Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43788 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43787 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43786 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43785 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43784 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43783 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-36827 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2013-4300 | 1 Linux | 1 Linux Kernel | 2023-11-15 | 7.2 HIGH | N/A |
| The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. | |||||
| CVE-2023-35140 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2023-11-14 | N/A | N/A |
| The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device. | |||||
| CVE-2023-4128 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | |||||
| CVE-2023-6115 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: DUPLICATE CVE | |||||
| CVE-2023-6107 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental Request. | |||||
| CVE-2023-6106 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental request. | |||||
| CVE-2023-6092 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: DUPLICATE, accidental request. | |||||
| CVE-2023-6089 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental Request. | |||||
| CVE-2023-6088 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental Request. | |||||
| CVE-2023-6087 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental Request. | |||||
| CVE-2023-6086 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental request. | |||||
| CVE-2023-6085 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental request. | |||||
| CVE-2023-6083 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental Request. | |||||
| CVE-2023-6034 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental request. | |||||
| CVE-2023-6010 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental Request. | |||||
| CVE-2023-5977 | 2023-11-14 | N/A | N/A | ||
| Rejected reason: Accidental Request. | |||||
| CVE-2023-5999 | 2023-11-13 | N/A | N/A | ||
| Rejected reason: This is a duplicate. | |||||
| CVE-2023-46788 | 1 Projectworlds | 1 Online Matrimonial Project | 2023-11-13 | N/A | N/A |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-46787 | 1 Projectworlds | 1 Online Matrimonial Project | 2023-11-13 | N/A | N/A |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-46793 | 1 Projectworlds | 1 Online Matrimonial Project | 2023-11-13 | N/A | N/A |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-46789 | 1 Projectworlds | 1 Online Matrimonial Project | 2023-11-13 | N/A | N/A |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-46800 | 1 Projectworlds | 1 Online Matrimonial Project | 2023-11-13 | N/A | N/A |
| Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-46677 | 1 Projectworlds | 1 Online Job Portal | 2023-11-13 | N/A | N/A |
| Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-46679 | 1 Projectworlds | 1 Online Job Portal | 2023-11-13 | N/A | N/A |
| Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-6104 | 2023-11-13 | N/A | N/A | ||
| Rejected reason: The CVE Record was published by accident. | |||||
| CVE-2023-5037 | 2023-11-13 | N/A | N/A | ||
| Rejected reason: CVE number will be reassigned. | |||||
| CVE-2022-36816 | 2023-11-09 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2023-41266 | 2023-08-29 | N/A | N/A | ||
| A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. | |||||
| CVE-2023-41265 | 2023-08-29 | N/A | N/A | ||
| An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. | |||||
| CVE-2023-39559 | 2023-08-29 | N/A | N/A | ||
| AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. | |||||
| CVE-2023-39558 | 2023-08-29 | N/A | N/A | ||
| AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component. | |||||
| CVE-2020-18912 | 2023-08-29 | N/A | N/A | ||
| An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. | |||||
| CVE-2023-4611 | 2023-08-29 | N/A | N/A | ||
| A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak. | |||||
| CVE-2023-4296 | 2023-08-29 | N/A | N/A | ||
| ?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device. | |||||
| CVE-2023-41153 | 2023-08-29 | N/A | N/A | ||
| A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. | |||||
| CVE-2023-38975 | 2023-08-29 | N/A | N/A | ||
| * Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component. | |||||
| CVE-2023-38971 | 2023-08-29 | N/A | N/A | ||
| Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function. | |||||
| CVE-2023-32241 | 2023-08-29 | N/A | N/A | ||
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions. | |||||
| CVE-2023-4572 | 2023-08-29 | N/A | N/A | ||
| Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4346 | 2023-08-29 | N/A | N/A | ||
| KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way. | |||||
| CVE-2023-3253 | 2023-08-29 | N/A | N/A | ||
| An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. | |||||
| CVE-2023-39678 | 2023-08-29 | N/A | N/A | ||
| A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | |||||
| CVE-2023-39663 | 2023-08-29 | N/A | N/A | ||
| Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. | |||||