Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-49493: DedeCMS-V5.7.111 Reflective XSS vulnerability · Issue #2 · Hebing123/cve

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.

CVE
#xss#vulnerability#git#php
CVE-2023-6588: Devolutions

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline.

CVE-2023-49437: vuln/iot/AX12/SetNetControlList-3.md at master · ef4tless/vuln

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.

CVE-2023-49428: vuln/iot/AX12/SetOnlineDevName.md at master · ef4tless/vuln

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.

CVE-2023-49426: vuln/iot/AX12/SetStaticRouteCfg.md at master · ef4tless/vuln

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.

CVE-2023-49425: vuln/iot/AX12/setMacFilterCfg.md at master · ef4tless/vuln

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .

CVE-2023-39172: Full Disclosure: Senec Inverters Home V1, V2, V3 Home & Hybrid Cleartext Transmission of Authentication Credentials

The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.

CVE-2023-49424: vuln/iot/AX12/SetVirtualServerCfg.md at master · ef4tless/vuln

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.