Latest critical severity Vulnerabilities

CVE-2023-5008
Student Information System v1.0 - Unauthenticated SQL Injection
CVE-2023-4122
Student Information System v1.0 - Insecure File Upload
CVE-2023-39169
SENEC: Storage Box V1,V2 and V3 using default credentials
CVE-2023-39172
SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted
CVE-2023-35039
WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication
CVE-2023-35618
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based)
CVE-2023-5761
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1....
CVE-2023-49426
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
CVE-2023-49999
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-49429
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
CVE-2023-49435
Tenda AX9 V22.03.01.46 is vulnerable to command injection.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
CVE-2023-49433
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
CVE-2023-49424
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
CVE-2023-49428
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
CVE-2023-49410
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-49432
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
CVE-2023-49411
Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-49425
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
CVE-2023-50001
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-49408
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.
Tenda Ax3 Firmware=16.03.12.11
Tenda AX3
CVE-2023-49436
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
CVE-2023-49437
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Tenda Ax12 Firmware=22.03.01.46
Tenda AX12
CVE-2023-49403
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-50002
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-49404
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-49431
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
CVE-2023-49430
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
CVE-2023-49434
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.
Tenda Ax9 Firmware=22.03.01.46
Tenda AX9
CVE-2023-49402
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-49409
Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
Tenda Ax3 Firmware=16.03.12.11
Tenda AX3
CVE-2023-49405
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-49406
Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.
Mayurik Courier Management System=1.0
CVE-2023-50000
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
Tenda W30e Firmware=16.01.0.12\(4843\)
Tenda W30E
CVE-2023-22524
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and Mac...
CVE-2023-22523
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Asset...
CVE-2023-22522
This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is abl...
CVE-2023-46353
In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL c...
Mypresta Product Tag Icons Pro<1.8.4
GHSA-8v8w-v8xg-79rf
### Summary The `tj-actions/branch-names` GitHub Actions references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref v...
actions/tj-actions/branch-names<7.0.7
CVE-2023-6448
Unitronics Vision Series PLCs and HMIs use default passwords
CVE-2023-6269
Argument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF
CVE-2023-33083
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host
CVE-2023-33082
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host
CVE-2023-48697
Azure RTOS USBX Remote Code Execution Vulnerability
Microsoft Azure Rtos Usbx<6.3.0
CVE-2023-48696
Azure RTOS USBX Remote Code Execution Vulnerability
Microsoft Azure Rtos Usbx<6.3.0
CVE-2023-48695
Azure RTOS USBX Remote Code Execution Vulnerability
Microsoft Azure Rtos Usbx<6.3.0
CVE-2023-48694
Azure RTOS USBX Remote Code Execution Vulnerability
Microsoft Azure Rtos Usbx<6.3.0
CVE-2023-48693
Azure RTOS ThreadX Remote Code Execution Vulnerability
Microsoft Azure Rtos Threadx<6.3.0
CVE-2023-48692
Azure RTOS NetX Duo Remote Code Execution Vulnerability
Microsoft Azure Rtos Netx Duo<6.3.0
CVE-2023-48691
Azure RTOS NetX Duo Remote Code Execution Vulnerability
Microsoft Azure Rtos Netx Duo<6.3.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2023 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203