| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission. |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF). |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level. |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za. |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za. |
| Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm. |
| A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. |
| socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.
|
| A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084. |
| Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master. |
| Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Enterprise Edition 14.7-7 contain a patch for this issue. |
| tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety. |
| A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)
This vulnerability has been assigned a (CVE)ID:CVE-2023-52718 |
| Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)
This vulnerability has been assigned a (CVE)ID:CVE-2023-7266 |
| BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php. |
| Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. |
| An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. |
| An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. |
| Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. |