CVE Notify
19.3K subscribers
4 photos
205K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

🎖@cveNotify
🚨 CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.

🎖@cveNotify
🚨 CVE-2023-41595
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.

🎖@cveNotify
🚨 CVE-2023-39039
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

🎖@cveNotify
🚨 CVE-2023-39040
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

🎖@cveNotify
🚨 CVE-2023-39043
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

🎖@cveNotify
🚨 CVE-2023-39058
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

🎖@cveNotify
🚨 CVE-2023-39046
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

🎖@cveNotify
🚨 CVE-2023-39049
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

🎖@cveNotify
🚨 CVE-2023-39056
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

🎖@cveNotify
🚨 CVE-2023-40931
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php

🎖@cveNotify
🚨 CVE-2023-40932
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.

🎖@cveNotify
🚨 CVE-2023-40933
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.

🎖@cveNotify
🚨 CVE-2023-38887
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.

🎖@cveNotify
🚨 CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

🎖@cveNotify
🚨 CVE-2023-43141
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

🎖@cveNotify
🚨 CVE-2023-42426
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.

🎖@cveNotify
🚨 CVE-2023-43278
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.

🎖@cveNotify
🚨 CVE-2023-43232
A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

🎖@cveNotify