The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-33798 | A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33797 | A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33796 | ** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter\'s only query was for the schema of the API, which is public; queries for database objects would have been denied. | -- | May 25, 2023 | n/a |
| CVE-2023-33795 | A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33794 | A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33793 | A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33792 | A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33791 | A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33790 | A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33789 | A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33788 | A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33787 | A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33786 | A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33785 | A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | -- | May 25, 2023 | n/a |
| CVE-2023-33782 | D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | -- | Jun 7, 2023 | n/a |
| CVE-2023-33781 | An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. | -- | Jun 7, 2023 | n/a |
| CVE-2023-33780 | A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article. | -- | May 26, 2023 | n/a |
| CVE-2023-33779 | A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user\'s account via a crafted POST request to the component /jobinfo/. | -- | May 26, 2023 | n/a |
| CVE-2023-33764 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/<ID>. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33763 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33762 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33761 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33751 | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php. | -- | May 25, 2023 | n/a |
| CVE-2023-33750 | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd. | -- | May 25, 2023 | n/a |
| CVE-2023-33747 | CloudPanel v2.2.2 allows attackers to execute a path traversal. | -- | Jun 6, 2023 | n/a |
| CVE-2023-33741 | Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. | -- | May 30, 2023 | n/a |
| CVE-2023-33740 | Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. | -- | May 30, 2023 | n/a |
| CVE-2023-33736 | A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. | -- | May 31, 2023 | n/a |
| CVE-2023-33735 | D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33734 | BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php. | -- | May 30, 2023 | n/a |
| CVE-2023-33733 | Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. | -- | Jun 7, 2023 | n/a |
| CVE-2023-33732 | Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33731 | Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33730 | Privilege Escalation in the GetUserCurrentPwd function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33722 | EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33720 | mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. | -- | May 26, 2023 | n/a |
| CVE-2023-33719 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp | -- | Jun 1, 2023 | n/a |
| CVE-2023-33718 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp | -- | Jun 1, 2023 | n/a |
| CVE-2023-33717 | mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes() | -- | Jun 2, 2023 | n/a |
| CVE-2023-33716 | mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. | -- | Jun 1, 2023 | n/a |
| CVE-2023-33693 | A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file. | -- | Jun 5, 2023 | n/a |
| CVE-2023-33690 | SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | -- | Jun 5, 2023 | n/a |
| CVE-2023-33684 | Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol. | -- | Jun 7, 2023 | n/a |
| CVE-2023-33675 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33673 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33672 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33671 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33670 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33669 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. | -- | Jun 2, 2023 | n/a |
| CVE-2023-33660 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack. | -- | Jun 8, 2023 | n/a |
