Total
4456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4977 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A | 5.4 MEDIUM |
| Code Injection in GitHub repository librenms/librenms prior to 23.9.0. | |||||
| CVE-2023-4291 | 1 Frauscher | 1 Frauscher Diagnostic System 101 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device. | |||||
| CVE-2023-49830 | 1 Brainstormforce | 1 Astra | 2024-11-21 | N/A | 9.9 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. | |||||
| CVE-2023-49391 | 1 Free5gc | 1 Free5gc | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. | |||||
| CVE-2023-49314 | 2 Apple, Asana | 2 Macos, Desktop | 2024-11-21 | N/A | 7.8 HIGH |
| Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack. | |||||
| CVE-2023-49313 | 1 Horsicq | 1 Xmachoviewer | 2024-11-21 | N/A | 9.8 CRITICAL |
| A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data. | |||||
| CVE-2023-49004 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. | |||||
| CVE-2023-49001 | 1 Indibrowser | 1 Indi Browser | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. | |||||
| CVE-2023-49000 | 1 Artistscope | 1 Artisbrowser | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3. | |||||
| CVE-2023-48699 | 1 Ubertidavide | 1 Fastbots | 2024-11-21 | N/A | 8.4 HIGH |
| fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above. | |||||
| CVE-2023-48643 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta's fork. | |||||
| CVE-2023-48390 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service. | |||||
| CVE-2023-48226 | 1 Openreplay | 1 Openreplay | 2024-11-21 | N/A | 6.5 MEDIUM |
| OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available. | |||||
| CVE-2023-48192 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. | |||||
| CVE-2023-47883 | 1 Vladymix | 1 Tv Browser | 2024-11-21 | N/A | 9.8 CRITICAL |
| The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. | |||||
| CVE-2023-47840 | 1 Qodeinteractive | 1 Qode Essential Addons | 2024-11-21 | N/A | 9.9 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | |||||
| CVE-2023-47444 | 1 Opencart | 1 Opencart | 2024-11-21 | N/A | 8.8 HIGH |
| An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | |||||
| CVE-2023-47397 | 1 Webidsupport | 1 Webid | 2024-11-21 | N/A | 9.8 CRITICAL |
| WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | |||||
| CVE-2023-47003 | 1 Redislabs | 1 Redisgraph | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | |||||
| CVE-2023-46987 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 8.8 HIGH |
| SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | |||||