Author Archives: National Vulnerability Database

Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. Continue reading CVE-2023-43906 (xolo_cms)→

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. Continue reading CVE-2023-30969 (tiles)→

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. Continue reading CVE-2023-30967 (orbital_simulator)→

An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Continue reading CVE-2023-38847 (line)→

An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Continue reading CVE-2023-38848 (line)→

An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Continue reading CVE-2023-38849 (line)→

An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Continue reading CVE-2023-38846 (line)→

An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Continue reading CVE-2023-38845 (line)→

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of t… Continue reading CVE-2023-46137 (twisted)→

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function. Continue reading CVE-2023-46416 (x6000r_firmware)→