CVE Notify
19.3K subscribers
4 photos
205K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2023-38899
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39061
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2020-27418
A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-36088
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-36361
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-41009
File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-37798
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2021-27715
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39637
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-41013
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-41595
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39039
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-39040
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

๐ŸŽ–@cveNotify