Unknown · CVSS Not scored
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.
Published Aug 28, 2023 · Updated Jul 9, 2026
Critical · CVSS 9.8
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
Published Aug 10, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
Published Aug 10, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
Published Aug 9, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.
Published Aug 9, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
Published Aug 3, 2023 · Updated Jul 9, 2026
High · CVSS 7.5
Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints.
Published Aug 3, 2023 · Updated Jul 9, 2026
Critical · CVSS 9.8
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH Key field. Overwriting specific files may lead to arbitrary code execution as NT AUTHORITY\SYSTEM.
Published Aug 3, 2023 · Updated Jul 9, 2026
High · CVSS 7.5 · CISA KEV
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
Published Aug 16, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component.
Published Aug 17, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
Published Aug 21, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.
Published Aug 14, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal.
Published Aug 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
Published Aug 5, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.
Published Aug 3, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.
Published Aug 2, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Published Aug 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 4
In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.
Published Aug 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).
Published Aug 1, 2023 · Updated Jul 9, 2026
High · CVSS 7.5
Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library.
Published Aug 21, 2024 · Updated Jul 5, 2026
Unknown · CVSS Not scored
In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.
Published Aug 9, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
Published Aug 9, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
Published Aug 14, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
Published Aug 14, 2023 · Updated Jul 5, 2026