Total 262198 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2055 1 Advanced Online Voting System Project 1 Advanced Online Voting System 2024-08-02 3.5 Low
A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/config_save.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225940.
CVE-2023-2054 1 Advanced Online Voting System Project 1 Advanced Online Voting System 2024-08-02 6.3 Medium
A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939.
CVE-2023-2065 1 Armoli 1 Cargo Tracking System 2024-08-02 8.8 High
Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 .
CVE-2023-2038 1 Campcodes Video Sharing Website Project 1 Campcodes Video Sharing Website 2024-08-02 6.3 Medium
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin_class.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225916.
CVE-2023-2042 1 Datagear 1 Datagear 2024-08-02 6.3 Medium
A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-2049 1 Campcodes Advanced Online Voting System Project 1 Campcodes Advanced Online Voting System 2024-08-02 6.3 Medium
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ballot_up.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225934 is the identifier assigned to this vulnerability.
CVE-2023-2034 1 Froxlor 1 Froxlor 2024-08-02 8.8 High
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
CVE-2023-2063 1 Mitsubishielectric 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more 2024-08-02 6.3 Medium
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.
CVE-2023-2050 1 Advanced Online Voting System Project 1 Advanced Online Voting System 2024-08-02 6.3 Medium
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225935.
CVE-2023-2033 4 Couchbase, Debian, Fedoraproject and 1 more 4 Couchbase Server, Debian Linux, Fedora and 1 more 2024-08-02 8.8 High
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-2031 1 Plainware 1 Locatoraid 2024-08-02 5.4 Medium
The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-2026 1 Image Protector Project 1 Image Protector 2024-08-02 4.8 Medium
The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2023-2032 1 Kunalnagar 1 Custom 404 Pro 2024-08-02 9.8 Critical
The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.
CVE-2023-2024 1 Johnsoncontrols 1 Openblue Enterprise Manager Data Collector 2024-08-02 10 Critical
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
CVE-2023-2014 1 Microweber 1 Microweber 2024-08-02 4.8 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.
CVE-2023-2029 1 Enzipe 1 Prepost Seo 2024-08-02 4.8 Medium
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-2028 1 Stpetedesign 1 Call Now Accessibility Button 2024-08-02 4.8 Medium
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2023-2019 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-08-02 4.4 Medium
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.
CVE-2023-2023 1 Kunalnagar 1 Custom 404 Pro 2024-08-02 6.1 Medium
The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
CVE-2023-2020 1 Checkmk 1 Checkmk 2024-08-02 4.3 Medium
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.