Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21946 | 3 Fedoraproject, Netapp, Oracle | 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more | 2023-11-15 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2023-21268 | 1 Google | 1 Android | 2023-11-15 | N/A | 5.5 MEDIUM |
| In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-34256 | 3 Debian, Linux, Suse | 3 Debian Linux, Linux Kernel, Linux Enterprise | 2023-11-15 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. | |||||
| CVE-2022-4942 | 1 Eslint-detailed-reporter Project | 1 Eslint-detailed-reporter | 2023-11-15 | N/A | 6.1 MEDIUM |
| A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The patch is identified as 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2981 | 1 Abstrium | 1 Pydio Cells | 2023-11-15 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230213 was assigned to this vulnerability. | |||||
| CVE-2023-2667 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-11-15 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883. | |||||
| CVE-2023-2476 | 1 J2eefast | 1 J2eefast | 2023-11-15 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868. | |||||
| CVE-2022-48065 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2023-11-15 | N/A | 5.5 MEDIUM |
| GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | |||||
| CVE-2023-5441 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-11-15 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | |||||
| CVE-2020-5308 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. | |||||
| CVE-2021-27545 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2023-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | |||||
| CVE-2021-27544 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2023-11-14 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | |||||
| CVE-2022-43369 | 1 Phpgurukul | 1 Auto\/taxi Stand Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php. | |||||
| CVE-2022-29004 | 1 Phpgurukul | 1 E-diary Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. | |||||
| CVE-2022-47102 | 1 Phpgurukul | 1 Student Study Center Management System | 2023-11-14 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-37690 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. | |||||
| CVE-2023-37689 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page. | |||||
| CVE-2023-37688 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page. | |||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | |||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | |||||
| CVE-2023-37744 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. | |||||
| CVE-2022-40470 | 1 Phpgurukul | 1 Blood Donor Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. | |||||
| CVE-2023-46626 | 1 Flowfact | 1 Flowfact | 2023-11-14 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions. | |||||
| CVE-2023-37686 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. | |||||
| CVE-2023-37685 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal. | |||||
| CVE-2023-37684 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal. | |||||
| CVE-2023-37683 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin. | |||||
| CVE-2023-46627 | 1 Freelancer-coder | 1 Wordpress Simple Html Sitemap | 2023-11-14 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions. | |||||
| CVE-2023-46640 | 1 Mauvedev | 1 Medialist | 2023-11-14 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions. | |||||
| CVE-2023-47190 | 1 Apollo13themes | 1 Apollo13 Framework Extensions | 2023-11-14 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <= 1.9.0 versions. | |||||
| CVE-2023-47227 | 1 Web-settler | 1 Social Feed \| All Social Media In One Place | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin <= 1.5.4.6 versions. | |||||
| CVE-2023-47226 | 1 I13websolution | 1 Post Sliders \& Post Grids | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin <= 1.0.20 versions. | |||||
| CVE-2023-47223 | 1 Wpmapplugins | 1 Basic Interactive World Map | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0 versions. | |||||
| CVE-2023-47228 | 1 Web-settler | 1 Layer Slider | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions. | |||||
| CVE-2020-23466 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. | |||||
| CVE-2020-26052 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters. | |||||
| CVE-2023-47510 | 1 Wpsolutions-hq | 1 Wpdbspringclean | 2023-11-14 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSolutions-HQ WPDBSpringClean plugin <= 1.6 versions. | |||||
| CVE-2023-42541 | 1 Samsung | 1 Push Service | 2023-11-14 | N/A | 5.3 MEDIUM |
| Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | |||||
| CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | |||||
| CVE-2023-42540 | 1 Samsung | 1 Account | 2023-11-14 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-42539 | 1 Samsung | 1 Health | 2023-11-14 | N/A | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. | |||||
| CVE-2022-35155 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | |||||
| CVE-2022-29008 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | |||||
| CVE-2021-44317 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | |||||
| CVE-2021-42223 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | |||||
| CVE-2023-41723 | 1 Veeam | 1 One | 2023-11-14 | N/A | 4.3 MEDIUM |
| A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | |||||
| CVE-2022-46128 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=. | |||||
| CVE-2022-45730 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. | |||||
| CVE-2022-45729 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | |||||
| CVE-2022-45728 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||