CVE Notify
19.3K subscribers
4 photos
205K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2023-39785
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39786
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39807
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39808
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39809
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-28715
An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-38899
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39061
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-27418
A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-36088
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-36361
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-41009
File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-37798
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27715
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39637
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-41013
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

๐ŸŽ–@cveNotify