CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/01/09 11:0 p.m.•29 views

CVE-2024-0352 Likeshop HTTP POST Request File.php userFormImage unrestricted upload

7.5CVSS9.8AI score0.70688EPSS

CVE•added 2024/01/09 11:0 p.m.•92 views

CVE-2024-0352

CVE-2024-0352 affects Likeshop up to 2.5.7.20210311. The vulnerability is in FileServer::userFormImage (file server/application/api/controller/File.php) where manipulating the file argument leads to unrestricted file upload. Impact scope includes remote execution potential with impact to confiden...

9.8CVSS9.5AI score0.70688EPSS

In wildExploits1References3Affected Software1

OSV•added 2024/01/09 7:15 p.m.•2 views

CVE-2024-0341

A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The explo...

7.5CVSS4.7AI score0.00614EPSS

NVD•added 2024/01/09 7:15 p.m.•21 views

CVE-2024-0341

7.5CVSS5.1AI score0.00614EPSS

Prion•added 2024/01/09 7:15 p.m.•15 views

Path traversal

2.7CVSS7.2AI score0.00614EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/01/09 6:55 p.m.•5 views

CVE-2024-0341 Inis GET Request File.php path traversal

3.5CVSS7.6AI score0.00614EPSS

Cvelist•added 2024/01/09 6:55 p.m.•25 views

CVE-2024-0341 Inis GET Request File.php path traversal

3.5CVSS7.8AI score0.00614EPSS

NVD•added 2024/01/09 4:15 p.m.•17 views

CVE-2023-7222

A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The atta...

9.8CVSS7.8AI score0.0132EPSS

Prion•added 2024/01/09 4:15 p.m.•20 views

Buffer overflow

8.3CVSS7.3AI score0.0132EPSS

NVD•added 2024/01/09 2:15 p.m.•25 views

CVE-2023-7221

A vulnerability was found in Totolink T6 4.1.9cu.5241B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possibl...

10CVSS9.7AI score0.01518EPSS

Prion•added 2024/01/09 2:15 p.m.•19 views

Buffer overflow

10CVSS7.3AI score0.01518EPSS

CVE•added 2024/01/09 2:0 p.m.•62 views

CVE-2023-7221

Totolink T6 (version 4.1.9cu.5241_B20210923) is affected by CVE-2023-7221. A buffer overflow exists in the HTTP POST Request Handler at /cgi-bin/cstecgi.cgi?action=login, triggered by manipulating the v41 argument. The vulnerability can be exploited remotely and has been disclosed publicly. Sever...

10CVSS9.5AI score0.01518EPSS

NVD•added 2024/01/08 6:15 a.m.•11 views

CVE-2024-0300

A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument webimg lead...

9.8CVSS7.1AI score0.05703EPSS

Exploits1References4

Prion•added 2024/01/07 7:15 p.m.•24 views

Stack overflow

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based...

6.5CVSS7.3AI score0.00903EPSS

CVE•added 2024/01/07 7:0 p.m.•51 views

CVE-2023-7213

CVE-2023-7213 affects Totolink N350RT (9.3.5u.6139_B20201216) in the HTTP POST Request Handler, specifically the function main at /cgi-bin/cstecgi.cgi?action=login&flag=1. The vulnerability arises from manipulating the argument v33, causing a stack-based buffer overflow that can be triggered remo...

8.8CVSS8.8AI score0.00903EPSS

CVE•added 2024/01/07 3:31 a.m.•79 views

CVE-2024-0263

CVE-2024-0263 affects ACME Ultra Mini HTTPd 1.21, specifically the HTTP GET Request Handler. The documented issue is a remote, unauthenticated denial of service caused by manipulation of this handler. Several connected sources confirm the impact is DoS and that a patch is recommended to fix the v...

7.5CVSS7.5AI score0.01399EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2024/01/06 12:0 a.m.•3 views

PT-2024-15423 · Acme · Acme Ultra Mini Httpd

Name of the Vulnerable Software and Affected Versions: ACME Ultra Mini HTTPd version 1.21 Description: A vulnerability was found in the HTTP GET Request Handler component, which can lead to denial of service. The manipulation can be initiated remotely. The exploit has been disclosed to the public...

7.5CVSS7.2AI score0.01399EPSS

Exploits1References10

NVD•added 2023/12/31 2:15 p.m.•13 views

CVE-2023-7187

A vulnerability was found in Totolink N350RT 9.3.5u.6139B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. Th...

8.8CVSS0.00709EPSS

Prion•added 2023/12/31 2:15 p.m.•23 views

Stack overflow

5.2CVSS7.2AI score0.00709EPSS