Security Vulnerabilities, CVEs

CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.
Max CVSS
9.8
Published
2023-12-08
Updated
2023-12-11
EPSS
0.11%

CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Max CVSS
0.0
Published
2023-12-26
Updated
2023-12-27
EPSS
0.04%

CVE-2023-49437

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.15%

CVE-2023-49436

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.15%

CVE-2023-49435

Tenda AX9 V22.03.01.46 is vulnerable to command injection.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.15%

CVE-2023-49434

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49433

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49432

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49431

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.15%

CVE-2023-49430

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49429

Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.11%

CVE-2023-49428

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.15%

CVE-2023-49426

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49425

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49424

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49418

TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.
Max CVSS
9.8
Published
2023-12-11
Updated
2023-12-13
EPSS
0.08%

CVE-2023-49417

TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.
Max CVSS
9.8
Published
2023-12-11
Updated
2023-12-13
EPSS
0.08%

CVE-2023-49411

Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49410

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49409

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.17%

CVE-2023-49408

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49406

Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.17%

CVE-2023-49405

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49404

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.09%

CVE-2023-49403

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.
Max CVSS
9.8
Published
2023-12-07
Updated
2023-12-09
EPSS
0.11%
50 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 ...... 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50