CVE-2023-37717

CVE-2023-37717 affects Tenda devices: F1202 (V1.0BR_V1.2.0.20(408)), FH1202 (V1.2.0.19_EN), and AC10/AC1206/AC7/AC5/AC9 (V1.0 or V3.0) with a stack overflow in the page parameter of fromDhcpListClient. Root cause: stack overflow in that function, enabling remote impact per the documents. Connecte...

CVE-2023-37718

CVE-2023-37718 affects the Tenda F1202 (V1.0BR_V1.2.0.20(408)) and FH1202 (V1.2.0.19_EN). The issue is a stack overflow in the page parameter of the function fromSafeClientFilter, causing potential impact to confidentiality, integrity, and availability. Concrete details come from multiple sources...

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

Anyone can call Well.sol shift() function and withdraw Contract's extra ERC20 tokens whichever this contract is holding . From Well's contract balance, extra tokens for shifting, calculated amountOut for passed tokenOut token can be withdrawn by attacker.

Lines of code Vulnerability details Impact Whichever type of ERC20 token Well contract is holding it can loose all extra tokens of all types in an amount whatever is the difference reservesj -calcReservewellFunction, reserves, j, totalSupply comes for tokenOut token passed by attacker. Attacker c...

Potential token duplication validation bypass

Lines of code Vulnerability details Impact Potential token duplication validation bypass Proof of Concept The loop statement in init function will check if there is duplicated token for a Well. function initstring memory name, string memory symbol public initializer ERC20Permitinitname;...

The vulnerability of the system() function in NETGEAR RAX30 microprogramming devices allows a hacker to execute arbitrary code.

The vulnerability of the system function in NETGEAR RAX30 microprogramming devices stems from insufficient validation of input data during the processing of port discovery requests via UPnP. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-34147

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first...

Piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version 13.7.0, which stems from vulnerability to SQL injection attacks via the sers functio...

UBUNTU-CVE-2023-26132

Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set function and the current variable in the /dottie.js file...

PT-2023-20168 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.1.9 Description: The issue allows authenticated attackers with subscriber-level permissions and above to edit an arbitrary custom drop-down currency...

CVE-2023-29549

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2022-4240 Unauthenticated API allowing an attacker to obtain the information about network resources

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...

Authentication flaw

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

CVE-2023-31723

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expandmmacparams at /nasm/nasm-pp.c...

PT-2025-17220 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the es58x rx err msg function. This occurs when can-do set mode fails, causing the function to return witho...

PT-2023-12125 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel version 8.5.9 Description: A deserialization vulnerability in the destruct function allows attackers to execute arbitrary commands. Recommendations: For Laravel version 8.5.9, consider disabling the destruct function until a patch is...

CVE-2023-29805

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the prostorcanceltranshandlerpart19 function...

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...

CVE-2023-26733

Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReaderreadNextFrame function in tinytiffreader.c file...