Search Results (365171 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34408 1 Dokuwiki 1 Dokuwiki 2025-01-08 5.4 Medium
DokuWiki before 2023-04-04a allows XSS via RSS titles.
CVE-2023-33763 1 Simpleredak 1 Simpleredak 2025-01-08 6.1 Medium
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php.
CVE-2023-33762 1 Simpleredak 1 Simpleredak 2025-01-08 9.8 Critical
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter.
CVE-2023-33761 1 Simpleredak 1 Simpleredak 2025-01-08 6.1 Medium
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php.
CVE-2023-33731 1 Escanav 1 Escan Management Console 2025-01-08 6.1 Medium
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
CVE-2023-33408 1 Minical 1 Minical 2025-01-08 5.4 Medium
Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.
CVE-2023-33386 1 Marsctf Project 1 Marsctf 2025-01-08 9.8 Critical
MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background.
CVE-2020-19028 1 Emlog 1 Emlog 2025-01-08 7.5 High
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.
CVE-2023-28702 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2025-01-08 8.8 High
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
CVE-2023-28703 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2025-01-08 7.2 High
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.
CVE-2023-28704 1 Furbo 2 Dog Camera, Dog Camera Firmware 2025-01-08 8.8 High
Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.
CVE-2024-31895 1 Ibm 1 App Connect Enterprise 2025-01-08 4.3 Medium
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
CVE-2023-28705 1 Openfind 1 Mail2000 2025-01-08 5.4 Medium
Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
CVE-2023-30603 1 Hitrontech 2 Coda-5310, Coda-5310 Firmware 2025-01-08 9.8 Critical
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.
CVE-2024-31894 1 Ibm 1 App Connect Enterprise 2025-01-08 4.3 Medium
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
CVE-2023-3086 1 Teampass 1 Teampass 2025-01-08 9.0 Critical
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2023-3095 1 Teampass 1 Teampass 2025-01-08 6.5 Medium
Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
CVE-2024-4563 1 Progress 1 Moveit Automation 2025-01-08 6.1 Medium
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length.
CVE-2023-22862 1 Ibm 2 Aspera Cargo, Aspera Connect 2025-01-08 5.9 Medium
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVE-2023-27285 1 Ibm 2 Aspera Cargo, Aspera Connect 2025-01-08 8.4 High
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625.