CVE-2023-39983

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-915
View all →

Vulnerability Description

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.

Related Vulnerabilities

CVE-2024-10359

MEDIUM
CVSS:4.6(Medium)

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker ...

CWE-9152024

CVE-2021-21297

MEDIUM
CVSS:6.5(Medium)

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request ca...

CWE-9152021

CVE-2021-32807

HIGH
CVSS:7.2(High)

The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the c...

CWE-9152021

CVE-2021-32811

HIGH
CVSS:7.2(High)

Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope ...

CWE-9152021

CVE-2024-3283

HIGH
CVSS:7.2(High)

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint ...

CWE-9152024

CVE-2020-11066

CRITICAL
CVSS:10.0(Critical)

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modific...

CWE-9152020