Kelsey Tian

13 exploits Active since Dec 2023
CVE-2023-51837 WRITEUP CRITICAL WRITEUP
Ylianst MeshCentral 1.1.16 - Info Disclosure
Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.
CVSS 9.8
CVE-2023-51838 WRITEUP HIGH WRITEUP
Ylianst MeshCentral 1.1.16 - Info Disclosure
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVSS 7.5
CVE-2023-51842 WRITEUP HIGH WRITEUP
Ylianst MeshCentral <1.1.16 - Info Disclosure
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.
CVSS 7.5
CVE-2023-50473 WRITEUP MEDIUM WRITEUP
qbit_matui 1.16.4 - Cross-Site Scripting via Fixed Session Identifiers
Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.
CVSS 5.4
CVE-2023-50475 WRITEUP CRITICAL WRITEUP
bcoin 2.2.0 - Sensitive Information Exposure via Weak Hashing in faye-websocket.js
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
CVSS 9.1
CVE-2023-50477 WRITEUP CRITICAL WRITEUP
Nos Client <0.6.6 - Privilege Escalation
An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js.
CVSS 9.8
CVE-2023-50481 WRITEUP HIGH WRITEUP
blinksocks 3.3.8 - Sensitive Information Exposure via Weak Encryption in SSR Auth Chain
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.
CVSS 7.5
CVE-2023-51837 WRITEUP CRITICAL WRITEUP
Ylianst MeshCentral 1.1.16 - Info Disclosure
Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.
CVSS 9.8
CVE-2023-51838 WRITEUP HIGH WRITEUP
Ylianst MeshCentral 1.1.16 - Info Disclosure
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVSS 7.5
CVE-2023-51839 WRITEUP CRITICAL WRITEUP
DeviceFarmer stf <3.6.6 - Info Disclosure
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVSS 9.1
CVE-2023-51840 WRITEUP CRITICAL WRITEUP
DoraCMS 2.1.8 - Use of Hard-coded Cryptographic Key
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
CVSS 9.8
CVE-2023-51842 WRITEUP HIGH WRITEUP
Ylianst MeshCentral <1.1.16 - Info Disclosure
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.
CVSS 7.5
CVE-2023-51843 WRITEUP HIGH WRITEUP
react-dashboard 1.4.0 - Cross-Site Scripting via Missing httpOnly Flag
react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set.
CVSS 8.2