Search Results (364922 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43270 1 Dst-admin Project 1 Dst-admin 2024-11-21 9.8 Critical
dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.
CVE-2023-43269 1 Pigcms 1 Pigcms 2024-11-21 9.8 Critical
pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.
CVE-2023-43268 1 Deyue Remote Vehicle Management System Project 1 Deyue Remote Vehicle Management System 2024-11-21 8.8 High
Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.
CVE-2023-43267 1 Emlog 1 Emlog 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.
CVE-2023-43263 1 Froala 1 Froala Editor 2024-11-21 6.1 Medium
A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.
CVE-2023-43260 1 Milesight 15 Ur32, Ur32 Firmware, Ur32l and 12 more 2024-11-21 6.1 Medium
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
CVE-2023-43256 1 Gladysassistant 1 Gladys Assistant 2024-11-21 6.5 Medium
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.
CVE-2023-43252 1 Xnview 1 Nconvert 2024-11-21 7.8 High
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file.
CVE-2023-43251 1 Xnview 1 Nconvert 2024-11-21 7.8 High
XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVE-2023-43250 1 Xnview 1 Nconvert 2024-11-21 7.8 High
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
CVE-2023-43242 1 Dlink 3 Dir-816 A2 Firmware, Dir-816a2, Dir-816a2 Firmware 2024-11-21 8.8 High
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.
CVE-2023-43241 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-11-21 9.8 Critical
D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.
CVE-2023-43240 2 D-link, Dlink 3 Dir-816 A2, Dir-816 A2, Dir-816 A2 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.
CVE-2023-43239 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2024-11-21 8.8 High
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.
CVE-2023-43238 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2024-11-21 8.8 High
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.
CVE-2023-43237 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2024-11-21 8.8 High
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.
CVE-2023-43236 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2024-11-21 8.8 High
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.
CVE-2023-43235 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2024-11-21 9.8 Critical
D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.
CVE-2023-43234 1 Dedebiz 1 Dedebiz 2024-11-21 9.8 Critical
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
CVE-2023-43233 1 Yzncms 1 Yzncms 2024-11-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.