Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2023-39852 Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session va... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46419 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49060 An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46418 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46417 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46416 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46415 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39850 Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46414 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46413 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46412 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46411 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46410 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46409 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45015 Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46408 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46990 Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-34060 VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Clo... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5766 A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45336 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters r... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41442 An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-44025 SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43139 An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46547 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46546 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-47445 Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46545 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46544 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-36263 Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be exe... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46543 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46542 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46541 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-47213 First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are p... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46540 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46539 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-20596 Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48188 SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46538 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46537 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-47174 Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6018 An attacker can overwrite any file on the server hosting MLflow without any authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46536 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46535 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-21287 In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46534 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46527 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46526 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46356 In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be exe... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46525 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46523 TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.