Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47102 | 1 Phpgurukul | 1 Student Study Center Management System | 2023-11-14 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-37690 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. | |||||
| CVE-2023-37689 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page. | |||||
| CVE-2023-37688 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page. | |||||
| CVE-2023-37746 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component. | |||||
| CVE-2023-37745 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component. | |||||
| CVE-2023-37744 | 1 Phpgurukul | 1 Maid Hiring Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. | |||||
| CVE-2022-40470 | 1 Phpgurukul | 1 Blood Donor Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. | |||||
| CVE-2023-46626 | 1 Flowfact | 1 Flowfact | 2023-11-14 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions. | |||||
| CVE-2023-37687 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 7.2 HIGH |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | |||||
| CVE-2023-37686 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. | |||||
| CVE-2023-37685 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal. | |||||
| CVE-2023-37684 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal. | |||||
| CVE-2023-37683 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 4.8 MEDIUM |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin. | |||||
| CVE-2023-46627 | 1 Freelancer-coder | 1 Wordpress Simple Html Sitemap | 2023-11-14 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions. | |||||
| CVE-2023-46640 | 1 Mauvedev | 1 Medialist | 2023-11-14 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions. | |||||
| CVE-2021-26765 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | |||||
| CVE-2021-26764 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | |||||
| CVE-2021-26762 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||||
| CVE-2023-46767 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-14 | N/A | 7.5 HIGH |
| Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | |||||
| CVE-2023-46766 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-14 | N/A | 7.5 HIGH |
| Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | |||||
| CVE-2023-46774 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-14 | N/A | 7.5 HIGH |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||
| CVE-2022-45078 | 1 Solwininfotech | 1 User Blocker | 2023-11-14 | N/A | 7.2 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5. | |||||
| CVE-2023-5179 | 1 Opendesign | 1 Drawings Sdk | 2023-11-14 | N/A | 7.8 HIGH |
| An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. | |||||
| CVE-2021-42224 | 1 Phpgurukul | 1 Ifsc Code Finder | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | |||||
| CVE-2023-47190 | 1 Apollo13themes | 1 Apollo13 Framework Extensions | 2023-11-14 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <= 1.9.0 versions. | |||||
| CVE-2023-47227 | 1 Web-settler | 1 Social Feed \| All Social Media In One Place | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin <= 1.5.4.6 versions. | |||||
| CVE-2023-47226 | 1 I13websolution | 1 Post Sliders \& Post Grids | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin <= 1.0.20 versions. | |||||
| CVE-2023-47223 | 1 Wpmapplugins | 1 Basic Interactive World Map | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0 versions. | |||||
| CVE-2023-33338 | 1 Phpgurukul | 1 Old Age Home Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. | |||||
| CVE-2023-47228 | 1 Web-settler | 1 Layer Slider | 2023-11-14 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions. | |||||
| CVE-2023-42543 | 1 Samsung | 1 Bixby Voice | 2023-11-14 | N/A | 7.5 HIGH |
| Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. | |||||
| CVE-2020-23466 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. | |||||
| CVE-2020-26052 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters. | |||||
| CVE-2020-35151 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | |||||
| CVE-2023-47510 | 1 Wpsolutions-hq | 1 Wpdbspringclean | 2023-11-14 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSolutions-HQ WPDBSpringClean plugin <= 1.6 versions. | |||||
| CVE-2023-42542 | 1 Samsung | 1 Push Service | 2023-11-14 | N/A | 3.3 LOW |
| Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. | |||||
| CVE-2023-42541 | 1 Samsung | 1 Push Service | 2023-11-14 | N/A | 5.3 MEDIUM |
| Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | |||||
| CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | |||||
| CVE-2021-28423 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. | |||||
| CVE-2021-26822 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. | |||||
| CVE-2023-42540 | 1 Samsung | 1 Account | 2023-11-14 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-42539 | 1 Samsung | 1 Health | 2023-11-14 | N/A | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. | |||||
| CVE-2022-35156 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. | |||||
| CVE-2022-35155 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | |||||
| CVE-2022-36198 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | |||||
| CVE-2022-29008 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | |||||
| CVE-2021-44317 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | |||||
| CVE-2021-44315 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | |||||
| CVE-2023-42284 | 1 Tyk | 1 Tyk | 2023-11-14 | N/A | 9.8 CRITICAL |
| Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | |||||