CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-30061 | D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | May 6, 2023. 03:10:00 | [www.dlink.com][github.com] |
| CVE-2023-29639 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. | May 6, 2023. 03:10:00 | [github.com] |
| CVE-2023-22924 | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | May 6, 2023. 03:10:00 | [www.zyxel.com] |
| CVE-2022-35898 | OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | May 6, 2023. 03:10:00 | [hackandpwn.com][businessnetwork.opentext.com] |
| CVE-2023-26987 | An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. | May 6, 2023. 03:10:00 | [github.com][docs.google.com] |
| CVE-2023-29641 | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. | May 6, 2023. 03:09:00 | [github.com] |
| CVE-2023-25783 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions. | May 6, 2023. 03:08:00 | [patchstack.com] |
| CVE-2023-2425 | A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751. | May 6, 2023. 03:07:00 | [vuldb.com][vuldb.com] |
| CVE-2023-29635 | File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. | May 6, 2023. 03:07:00 | [github.com][github.com] |
| CVE-2023-29636 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. | May 6, 2023. 03:07:00 | [github.com] |
| CVE-2023-29637 | Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page. | May 6, 2023. 03:07:00 | [github.com] |
Page 1342 of 1342
