CVE-2023-37742
WebBoss.io CMS before v3.6.8.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.
Source: CVE-2023-37742
[월:] 2023년 07월
CVE-2023-38646
CVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server’s privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
Source: CVE-2023-38646
CVE-2023-3819
CVE-2023-3819
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
Source: CVE-2023-3819
CVE-2023-3822
CVE-2023-3822
Cross-site Scripting (XSS) – Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.
Source: CVE-2023-3822
CVE-2023-3821
CVE-2023-3821
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.6.4.
Source: CVE-2023-3821
CVE-2023-3820
CVE-2023-3820
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
Source: CVE-2023-3820
CVE-2023-3484
CVE-2023-3484
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.
Source: CVE-2023-3484
CVE-2023-35087
CVE-2023-35087
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
Source: CVE-2023-35087
CVE-2023-35086
CVE-2023-35086
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
Source: CVE-2023-35086
CVE-2023-28730
CVE-2023-28730
A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
Source: CVE-2023-28730