โผ CVE-2023-24212 โผ
๐ Read
via "National Vulnerability Database".
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23295 โผ
๐ Read
via "National Vulnerability Database".
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23296 โผ
๐ Read
via "National Vulnerability Database".
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26468 โผ
๐ Read
via "National Vulnerability Database".
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23294 โผ
๐ Read
via "National Vulnerability Database".
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.๐ Read
via "National Vulnerability Database".
๐ฅ1
โผ CVE-2023-26102 โผ
๐ Read
via "National Vulnerability Database".
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype๐ Read
via "National Vulnerability Database".
โผ CVE-2022-46440 โผ
๐ Read
via "National Vulnerability Database".
ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0995 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-1607 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) รขโฌโ comcode 150047415.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2023-0994 โผ
๐ Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0996 โผ
๐ Read
via "National Vulnerability Database".
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1005 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0999 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-22427 โผ
๐ Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0997 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1002 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1006 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument lastname with the input "><script>prompt(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0998 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-22425 โผ
๐ Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-48345 โผ
๐ Read
via "National Vulnerability Database".
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1004 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.๐ Read
via "National Vulnerability Database".