Search Results (120926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4562 1 Mitsubishielectric 380 Fx3g-14 Mr\/ds, Fx3g-14 Mr\/ds Firmware, Fx3g-14 Mr\/es and 377 more 2025-02-27 9.1 Critical
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.
CVE-2023-4089 1 Wago 14 Compact Controller 100, Compact Controller 100 Firmware, Edge Controller and 11 more 2025-02-27 2.7 Low
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected.
CVE-2023-2622 1 Hitachienergy 1 Modular Advanced Control For Hvdc 2025-02-27 2.7 Low
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
CVE-2023-5916 1 Dashy 1 Dashy 2025-02-27 4.3 Medium
A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.
CVE-2023-5917 1 Phpbb 1 Phpbb 2025-02-27 2.4 Low
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.
CVE-2023-5918 1 Visitor Management System Project 1 Visitor Management System 2025-02-27 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308.
CVE-2023-5930 1 Simple Student Information System Project 1 Simple Student Information System 2025-02-27 3.5 Low
A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-244330 is the identifier assigned to this vulnerability.
CVE-2023-4625 1 Mitsubishielectric 126 Fx5s-30mr\/es, Fx5s-30mr\/es Firmware, Fx5s-30mt\/es and 123 more 2025-02-27 5.3 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.
CVE-2023-47610 1 Telit 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more 2025-02-27 8.1 High
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.
CVE-2023-6075 1 Phpgurukul 1 Restaurant Table Booking System 2025-02-27 3.5 Low
A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944.
CVE-2023-6076 1 Phpgurukul 1 Restaurant Table Booking System 2025-02-27 5.3 Medium
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability.
CVE-2024-3221 2025-02-27 6.3 Medium
A vulnerability classified as critical was found in SourceCodester PHP Task Management System 1.0. This vulnerability affects unknown code of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259066 is the identifier assigned to this vulnerability.
CVE-2024-3256 1 Chatikobo 1 Internship Portal Management System 2025-02-27 6.3 Medium
A vulnerability has been found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit_activity.php. The manipulation of the argument activity_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259105 was assigned to this vulnerability.
CVE-2024-3347 2 Sanchitkmr, Sourcecodester 2 Airline Ticket Reservation System, Airline Ticket Reservation System 2025-02-27 7.3 High
A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activate_jet_details_form_handler.php. The manipulation of the argument jet_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259451.
CVE-2023-1357 1 Simple Bakery Shop Management System Project 1 Simple Bakery Shop Management System 2025-02-27 7.3 High
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860.
CVE-2023-1359 1 Gadget Works Online Ordering System Project 1 Gadget Works Online Ordering System 2025-02-27 2.4 Low
A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability.
CVE-2023-1360 1 Employee Payslip Generator System Project 1 Employee Payslip Generator System 2025-02-27 4.7 Medium
A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863.
CVE-2023-1368 1 Xhcms Project 1 Xhcms 2025-02-27 7.3 High
A vulnerability was found in XHCMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. The manipulation of the argument user leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222874 is the identifier assigned to this vulnerability.
CVE-2023-27310 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 6.6 Medium
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.
CVE-2023-27463 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 8.8 High
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.