Search Results (364353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39680 1 Sollace 1 Unicopia 2024-11-21 7.5 High
Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code.
CVE-2023-39678 1 Bdcom 3 Olt P3310d-2ac, P3310d-2ac, P3310d-2ac Firmware 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
CVE-2023-39676 1 Fieldthemes 1 Fieldpopupnewsletter 2024-11-21 6.1 Medium
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
CVE-2023-39674 2 D-link, Dlink 3 Dir-880l, Dir-880l A1, Dir-880l A1 Firmware 2024-11-21 9.8 Critical
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets.
CVE-2023-39673 1 Tenda 2 Ac15, Ac15 Firmware 2024-11-21 9.8 Critical
Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().
CVE-2023-39672 1 Tenda 2 Wh450a, Wh450a Firmware 2024-11-21 9.8 Critical
Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets.
CVE-2023-39671 2 D-link, Dlink 3 Dir-880l, Dir-880l A1, Dir-880l A1 Firmware 2024-11-21 9.8 Critical
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68.
CVE-2023-39670 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets.
CVE-2023-39669 2 D-link, Dlink 3 Dir-880l, Dir-880l A1, Dir-880l A1 Firmware 2024-11-21 7.5 High
D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824.
CVE-2023-39668 2 D-link, Dlink 3 Dir-868l, Dir-868l, Dir-868l Firmware 2024-11-21 9.8 Critical
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function.
CVE-2023-39667 2 D-link, Dlink 3 Dir-868l Firmware, Dir-868l, Dir-868l Firmware 2024-11-21 9.8 Critical
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function.
CVE-2023-39666 2 D-link, Dlink 3 Dir-842, Dir-842, Dir-842 Firmware 2024-11-21 9.8 Critical
D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters.
CVE-2023-39665 2 D-link, Dlink 3 Dir-868l, Dir-868l, Dir-868l Firmware 2024-11-21 9.8 Critical
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter.
CVE-2023-39663 1 Mathjax 1 Mathjax 2024-11-21 7.5 High
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.
CVE-2023-39662 1 Llamaindex Project 1 Llamaindex 2024-11-21 9.8 Critical
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.
CVE-2023-39661 1 Gabrieleventuri 1 Pandasai 2024-11-21 9.8 Critical
An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.
CVE-2023-39660 1 Gabrieleventuri 1 Pandasai 2024-11-21 9.8 Critical
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.
CVE-2023-39659 1 Langchain 1 Langchain 2024-11-21 9.8 Critical
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
CVE-2023-39654 1 Abuquant 1 Abupy 2024-11-21 9.8 Critical
abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict.
CVE-2023-39652 1 Themevolty 1 Theme Volty Video Tab 2024-11-21 9.8 Critical
theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().