CVE-2023-48249

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...

CVE-2023-48247

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48789

A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests...

CVE-2023-44860

An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request...

CVE-2023-50766

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...

CVE-2023-43890

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request...

CVE-2023-43491

An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...

CVE-2023-4884

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication...

CVE-2023-48725

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

CVE-2023-3991

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-47455

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size...

CVE-2023-34989

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

CVE-2023-34356

An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2023-34037

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests...

CVE-2023-46012

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP...

CVE-2023-30404

Aigital Wireless-N Repeater MiniRouter v0.131229 was discovered to contain a remote code execution RCE vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request...