Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52083 | 1 Wintercms | 1 Winter | 2024-01-05 | N/A | 4.8 MEDIUM |
| Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4. | |||||
| CVE-2023-50448 | 1 Activeadmin | 1 Activeadmin | 2024-01-04 | N/A | 6.5 MEDIUM |
| In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | |||||
| CVE-2023-7132 | 1 Carmelogarcia | 1 Intern Membership Management System | 2024-01-04 | N/A | 5.4 MEDIUM |
| A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument userName/firstName/lastName/userEmail with the input "><ScRiPt>confirm(document.domain)</ScRiPt>h0la leads to cross site scripting. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249135. | |||||
| CVE-2023-23441 | 1 Hihonor | 1 Magic Ui | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-7131 | 1 Carmelogarcia | 1 Intern Membership Management System | 2024-01-04 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-23442 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-23443 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-04 | N/A | 5.3 MEDIUM |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | |||||
| CVE-2023-51426 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51427 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51428 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51429 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-52174 | 1 Xnview | 1 Xnview Classic | 2024-01-04 | N/A | 9.8 CRITICAL |
| XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. | |||||
| CVE-2023-52173 | 1 Xnview | 1 Xnview Classic | 2024-01-04 | N/A | 9.8 CRITICAL |
| XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. | |||||
| CVE-2023-23424 | 1 Hihonor | 2 Nth-an00, Nth-an00 Firmware | 2024-01-04 | N/A | 9.8 CRITICAL |
| Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution | |||||
| CVE-2023-23427 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23426 | 1 Hihonor | 2 Fri-an00, Fri-an00 Firmware | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. | |||||
| CVE-2023-23429 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23428 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23430 | 1 Hihonor | 1 Magichome | 2024-01-04 | N/A | 7.5 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-23437 | 1 Hihonor | 1 Vmall | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | |||||
| CVE-2023-23438 | 1 Hihonor | 2 Lge-an00, Lge-an00 Firmware | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions | |||||
| CVE-2023-23439 | 1 Hihonor | 2 Lge-an00, Lge-an00 Firmware | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2023-23440 | 1 Hihonor | 2 Lge-an00, Lge-an00 Firmware | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2023-52077 | 1 Nexryai | 1 Nexkey | 2024-01-04 | N/A | 9.8 CRITICAL |
| Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5. | |||||
| CVE-2023-23432 | 1 Hihonor | 2 Nth-an00, Nth-an00 Firmware | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | |||||
| CVE-2023-23431 | 1 Hihonor | 2 Nth-an00, Nth-an00 Firmware | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | |||||
| CVE-2023-23433 | 1 Hihonor | 2 Nth-an00, Nth-an00 Firmware | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | |||||
| CVE-2023-23434 | 1 Hihonor | 1 Honorboardapp | 2024-01-04 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | |||||
| CVE-2023-23436 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file | |||||
| CVE-2023-23435 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file | |||||
| CVE-2022-22995 | 3 Fedoraproject, Netatalk, Westerndigital | 24 Fedora, Netatalk, My Cloud and 21 more | 2024-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | |||||
| CVE-2023-31292 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | |||||
| CVE-2023-31298 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-04 | N/A | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. | |||||
| CVE-2023-7145 | 1 Masterlab | 1 Masterlab | 2024-01-04 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148. | |||||
| CVE-2023-31301 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-04 | N/A | 6.1 MEDIUM |
| Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. | |||||
| CVE-2023-7146 | 1 Masterlab | 1 Masterlab | 2024-01-04 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. | |||||
| CVE-2023-7133 | 1 Ruoyi | 1 Ruoyi | 2024-01-04 | N/A | 6.1 MEDIUM |
| A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0m<script>alert(1)</script>p86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136. | |||||
| CVE-2023-50842 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1. | |||||
| CVE-2023-50841 | 1 Reputeinfosystems | 1 Bookingpress | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.72. | |||||
| CVE-2023-50840 | 1 Oplugins | 1 Booking Manager | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through 2.1.5. | |||||
| CVE-2023-50844 | 1 Jamesward | 1 Wp Mail Catcher | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3. | |||||
| CVE-2023-50843 | 1 Mediaburst | 1 Clockwork Sms Notfications | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a through 3.0.4. | |||||
| CVE-2023-50845 | 1 Ayecode | 1 Geodirectory | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28. | |||||
| CVE-2023-50847 | 1 Collne | 1 Welcart E-commerce | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3. | |||||
| CVE-2023-50846 | 1 Metagauss | 1 Registrationmagic | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. | |||||
| CVE-2023-50839 | 1 Wiselyhub | 1 Js Help Desk | 2024-01-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1. | |||||
| CVE-2023-50838 | 1 Basixonline | 1 Nex-forms | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5. | |||||
| CVE-2022-36399 | 1 Boxystudio | 1 Booked | 2024-01-04 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. | |||||
| CVE-2023-49229 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-01-04 | N/A | 4.3 MEDIUM |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration. | |||||