Vulnerabilities (CVE)

Total 21356 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-44016 1 Tendacn 2 Ac10u, Ac10u Firmware 2023-09-27 N/A 9.8 CRITICAL
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
CVE-2023-44014 1 Tendacn 2 Ac10u, Ac10u Firmware 2023-09-27 N/A 9.8 CRITICAL
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters.
CVE-2023-44017 1 Tendacn 2 Ac10u, Ac10u Firmware 2023-09-27 N/A 9.8 CRITICAL
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.
CVE-2023-44015 1 Tendacn 2 Ac10u, Ac10u Firmware 2023-09-27 N/A 9.8 CRITICAL
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.
CVE-2023-44018 1 Tendacn 2 Ac10u, Ac10u Firmware 2023-09-27 N/A 9.8 CRITICAL
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function.
CVE-2023-44021 1 Tendacn 2 Ac10u, Ac10u Firmware 2023-09-27 N/A 9.8 CRITICAL
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function.
CVE-2023-40436 1 Apple 1 Macos 2023-09-27 N/A 9.1 CRITICAL
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory.
CVE-2023-39375 1 Siberiancms 1 Siberiancms 2023-09-27 N/A 9.8 CRITICAL
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
CVE-2021-38243 1 Xunruicms 1 Xunruicms 2023-09-27 N/A 9.8 CRITICAL
xunruicms <=4.5.1 is vulnerable to Remote Code Execution.
CVE-2023-38586 1 Apple 1 Macos 2023-09-27 N/A 10.0 CRITICAL
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.
CVE-2023-44172 1 Seacms 1 Seacms 2023-09-27 N/A 9.8 CRITICAL
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.
CVE-2023-44171 1 Seacms 1 Seacms 2023-09-27 N/A 9.8 CRITICAL
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.
CVE-2023-44170 1 Seacms 1 Seacms 2023-09-27 N/A 9.8 CRITICAL
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.
CVE-2023-44169 1 Seacms 1 Seacms 2023-09-27 N/A 9.8 CRITICAL
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.
CVE-2023-43222 1 Seacms 1 Seacms 2023-09-27 N/A 9.8 CRITICAL
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
CVE-2023-43216 1 Seacms 1 Seacms 2023-09-27 N/A 9.8 CRITICAL
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.
CVE-2023-4737 2023-09-27 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2.
CVE-2023-41910 1 Lldpd Project 1 Lldpd 2023-09-27 N/A 9.8 CRITICAL
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.
CVE-2022-22536 1 Sap 3 Content Server, Netweaver Application Server Abap, Web Dispatcher 2023-09-27 10.0 HIGH 10.0 CRITICAL
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
CVE-2023-39640 1 Uplight 1 Cookie Law 2023-09-26 N/A 9.8 CRITICAL
UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().