Common Vulnerabilities and Exposures (CVE)

CVE-2023-43261

Jul 9, 2026 00:28:28 UTC

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

CVE-2023-43234

Jul 9, 2026 00:28:27 UTC

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.

CVE-2023-43232

Jul 9, 2026 00:28:26 UTC

A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

CVE-2023-43176

Jul 9, 2026 00:28:25 UTC

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.

CVE-2023-43141

Jul 9, 2026 00:28:23 UTC

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

CVE-2023-42426

Jul 9, 2026 00:28:22 UTC

Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.

CVE-2023-42425

Jul 9, 2026 00:28:21 UTC

An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.

CVE-2023-42399

Jul 9, 2026 00:28:20 UTC

Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.

CVE-2023-41595

Jul 9, 2026 00:28:18 UTC

An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.

CVE-2023-41453

Jul 9, 2026 00:28:17 UTC

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.

CVE-2023-41452

Jul 9, 2026 00:28:16 UTC

Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.

CVE-2023-41451

Jul 9, 2026 00:28:15 UTC

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.

CVE-2023-41450

Jul 9, 2026 00:28:13 UTC

An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.

CVE-2023-41449

Jul 9, 2026 00:28:12 UTC

An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.

CVE-2023-41448

Jul 9, 2026 00:28:11 UTC

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.