Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

941 matches found

VulnCheck KEV
VulnCheck KEVadded 2023/07/18 12:0 a.m.1 views

VulnCheck KEV: CVE-2023-26255

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system...

7.5CVSS7AI score0.47907EPSS
Exploits5References1
CNNVD
CNNVDadded 2023/07/11 12:0 a.m.3 views

Gin-Gonic Gin 安全漏洞

Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. A security vulnerability exists in Gin-Gonic Gin, which stems from the filename parameter of the Context.FileAttachment function not being cleaned up correctly...

6.5CVSS7.2AI score0.0125EPSS
Exploits0References9
OSV
OSVadded 2023/07/07 2:15 p.m.3 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

9.8CVSS5.8AI score0.01674EPSS
Exploits1References1
OSV
OSVadded 2023/07/07 2:15 p.m.2 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

9.8CVSS5.8AI score0.01674EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2023/07/07 2:15 p.m.1 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

9.8CVSS7.4AI score0.01674EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2023/07/07 2:15 p.m.2 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

9.8CVSS7.4AI score0.01674EPSS
Exploits1References2
NVD
NVDadded 2023/07/07 2:15 p.m.13 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

9.8CVSS9.8AI score0.01674EPSS
Exploits1References1
NVD
NVDadded 2023/07/07 2:15 p.m.15 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

9.8CVSS9.8AI score0.01674EPSS
Exploits1References1
Prion
Prionadded 2023/07/07 2:15 p.m.20 views

Command injection

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

7.5CVSS9.8AI score0.01674EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2023/07/07 2:15 p.m.22 views

Command injection

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

7.5CVSS9.8AI score0.01674EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2023/07/07 12:0 a.m.3 views

TOTOLINK LR350 命令注入漏洞

TOTOLINK LR350 is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK LR350 version V9.3.5u.6369B20220309. An attacker can exploit this vulnerability to conduct a command injection attack via the FileName parameter of the UploadFirmwareFile method...

9.8CVSS8.5AI score0.01674EPSS
Exploits1References2
CNNVD
CNNVDadded 2023/07/07 12:0 a.m.3 views

TOTOLINK LR350 命令注入漏洞

TOTOLINK LR350 is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK LR350 version V9.3.5u.6369B20220309. An attacker can exploit this vulnerability to conduct a command injection attack via the FileName parameter of the setUploadSetting method...

9.8CVSS8.5AI score0.01674EPSS
Exploits1References2
CVE
CVEadded 2023/07/07 12:0 a.m.41 views

CVE-2023-37149

TOTOLINK LR350 firmware version V9.3.5u.6369_B20220309 contains a command injection vulnerability in the setUploadSetting function, exploitable via the FileName parameter. CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Impacts confidentiality, integrity, and availabilit...

9.8CVSS9.7AI score0.01674EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/07/07 12:0 a.m.13 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

8AI score0.01674EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/07/07 12:0 a.m.8 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

8AI score0.01674EPSS
Exploits1References1
Cvelist
Cvelistadded 2023/07/07 12:0 a.m.25 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

10AI score0.01674EPSS
Exploits1References1
OSV
OSVadded 2023/07/04 3:15 p.m.1 views

CVE-2023-3504

A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be...

9.8CVSS5.5AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/07/04 12:0 a.m.2 views

SmartWeb Infotech Job Board 代码问题漏洞

Smartweb Infotech SmartWeb Infotech Job Board is a web solution from Smartweb Infotech. A code issue vulnerability exists in SmartWeb Infotech Job Board version 1.0, which stems from the parameter filename in the file /settings/account that can lead to unrestricted uploads...

9.8CVSS7.2AI score0.00456EPSS
Exploits0References3
0day.today
0day.todayadded 2023/07/04 12:0 a.m.231 views

POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability

Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The application does...

8.8CVSS7.1AI score0.03646EPSS
Exploits4
Positive Technologies
Positive Technologiesadded 2023/07/04 12:0 a.m.2 views

PT-2023-25110 · Smartweb Infotech · Smartweb Infotech Job Board

Name of the Vulnerable Software and Affected Versions: SmartWeb Infotech Job Board version 1.0 Description: A critical issue affects some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the filename argument leads to unrestricted upload. T...

9.8CVSS6.5AI score0.00456EPSS
Exploits0References4
Rows per page
Query Builder