Search Results (364922 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43232 1 Dedebiz 1 Dedebiz 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
CVE-2023-43226 1 Dedecms 1 Dedecms 2024-11-21 8.8 High
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2023-43222 1 Seacms 1 Seacms 2024-11-21 9.8 Critical
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
CVE-2023-43216 1 Seacms 1 Seacms 2024-11-21 9.8 Critical
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.
CVE-2023-43207 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-11-21 8 High
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.
CVE-2023-43206 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-11-21 8 High
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.
CVE-2023-43204 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-11-21 8 High
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter.
CVE-2023-43203 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-11-21 8 High
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.
CVE-2023-43202 1 Dlink 2 Dwl-6610ap, Dwl-6610ap Firmware 2024-11-21 8 High
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.
CVE-2023-43201 2 D-link, Dlink 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware 2024-11-21 9.8 Critical
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function.
CVE-2023-43200 2 D-link, Dlink 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware 2024-11-21 9.8 Critical
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.
CVE-2023-43199 2 D-link, Dlink 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware 2024-11-21 9.8 Critical
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.
CVE-2023-43198 2 D-link, Dlink 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware 2024-11-21 9.8 Critical
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.
CVE-2023-43197 2 D-link, Dlink 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware 2024-11-21 9.8 Critical
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.
CVE-2023-43196 2 D-link, Dlink 3 Di-7200gv2.e1, Di-7200g, Di-7200g Firmware 2024-11-21 9.8 Critical
D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.
CVE-2023-43194 1 Rcos 1 Submitty 2024-11-21 5.3 Medium
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.
CVE-2023-43193 1 Rcos 1 Submitty 2024-11-21 6.1 Medium
Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.
CVE-2023-43192 1 Jrecms 1 Springbootcms 2024-11-21 8.8 High
SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.
CVE-2023-43191 1 Jrecms 1 Springbootcms 2024-11-21 5.4 Medium
SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft
CVE-2023-43187 1 Nodebb 1 Nodebb 2024-11-21 9.8 Critical
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.