Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49599 | 1 Wwbn | 1 Avideo | 2025-11-04 | 9.8 Critical |
| An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user. | ||||
| CVE-2023-49594 | 1 Michaelkelly | 1 Duouniversalkeycloakauthenticator | 2025-11-04 | 4.5 Medium |
| An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability. | ||||
| CVE-2023-49589 | 1 Wwbn | 1 Avideo | 2025-11-04 | 8.8 High |
| An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2023-49438 | 1 Flask-security-too Project | 1 Flask-security-too | 2025-11-04 | 6.1 Medium |
| An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | ||||
| CVE-2023-49134 | 1 Tp-link | 6 Ac1350 Firmware, Eap115, Eap115 Firmware and 3 more | 2025-11-04 | 8.1 High |
| A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point. | ||||
| CVE-2023-49133 | 1 Tp-link | 6 Ac1350 Firmware, Eap115, Eap115 Firmware and 3 more | 2025-11-04 | 8.1 High |
| A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point. | ||||
| CVE-2023-49086 | 1 Cacti | 1 Cacti | 2025-11-04 | 5.4 Medium |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user's browser. This issue has been patched in version 1.2.27. | ||||
| CVE-2023-49074 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-11-04 | 7.4 High |
| A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2023-48730 | 1 Wwbn | 1 Avideo | 2025-11-04 | 8.5 High |
| A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2023-48728 | 1 Wwbn | 1 Avideo | 2025-11-04 | 9.6 Critical |
| A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2023-48725 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-11-04 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-48724 | 1 Tp-link | 3 Ac1350 Firmware, Eap225, Eap225 Firmware | 2025-11-04 | 7.5 High |
| A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability. | ||||
| CVE-2023-47997 | 1 Freeimage Project | 1 Freeimage | 2025-11-04 | 6.5 Medium |
| An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service. | ||||
| CVE-2023-47995 | 1 Freeimage Project | 1 Freeimage | 2025-11-04 | 6.5 Medium |
| Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service. | ||||
| CVE-2023-47862 | 1 Wwbn | 1 Avideo | 2025-11-04 | 9.8 Critical |
| A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2023-47861 | 1 Wwbn | 1 Avideo | 2025-11-04 | 9 Critical |
| A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | ||||
| CVE-2023-47618 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | 7.2 High |
| A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-47617 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | 7.2 High |
| A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-47211 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2025-11-04 | 9.1 Critical |
| A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. | ||||
| CVE-2023-47209 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | 7.2 High |
| A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||