Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24141 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | ||||
| CVE-2023-24140 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. | ||||
| CVE-2023-24139 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. | ||||
| CVE-2023-24029 | 1 Progress | 1 Ws Ftp Server | 2025-03-26 | 7.2 High |
| In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | ||||
| CVE-2023-23636 | 1 Jellyfin | 1 Jellyfin | 2025-03-26 | 5.4 Medium |
| In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | ||||
| CVE-2023-23635 | 1 Jellyfin | 1 Jellyfin | 2025-03-26 | 5.4 Medium |
| In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | ||||
| CVE-2023-23333 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-03-26 | 9.8 Critical |
| There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | ||||
| CVE-2023-23120 | 1 Trendnet | 2 Tv-ip651wi, Tv-ip651wi Firmware | 2025-03-26 | 5.9 Medium |
| The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. | ||||
| CVE-2023-23119 | 1 Ui | 2 Af-2x, Af-2x Firmware | 2025-03-26 | 5.9 Medium |
| The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. | ||||
| CVE-2023-23088 | 1 Json-parser Project | 1 Json-parser | 2025-03-26 | 9.8 Critical |
| Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. | ||||
| CVE-2023-23087 | 1 Mojojson Project | 1 Mojojson | 2025-03-26 | 9.8 Critical |
| An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. | ||||
| CVE-2023-23086 | 1 Mojojson Project | 1 Mojojson | 2025-03-26 | 9.8 Critical |
| Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. | ||||
| CVE-2023-20619 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6762 and 22 more | 2025-03-26 | 6.7 Medium |
| In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159. | ||||
| CVE-2023-20618 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6762 and 22 more | 2025-03-26 | 6.7 Medium |
| In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184. | ||||
| CVE-2022-4321 | 1 Wpswings | 1 Pdf Generator For Wordpress | 2025-03-26 | 6.1 Medium |
| The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin | ||||
| CVE-2022-48140 | 1 Dedecms | 1 Dedecms | 2025-03-26 | 5.4 Medium |
| DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | ||||
| CVE-2022-48130 | 1 Tenda | 2 W20e, W20e Firmware | 2025-03-26 | 9.8 Critical |
| Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. | ||||
| CVE-2022-48022 | 1 Zammad | 1 Zammad | 2025-03-26 | 4.3 Medium |
| An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. | ||||
| CVE-2022-48021 | 1 Zammad | 1 Zammad | 2025-03-26 | 9.8 Critical |
| A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. | ||||
| CVE-2022-47762 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2025-03-26 | 7.5 High |
| In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. | ||||