The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-49060 | An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. | -- | Nov 21, 2023 | n/a |
| CVE-2023-49052 | File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. | -- | Nov 30, 2023 | n/a |
| CVE-2023-49047 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. | -- | Nov 27, 2023 | n/a |
| CVE-2023-49046 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. | -- | Nov 27, 2023 | n/a |
| CVE-2023-49044 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. | -- | Nov 28, 2023 | n/a |
| CVE-2023-49043 | Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. | -- | Nov 27, 2023 | n/a |
| CVE-2023-49042 | Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. | -- | Nov 27, 2023 | n/a |
| CVE-2023-49040 | An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. | -- | Nov 27, 2023 | n/a |
| CVE-2023-49030 | SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. | -- | Nov 28, 2023 | n/a |
| CVE-2023-49029 | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file. | -- | Nov 27, 2023 | n/a |
| CVE-2023-49028 | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file. | -- | Nov 27, 2023 | n/a |
| CVE-2023-48967 | Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. | -- | Dec 4, 2023 | n/a |
| CVE-2023-48966 | An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. | -- | Dec 4, 2023 | n/a |
| CVE-2023-48965 | An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | -- | Dec 4, 2023 | n/a |
| CVE-2023-48964 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48963 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48952 | An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48951 | An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48950 | An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48949 | An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48948 | An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48947 | An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48946 | An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48945 | A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | Nov 29, 2023 | n/a |
| CVE-2023-48930 | xinhu xinhuoa 2.2.1 contains a File upload vulnerability. | -- | Dec 6, 2023 | n/a |
| CVE-2023-48914 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48913 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48912 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48910 | Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. | -- | Dec 4, 2023 | n/a |
| CVE-2023-48894 | Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48893 | SQL injection vulnerability in Senayan Library Management Systems Slims 9 Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the date parameter in the staff_act.php. | -- | Dec 5, 2023 | n/a |
| CVE-2023-48887 | A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. | -- | Dec 3, 2023 | n/a |
| CVE-2023-48886 | A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. | -- | Dec 3, 2023 | n/a |
| CVE-2023-48882 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | -- | Nov 29, 2023 | n/a |
| CVE-2023-48881 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. | -- | Nov 29, 2023 | n/a |
| CVE-2023-48880 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | -- | Nov 29, 2023 | n/a |
| CVE-2023-48866 | A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim\'s cookies. | -- | Dec 4, 2023 | n/a |
| CVE-2023-48863 | SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data. | -- | Dec 4, 2023 | n/a |
| CVE-2023-48848 | An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | -- | Nov 28, 2023 | n/a |
| CVE-2023-48842 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. | -- | Dec 3, 2023 | n/a |
| CVE-2023-48815 | kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | -- | Dec 4, 2023 | n/a |
| CVE-2023-48813 | Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | -- | Dec 3, 2023 | n/a |
| CVE-2023-48812 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48811 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48810 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48808 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48807 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48806 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48805 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 | n/a |
| CVE-2023-48804 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 | n/a |
