CVE Notify
19.3K subscribers
4 photos
203K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2023-50989
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.

🎖@cveNotify
🚨 CVE-2023-50990
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.

🎖@cveNotify
🚨 CVE-2023-50992
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.

🎖@cveNotify
🚨 CVE-2023-50470
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

🎖@cveNotify
🚨 CVE-2023-50651
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.

🎖@cveNotify
🚨 CVE-2023-37608
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.

🎖@cveNotify
🚨 CVE-2023-37607
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.

🎖@cveNotify
🚨 CVE-2023-45559
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

🎖@cveNotify
🚨 CVE-2023-50643
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.

🎖@cveNotify
🚨 CVE-2023-26998
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.

🎖@cveNotify
🚨 CVE-2023-26999
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.

🎖@cveNotify
🚨 CVE-2023-27000
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).

🎖@cveNotify
🚨 CVE-2022-28975
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.

🎖@cveNotify
🚨 CVE-2023-50128
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.

🎖@cveNotify
🚨 CVE-2023-46474
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.

🎖@cveNotify
🚨 CVE-2023-51810
SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.

🎖@cveNotify
🚨 CVE-2023-46952
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.

🎖@cveNotify
🚨 CVE-2023-51946
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.

🎖@cveNotify