256 matches found
CVE-2023-6838
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...
CVE-2023-6838
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...
PT-2023-9020 · Tp Link · Eap115 +1
Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...
PT-2023-9011 · Tp Link · Tp-Link Ac1350 Wireless Mu-Mimo Gigabit Access Point +1
Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a...
PT-2023-9019 · Tp Link · Eap225 V3 +1
Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...
PYSEC-2023-272
The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...
PT-2023-9037
Name of the Vulnerable Software and Affected Versions webOS versions 5 and 6 webOS versions 5.5.0 - 04.50.51 webOS version 6.3.3-442 Description A command injection vulnerability exists in the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint. This vulnerability can be...
PT-2023-9036
Name of the Vulnerable Software and Affected Versions webOS versions 4 through 7 Description A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service. This vulnerability can be triggered by a series of specially crafted...
PT-2023-9035
Name of the Vulnerable Software and Affected Versions webOS versions 5 through 7 webOS version 5.5.0 - 04.50.51 webOS version 6.3.3-442 webOS version 7.3.1-43 Description A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service...
PT-2023-9141 · Owlet · Owlet Cam
Name of the Vulnerable Software and Affected Versions: Owlet Cam versions v1 and v2 Description: A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated...
CVE-2023-34354
A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...
PT-2023-21086 · Peplink · Peplink Surf Soho
Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: An OS command injection issue exists in the admin.cgi USSD send functionality. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request...
PT-2023-24835 · Peplink · Peplink Surf Soho
Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: A stored cross-site scripting XSS issue exists in the upload brand.cgi functionality. This allows an attacker to execute arbitrary javascript in another user's browser by making a specially...
CVE-2023-37552
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server...
CVE-2023-26051 Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...
DEBIAN-CVE-2022-3294
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...
Input validation
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...
SUSE CVE-2022-29238
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...
COMFAST CF-WR6110N 授权问题漏洞
COMFAST CF-WR6110N is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in the COMFAST CF-WR6110N version V2.3.1, which originates from incorrect access control and allows a remote attacker on the same network to perform any HTTP request to an unauthenticate...