Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-38875: vulnerability-research/CVE-2023-38875 at main · dub-flow/vulnerability-research

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.

CVE
Open in Source
#xss#vulnerability#web#git#java#php
CVE-2023-39045: CVE-reports/CVE-2023-39045.md at main · syz913/CVE-reports

An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE-2023-40930: CVE-2023-40930

Skyworth 3.0 OS is vulnerable to Directory Traversal.

CVE-2023-43134: CVE/Netis-360R-AC1200/unauthorized access/readme.md at main · 7R4C4R/CVE

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

CVE-2023-43137: CVE/TPLINK-TL-ER5120G/command injection/01/command injection01.md at main · 7R4C4R/CVE

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.

CVE-2023-43138: CVE/TPLINK-TL-ER5120G/command injection/02/command injection02.md at main · 7R4C4R/CVE

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

CVE-2023-39052: CVE-reports/CVE-2023-39052.md at main · syz913/CVE-reports

An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE-2023-42331: Any file is uploaded to eliteCMS · Issue #2 · Num-Nine/CVE

A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.

CVE-2023-39041: CVE-reports/CVE-2023-39041.md at main · syz913/CVE-reports

An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

GHSA-279f-qwgh-h5mp: Jenkins does not exclude sensitive build variables from search

Jenkins allows filtering builds in the build history widget by specifying an expression that searches for matching builds by name, description, parameter values, etc. Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from this search. This allows attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered. Jenkins 2.424, LTS 2.414.2 excludes sensitive variables from this search.