CVE

CVE-2023-46510

An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.

Source: CVE-2023-46510

CVE-2023-40138

In FillUi of FillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-40138

CVE-2023-40140

In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-40140

CVE-2023-40139

In FillUi of FillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-40139

CVE-2023-46200

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions.

Source: CVE-2023-46200

CVE-2023-46209

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.

Source: CVE-2023-46209

CVE-2023-46208

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.

Source: CVE-2023-46208

CVE-2023-46211

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.

Source: CVE-2023-46211

CVE-2023-46509

An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.

Source: CVE-2023-46509

CVE-2023-44480

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setcasualleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

Source: CVE-2023-44480