CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-49434 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49433 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49432 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43982 Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers t... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47445 Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45614 There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's acce... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49431 Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41552 Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41553 Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41554 Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41555 Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41556 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41557 Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41558 Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41559 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41560 Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41561 Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41562 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41563 Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45615 There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's acce... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49430 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46954 SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45616 There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46958 An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-42299 Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49429 Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31579 Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the applicatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49428 Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49426 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-48078 SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49425 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49424 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39335 A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment proc... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43979 ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47308 In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45347 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the chara... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45346 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the character... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45345 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the charac... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45338 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters rec... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45344 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the charac... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45343 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the cha... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45342 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the charac... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-50001 Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45341 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characte... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-48860 TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45340 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the charact... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45334 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the character... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45325 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45323 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.Β The 'name' parameter of the routers/add-item.php resource does not validate the characters rec... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45336 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters r... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.