CVE Notify
19.3K subscribers
4 photos
205K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2021-27715
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.

πŸŽ–@cveNotify
🚨 CVE-2023-39637
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.

πŸŽ–@cveNotify
🚨 CVE-2023-41013
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.

πŸŽ–@cveNotify
🚨 CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.

πŸŽ–@cveNotify
🚨 CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

πŸŽ–@cveNotify
🚨 CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.

πŸŽ–@cveNotify
🚨 CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

πŸŽ–@cveNotify
🚨 CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

πŸŽ–@cveNotify
🚨 CVE-2023-41595
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.

πŸŽ–@cveNotify
🚨 CVE-2023-39039
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

πŸŽ–@cveNotify
🚨 CVE-2023-39040
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

πŸŽ–@cveNotify
🚨 CVE-2023-39043
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

πŸŽ–@cveNotify
🚨 CVE-2023-39058
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

πŸŽ–@cveNotify
🚨 CVE-2023-39046
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

πŸŽ–@cveNotify
🚨 CVE-2023-39049
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

πŸŽ–@cveNotify
🚨 CVE-2023-39056
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

πŸŽ–@cveNotify
🚨 CVE-2023-40931
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php

πŸŽ–@cveNotify
🚨 CVE-2023-40932
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.

πŸŽ–@cveNotify
🚨 CVE-2023-40933
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.

πŸŽ–@cveNotify