Security Vulnerabilities - CVEs Published In July 2023
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-07-31
A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-07-31
Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-31
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.
CVSS Score
9.8
EPSS Score
0.184
Published
2023-07-31
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.
CVSS Score
9.8
EPSS Score
0.021
Published
2023-07-31
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-07-31
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-07-31
Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-07-31
Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-07-31
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-07-31