CVE-2023-22516

This High severity RCE Remote Code Execution vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code...

CVE-2023-44320

CVE-2023-44320 affects Siemens SCALANCE and RUGGEDCOM devices (e.g., RM1224 LTE EU/NAM, SCALANCE M8xx/MUm/WM/ S-series) with all versions before V7.2.2. The issue is improper authentication validation in the web interface, allowing an authenticated attacker to influence the administrator’s UI. Ex...

Aruba Networks ArubaOS and InstantOS Security Vulnerabilities

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS and InstantOS that originates from an authenticated denial of service...

CVE-2023-43284

D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter...

CVE-2022-47555

CVE-2022-47555 affects Ormazabal ekorCCP and ekorRCI and is described as an operating system command injection. Multiple sources confirm an authenticated attacker could execute commands, create users with elevated privileges, or backdoor the system. The NVD metrics show a high/critical impact (CV...

PT-2023-4964 · Cisco · Cisco Small Business Rv130W +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to execute arbitrary code on an...

CVE-2023-40535

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-4718 Font Awesome 4 Menus <= 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

Atlos 安全漏洞

Atlos is an Atlos open source, non-profit platform used by investigators for large-scale cataloging and verification of eyewitness media. A security vulnerability exists in Atlos version v.1.0 that stems from a vulnerability that allows an authenticated attacker to execute arbitrary code in the...

CVE-2023-38843

An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function...

CVE-2021-25857

An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the fonttype parameter to setup.php...

CVE-2021-25857

An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the fonttype parameter to setup.php...

CVE-2023-23574

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alertscount component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrar...

Information disclosure

An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...

CVE-2023-25840

Affected software: ArcGIS Server 10.8.1 through 11.1. Vulnerability: Cross-site Scripting via crafted links that trigger onmouseover; an remote, authenticated attacker with high privileges could render an image in the victim’s browser. Root cause: XSS in the ArcGIS Server REST/HTML surface allowi...

CVE-2023-25836

CVE-2023-25836 describes a cross-site scripting vulnerability in Esri Portal for ArcGIS Sites (versions 10.9 and below). A remote, authenticated attacker can craft a link that, when clicked, executes arbitrary JavaScript in the victim’s browser. Privileges required are low, and user interaction i...

WordPress plugin User Registration 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2023-26026 · Elecom · Wrc-1167Gebk-S

Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers WRC-1167GHBK-S versions 1.03 and earlier ELECOM wireless LAN routers WRC-1167GEBK-S versions 1.03 and earlier Description: The issue allows a network-adjacent authenticated attacker to execute an arbitrary command ...

CVE-2023-0969

A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory...

GL.iNet GL-E750 操作系统命令注入漏洞

The GL.iNet GL-E750 is a wireless router from China-based GL.iNet. An operating system command injection vulnerability exists in the GL.iNet GL-E750 prior to version v3.216, which originates from a vulnerability that allows an authenticated attacker to execute arbitrary code via a crafted POST...