Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39618 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.
CVE-2023-39617 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
CVE-2023-39616 1 Aomedia 1 Aomedia 2024-11-21 7.5 High
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
CVE-2023-39610 1 Tp-link 2 Tapo C100, Tapo C100 Firmware 2024-11-21 6.5 Medium
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.
CVE-2023-39600 1 Icewarp 1 Icewarp 2024-11-21 6.1 Medium
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2023-39598 1 Icewarp 1 Webclient 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
CVE-2023-39584 1 Hexo 1 Hexo 2024-11-21 7.5 High
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.
CVE-2023-39582 1 Chamilo 1 Chamilo Lms 2024-11-21 4.9 Medium
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
CVE-2023-39578 1 Tribalsystems 1 Zenario 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.
CVE-2023-39575 1 Isl 1 Arp-guard 2024-11-21 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-39562 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
CVE-2023-39560 1 Ectouch 1 Ectouch 2024-11-21 9.8 Critical
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.
CVE-2023-39559 1 Web-audimex 1 Audimexee 2024-11-21 5.3 Medium
AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability.
CVE-2023-39558 1 Web-audimex 1 Audimexee 2024-11-21 6.1 Medium
AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.
CVE-2023-39551 1 Phpgurukul 1 Online Security Guards Hiring System 2024-11-21 9.8 Critical
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.
CVE-2023-39550 1 Netgear 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more 2024-11-21 8.8 High
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.
CVE-2023-39549 2 Seimens, Siemens 2 Se2023, Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)
CVE-2023-39546 1 Nec 2 Expresscluster X, Expresscluster X Singleserversafe 2024-11-21 8.8 High
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
CVE-2023-39545 1 Nec 2 Expresscluster X, Expresscluster X Singleserversafe 2024-11-21 8.8 High
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
CVE-2023-39544 1 Nec 2 Expresscluster X, Expresscluster X Singleserversafe 2024-11-21 8.8 High
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.