Search Results (362808 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-46374 1 Zentao 1 Biz 2024-11-21 6.1 Medium
ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).
CVE-2023-46373 1 Tp-link 2 Tl-wdr7660, Tl-wdr7660 Firmware 2024-11-21 9.8 Critical
TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.
CVE-2023-46371 1 Tp-link 2 Tl-wdr7660, Tl-wdr7660 Firmware 2024-11-21 9.8 Critical
TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.
CVE-2023-46370 1 Tenda 2 W18e, W18e Firmware 2024-11-21 9.8 Critical
Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.
CVE-2023-46369 1 Tenda 2 W18e, W18e Firmware 2024-11-21 9.8 Critical
Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.
CVE-2023-46363 1 Jbig2enc Project 1 Jbig2enc 2024-11-21 5.5 Medium
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.
CVE-2023-46362 1 Jbig2enc Project 1 Jbig2enc 2024-11-21 5.5 Medium
jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.
CVE-2023-46361 1 Artifex 1 Jbig2dec 2024-11-21 6.5 Medium
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.
CVE-2023-46360 1 Hardy-barth 2 Cph2 Echarge, Cph2 Echarge Firmware 2024-11-21 8.8 High
Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.
CVE-2023-46359 1 Hardy-barth 2 Cph2 Echarge, Cph2 Echarge Firmware 2024-11-21 9.8 Critical
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.
CVE-2023-46358 1 Snegurka 1 Referralbyphone 2024-11-21 9.8 Critical
In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2023-46357 1 Myprestamodules 1 Cross Selling In Modal Cart 2024-11-21 9.8 Critical
In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2023-46356 1 Blmodules 1 Csv Feeds Pro 2024-11-21 9.8 Critical
In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2023-46355 1 Blmodules 1 Csv Feeds Pro 2024-11-21 5.3 Medium
In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.
CVE-2023-46354 1 Myprestamodules 1 Orders \(csv\, Excel\) Export Pro 2024-11-21 7.5 High
In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address.
CVE-2023-46352 1 Smartmodules 1 Facebookconversiontrackingplus 2024-11-21 7.5 High
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.
CVE-2023-46348 1 Sunnytoo 1 Sturls 2024-11-21 9.8 Critical
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.
CVE-2023-46347 1 Ndkdesign 1 Ndk Steppingpack 2024-11-21 9.8 Critical
In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2023-46346 1 Myprestamodules 1 Exportproducts 2024-11-21 7.5 High
In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
CVE-2023-46345 1 Fossies 1 Catdoc 2024-11-21 7.5 High
Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.