Source
CVE
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline.
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.
The affected devices use publicly available default credentials with administrative privileges.
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .
The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.