Search Results (120923 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27842 1 Extplorer 1 Extplorer 2025-02-26 8.8 High
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
CVE-2023-1466 1 Oretnom23 1 Student Study Center Desk Management System 2025-02-26 6.3 Medium
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(SLEEP(5)))FWlC) AND 'butz'='butz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223325 was assigned to this vulnerability.
CVE-2023-1495 1 Ruifang-tech 1 Rebuild 2025-02-26 6.3 Medium
A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability.
CVE-2023-1482 1 Hkcms Project 1 Hkcms 2025-02-26 4.7 Medium
A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability.
CVE-2023-28725 1 Generalbytes 1 Crypto Application Server 2025-02-26 9.1 Critical
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.
CVE-2023-27789 1 Broadcom 1 Tcpreplay 2025-02-26 7.5 High
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.
CVE-2023-27788 1 Broadcom 1 Tcpreplay 2025-02-26 7.5 High
An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.
CVE-2023-27787 1 Broadcom 1 Tcpreplay 2025-02-26 7.5 High
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.
CVE-2023-27786 1 Broadcom 1 Tcpreplay 2025-02-26 7.5 High
An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.
CVE-2023-1168 1 Hpe 20 Aruba Cx 10000-48y6, Aruba Cx 6200f 48g, Aruba Cx 6200m 24g and 17 more 2025-02-26 7.2 High
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.
CVE-2020-19947 1 Markdown Edit Project 1 Markdown Edit 2025-02-26 9.6 Critical
Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage.
CVE-2023-1481 1 Monitoring Of Students Cyber Accounts System Project 1 Monitoring Of Students Cyber Accounts System 2025-02-26 3.5 Low
A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The manipulation of the argument id with the input "><script>alert(111)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223364.
CVE-2023-27874 2 Ibm, Linux 2 Aspera Faspex, Linux Kernel 2025-02-26 9.9 Critical
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.
CVE-2023-27873 2 Ibm, Linux 2 Aspera Faspex, Linux Kernel 2025-02-26 6.5 Medium
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.
CVE-2023-25688 1 Ibm 1 Security Key Lifecycle Manager 2025-02-26 4.3 Medium
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606.
CVE-2023-24760 1 Ofcms Project 1 Ofcms 2025-02-26 8.8 High
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.
CVE-2023-25684 1 Ibm 1 Security Key Lifecycle Manager 2025-02-26 6.5 Medium
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597.
CVE-2018-25082 1 Wechat Sdk Python Project 1 Wechat Sdk Python 2025-02-26 6.3 Medium
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.
CVE-2023-26767 2 Liblouis, Redhat 2 Liblouis, Enterprise Linux 2025-02-26 7.5 High
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint.
CVE-2023-26769 2 Liblouis, Redhat 2 Liblouis, Enterprise Linux 2025-02-26 7.5 High
Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.