Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3896 | 1 Vim | 1 Vim | 2023-08-09 | N/A | 7.8 HIGH |
| Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 | |||||
| CVE-2023-20781 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6731 and 53 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323. | |||||
| CVE-2023-4187 | 1 Instantcms | 1 Instantcms | 2023-08-09 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-38773 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. | |||||
| CVE-2023-38771 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | |||||
| CVE-2023-38770 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. | |||||
| CVE-2023-38769 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | |||||
| CVE-2022-38795 | 1 Gitea | 1 Gitea | 2023-08-09 | N/A | 6.5 MEDIUM |
| In Gitea through 1.17.1, repo cloning can occur in the migration function. | |||||
| CVE-2023-38768 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | |||||
| CVE-2023-38767 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | |||||
| CVE-2023-38766 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. | |||||
| CVE-2021-24916 | 1 Themeum | 1 Qubely | 2023-08-09 | N/A | 7.5 HIGH |
| The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action. | |||||
| CVE-2023-36220 | 1 Textpattern | 1 Textpattern | 2023-08-09 | N/A | 7.2 HIGH |
| Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. | |||||
| CVE-2023-38765 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | |||||
| CVE-2023-2843 | 1 Multiparcels | 1 Multiparcels Shipping For Woocommerce | 2023-08-09 | N/A | 8.8 HIGH |
| The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. | |||||
| CVE-2023-0604 | 1 Wpfoodmanager | 1 Wp Food Manager | 2023-08-09 | N/A | 5.4 MEDIUM |
| The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-38764 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | |||||
| CVE-2023-3671 | 1 Multiparcels | 1 Multiparcels Shipping For Woocommerce | 2023-08-09 | N/A | 6.1 MEDIUM |
| The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-3575 | 1 Expresstech | 1 Quiz And Survey Master | 2023-08-09 | N/A | 5.4 MEDIUM |
| The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-3524 | 1 Wpcode | 1 Wpcode | 2023-08-09 | N/A | 6.1 MEDIUM |
| The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | |||||
| CVE-2023-3492 | 1 Cmscommander | 1 Wp Shopping Pages | 2023-08-09 | N/A | 6.8 MEDIUM |
| The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2023-3365 | 1 Multiparcels | 1 Multiparcels Shipping For Woocommerce | 2023-08-09 | N/A | 8.1 HIGH |
| The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment | |||||
| CVE-2023-20805 | 3 Google, Linuxfoundation, Mediatek | 10 Android, Yocto, Mt2713 and 7 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411. | |||||
| CVE-2023-20804 | 3 Google, Linuxfoundation, Mediatek | 10 Android, Yocto, Mt2713 and 7 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384. | |||||
| CVE-2023-38763 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | |||||
| CVE-2023-34477 | 1 Braincert | 1 Virtual Classroom | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-34476 | 1 Mooj | 1 Proforms | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-23758 | 1 Creative-solutions | 1 Creative Gallery | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-23757 | 1 Bestaddon | 1 Bestaddon Gallery | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-3650 | 1 Wow-company | 1 Bubble Menu | 2023-08-09 | N/A | 4.8 MEDIUM |
| The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2023-39508 | 1 Apache | 1 Airflow | 2023-08-09 | N/A | 8.8 HIGH |
| Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0. | |||||
| CVE-2023-38762 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | |||||
| CVE-2023-38761 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. | |||||
| CVE-2023-38760 | 1 Churchcrm | 1 Churchcrm | 2023-08-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | |||||
| CVE-2023-38045 | 1 Admiror-design-studio | 1 Admiror Gallery | 2023-08-09 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements. | |||||
| CVE-2023-38044 | 1 Hikashop | 1 Hikashop | 2023-08-09 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | |||||
| CVE-2023-20811 | 3 Google, Linux, Mediatek | 54 Android, Linux Kernel, Mt5221 and 51 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. | |||||
| CVE-2023-20810 | 3 Google, Linux, Mediatek | 54 Android, Linux Kernel, Mt5221 and 51 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. | |||||
| CVE-2023-20809 | 2 Google, Mediatek | 53 Android, Mt5583, Mt5691 and 50 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198. | |||||
| CVE-2023-20815 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6739 and 22 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453587; Issue ID: ALPS07453587. | |||||
| CVE-2023-20813 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6739 and 22 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453549; Issue ID: ALPS07453549. | |||||
| CVE-2023-20812 | 2 Google, Mediatek | 28 Android, Iot Yocto, Mt6761 and 25 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987. | |||||
| CVE-2023-20803 | 3 Google, Linuxfoundation, Mediatek | 10 Android, Yocto, Mt2713 and 7 more | 2023-08-09 | N/A | 6.5 MEDIUM |
| In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374. | |||||
| CVE-2023-20818 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6739 and 22 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540. | |||||
| CVE-2023-20817 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6739 and 22 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453600; Issue ID: ALPS07453600. | |||||
| CVE-2023-20816 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6739 and 22 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453589; Issue ID: ALPS07453589. | |||||
| CVE-2023-20814 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6739 and 22 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453560; Issue ID: ALPS07453560. | |||||
| CVE-2023-34038 | 1 Vmware | 1 Horizon Client | 2023-08-09 | N/A | 5.3 MEDIUM |
| VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. | |||||
| CVE-2023-20806 | 2 Google, Mediatek | 9 Android, Mt2713, Mt6879 and 6 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437. | |||||
| CVE-2023-36480 | 1 Aerospike | 1 Aerospike Java Client | 2023-08-09 | N/A | 9.8 CRITICAL |
| The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue. | |||||