVSS: 7.8 CWE: CWE-787
Read more
Medium

CVE-2023-50339

Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2023-50294

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an atta…

CVSS: 6.5 CWE: CWE-312
Read more
Medium

CVE-2023-50175

Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2023-49807

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web brow…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2023-49779

Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the…

CVSS: 5.4 CWE: CWE-79
Read more