The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-39583 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-38831. Reason: This candidate is a reservation duplicate of CVE-2023-38831. Notes: All CVE users should reference CVE-2023-38831 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Nov 7, 2023 | n/a |
| CVE-2023-39584 | Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. | -- | Sep 12, 2023 | n/a |
| CVE-2023-39598 | Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. | -- | Sep 5, 2023 | n/a |
| CVE-2023-39599 | Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | -- | Aug 22, 2023 | n/a |
| CVE-2023-39600 | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. | -- | Aug 29, 2023 | n/a |
| CVE-2023-39610 | An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | -- | Oct 31, 2023 | n/a |
| CVE-2023-39611 | An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | -- | Feb 2, 2024 | n/a |
| CVE-2023-39612 | A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL. | -- | Sep 17, 2023 | n/a |
| CVE-2023-39615 | Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\'s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. | -- | Aug 29, 2023 | n/a |
| CVE-2023-39616 | AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. | -- | Aug 29, 2023 | n/a |
| CVE-2023-39617 | TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | -- | Aug 21, 2023 | n/a |
| CVE-2023-39618 | TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. | -- | Aug 21, 2023 | n/a |
| CVE-2023-39619 | ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component. | -- | Oct 25, 2023 | n/a |
| CVE-2023-39620 | An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. | -- | Sep 12, 2023 | n/a |
| CVE-2023-39631 | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | -- | Sep 6, 2023 | n/a |
| CVE-2023-39637 | D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. | -- | Sep 12, 2023 | n/a |
| CVE-2023-39638 | D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. | -- | Sep 15, 2023 | n/a |
| CVE-2023-39639 | LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. | -- | Sep 15, 2023 | n/a |
| CVE-2023-39640 | UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | -- | Sep 26, 2023 | n/a |
| CVE-2023-39641 | Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). | -- | Sep 15, 2023 | n/a |
| CVE-2023-39642 | Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display(). | -- | Sep 15, 2023 | n/a |
| CVE-2023-39643 | Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds(). | -- | Sep 15, 2023 | n/a |
| CVE-2023-39645 | Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | -- | Oct 5, 2023 | n/a |
| CVE-2023-39646 | Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | -- | Oct 5, 2023 | n/a |
| CVE-2023-39647 | Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | -- | Oct 5, 2023 | n/a |
| CVE-2023-39648 | Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | -- | Oct 5, 2023 | n/a |
| CVE-2023-39649 | Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | -- | Oct 5, 2023 | n/a |
| CVE-2023-39650 | Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single. | -- | Aug 29, 2023 | n/a |
| CVE-2023-39651 | Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | -- | Oct 7, 2023 | n/a |
| CVE-2023-39652 | theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run(). | -- | Aug 29, 2023 | n/a |
| CVE-2023-39654 | abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. | -- | Sep 5, 2023 | n/a |
| CVE-2023-39655 | A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users\' passwords and take over their accounts. | -- | Jan 3, 2024 | n/a |
| CVE-2023-39659 | An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | -- | Aug 15, 2023 | n/a |
| CVE-2023-39660 | An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. | -- | Aug 21, 2023 | n/a |
| CVE-2023-39661 | An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. | -- | Aug 15, 2023 | n/a |
| CVE-2023-39662 | An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. | -- | Aug 15, 2023 | n/a |
| CVE-2023-39663 | Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk. | -- | Aug 29, 2023 | n/a |
| CVE-2023-39665 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39666 | D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39667 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39668 | D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39669 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39670 | Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39671 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39672 | Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39673 | Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34(). | -- | Aug 18, 2023 | n/a |
| CVE-2023-39674 | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets. | -- | Aug 18, 2023 | n/a |
| CVE-2023-39675 | SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. | -- | Sep 20, 2023 | n/a |
| CVE-2023-39676 | FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php. | -- | Sep 12, 2023 | n/a |
| CVE-2023-39677 | MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. | -- | Sep 20, 2023 | n/a |
