π¨ CVE-2023-36088
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.
π@cveNotify
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.
π@cveNotify
GitHub
GitHub - vesoft-inc/nebula-studio: NebulaGraph Web GUI Tools
NebulaGraph Web GUI Tools. Contribute to vesoft-inc/nebula-studio development by creating an account on GitHub.
π¨ CVE-2023-36361
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
π@cveNotify
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
π@cveNotify
Gist
gist:40b3b6f6729d1d0984d6ce5b6837c46b
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2023-41009
File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.
π@cveNotify
File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.
π@cveNotify
GitHub
HillstoneCVEs/CVE-2023-41009/CVE-2023-41009.md at main Β· Rabb1tQ/HillstoneCVEs
Some obtained CVE numbers have been forgotten. Now create a new repository to store the new CVE number obtained in Hillstone - Rabb1tQ/HillstoneCVEs
π¨ CVE-2023-37798
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
π@cveNotify
Cyderes
Cybersecurity Services for Modern Enterprises | Cyderes
Cyderes is a managed security services partner with an identity-first approach uniting MDR, exposure management, and IAM, keeping you Everyday Ready.
π¨ CVE-2021-27715
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.
π@cveNotify
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.
π@cveNotify
Nagarro
MoFi CVE-2021-27715 Security Advisory| Cyber Security | Nagarro
An issue discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP requests.
π¨ CVE-2023-39637
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
π@cveNotify
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
π@cveNotify
π¨ CVE-2023-41013
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
π@cveNotify
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
π@cveNotify
Medium
CVE-2023β41013
Introduction
π¨ CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
π@cveNotify
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40984 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
π@cveNotify
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40985 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40986 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40982 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
π@cveNotify
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40983 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-41595
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
π@cveNotify
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
π@cveNotify
π¨ CVE-2023-39039
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39040
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39043
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39058
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39046
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39049
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39056
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-42399
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.
π@cveNotify
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.
π@cveNotify
GitHub
CVE-2023-42399 Β· Issue #1017 Β· xdan/jodit
CVE IDοΌ CVE-2023-42399 PRODUCTοΌ JoditEditor < v.4.0.0-beta.86 DETAILSοΌ Jodit Editor v.4.0.0 beta.86 has an XSS vulnerability where the rich text editor does not completely filter out malicious X...