Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37979 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-20 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2022-37978 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.5 HIGH |
| Windows Active Directory Certificate Services Security Feature Bypass | |||||
| CVE-2022-37977 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 6.5 MEDIUM |
| Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | |||||
| CVE-2022-37976 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-20 | N/A | 8.8 HIGH |
| Active Directory Certificate Services Elevation of Privilege Vulnerability | |||||
| CVE-2022-37975 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.8 HIGH |
| Windows Group Policy Elevation of Privilege Vulnerability | |||||
| CVE-2022-37974 | 1 Microsoft | 2 Windows 10, Windows 11 | 2023-12-20 | N/A | 6.5 MEDIUM |
| Windows Mixed Reality Developer Tools Information Disclosure Vulnerability | |||||
| CVE-2022-37973 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2022 | 2023-12-20 | N/A | 7.7 HIGH |
| Windows Local Session Manager (LSM) Denial of Service Vulnerability | |||||
| CVE-2022-37971 | 1 Microsoft | 1 Malware Protection Engine | 2023-12-20 | N/A | 7.1 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
| CVE-2022-37970 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2023-12-20 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-37968 | 1 Microsoft | 2 Azure Arc-enabled Kubernetes, Azure Stack Edge | 2023-12-20 | N/A | 10.0 CRITICAL |
| <p>Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.</p> | |||||
| CVE-2022-37965 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-20 | N/A | 5.9 MEDIUM |
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | |||||
| CVE-2022-35829 | 1 Microsoft | 1 Azure Service Fabric | 2023-12-20 | N/A | 4.8 MEDIUM |
| Service Fabric Explorer Spoofing Vulnerability | |||||
| CVE-2022-35770 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 6.5 MEDIUM |
| Windows NTLM Spoofing Vulnerability | |||||
| CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.5 HIGH |
| Windows CryptoAPI Spoofing Vulnerability | |||||
| CVE-2022-33645 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.5 HIGH |
| Windows TCP/IP Driver Denial of Service Vulnerability | |||||
| CVE-2022-33635 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.8 HIGH |
| Windows GDI+ Remote Code Execution Vulnerability | |||||
| CVE-2022-33634 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-30198 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-24504 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-22035 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-41082 | 1 Microsoft | 1 Exchange Server | 2023-12-20 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-41040 | 1 Microsoft | 1 Exchange Server | 2023-12-20 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2022-37972 | 1 Microsoft | 1 Endpoint Configuration Manager | 2023-12-20 | N/A | 7.5 HIGH |
| Microsoft Endpoint Configuration Manager Spoofing Vulnerability | |||||
| CVE-2022-38019 | 1 Microsoft | 1 Av1 Video Extension | 2023-12-20 | N/A | 7.8 HIGH |
| AV1 Video Extension Remote Code Execution Vulnerability | |||||
| CVE-2022-38013 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2023-12-20 | N/A | 7.5 HIGH |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2022-38011 | 1 Microsoft | 3 Raw Image Extension, Windows 10, Windows 11 | 2023-12-20 | N/A | 7.3 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability | |||||
| CVE-2022-38007 | 1 Microsoft | 2 Azure Arc, Azure Guest Configuration | 2023-12-20 | N/A | 7.8 HIGH |
| Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability | |||||
| CVE-2022-35828 | 1 Microsoft | 1 Defender For Endpoint | 2023-12-20 | N/A | 7.8 HIGH |
| Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability | |||||
| CVE-2022-26929 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2023-12-20 | N/A | 7.8 HIGH |
| .NET Framework Remote Code Execution Vulnerability | |||||
| CVE-2023-40630 | 1 Joomcode | 1 Jcdashboard | 2023-12-20 | N/A | 9.8 CRITICAL |
| Unauthenticated LFI/SSRF in JCDashboards component for Joomla. | |||||
| CVE-2023-6901 | 1 Codelyfe | 1 Stupid Simple Cms | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259. | |||||
| CVE-2023-23684 | 1 Wpengine | 1 Wpgraphql | 2023-12-20 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. | |||||
| CVE-2023-3275 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability. | |||||
| CVE-2022-1184 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2023-12-20 | N/A | 5.5 MEDIUM |
| A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | |||||
| CVE-2023-46998 | 1 Bootboxjs | 1 Bootbox | 2023-12-20 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. | |||||
| CVE-2023-31937 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | |||||
| CVE-2023-31936 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. | |||||
| CVE-2023-31935 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. | |||||
| CVE-2023-31934 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | |||||
| CVE-2023-31933 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. | |||||
| CVE-2023-31932 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | |||||
| CVE-2023-37743 | 1 Phpgurukul | 1 Teacher Subject Allocation System | 2023-12-20 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. | |||||
| CVE-2023-24726 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | |||||
| CVE-2023-23158 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page. | |||||
| CVE-2023-23157 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page. | |||||
| CVE-2023-23156 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | |||||
| CVE-2023-23155 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | |||||
| CVE-2023-23163 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter. | |||||
| CVE-2023-23162 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. | |||||
| CVE-2023-23161 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-12-20 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. | |||||