Search Results (364197 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-38873 1 Economizzer 1 Economizzer 2024-11-21 6.5 Medium
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
CVE-2023-38872 1 Economizzer 1 Economizzer 2024-11-21 3.7 Low
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
CVE-2023-38871 1 Economizzer 1 Economizzer 2024-11-21 5.3 Medium
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.
CVE-2023-38870 1 Economizzer 1 Economizzer 2024-11-21 9.8 Critical
A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.
CVE-2023-38866 1 Comfast 2 Cf-xr11, Cf-xr11 Firmware 2024-11-21 9.8 Critical
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.
CVE-2023-38865 1 Comfast 2 Cf-xr11, Cf-xr11 Firmware 2024-11-21 9.8 Critical
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
CVE-2023-38864 1 Comfast 2 Cf-xr11, Cf-xr11 Firmware 2024-11-21 9.8 Critical
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.
CVE-2023-38863 1 Comfast 2 Cf-xr11, Cf-xr11 Firmware 2024-11-21 9.8 Critical
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
CVE-2023-38862 1 Comfast 2 Cf-xr11, Cf-xr11 Firmware 2024-11-21 9.8 Critical
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.
CVE-2023-38861 1 Wavlink 3 Wl-wn575a3, Wl-wn575a3 Firmware, Wl Wnj575a3 2024-11-21 9.8 Critical
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.
CVE-2023-38860 1 Langchain 1 Langchain 2024-11-21 9.8 Critical
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
CVE-2023-38858 1 Faad2 Project 1 Faad2 2024-11-21 6.5 Medium
Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.
CVE-2023-38856 1 Libxls Project 1 Libxls 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411.
CVE-2023-38855 1 Libxls Project 1 Libxls 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395.
CVE-2023-38854 1 Libxls Project 1 Libxls 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296.
CVE-2023-38853 1 Libxls Project 1 Libxls 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015.
CVE-2023-38851 1 Libxls Project 1 Libxls 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.
CVE-2023-38850 1 Msweet 1 Codedoc 2024-11-21 5.5 Medium
Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent.
CVE-2023-38849 1 Linecorp 1 Line 2024-11-21 7.5 High
An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
CVE-2023-38848 1 Linecorp 1 Line 2024-11-21 7.5 High
An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.