Search Results (366571 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-47710 1 Ibm 1 Security Guardium 2025-01-08 5.4 Medium
IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525.
CVE-2024-45345 2025-01-08 N/A
reserved but not needed
CVE-2024-45344 2025-01-08 N/A
reserved but not needed
CVE-2024-45343 2025-01-08 N/A
reserved but not needed
CVE-2024-45342 2025-01-08 N/A
reserved but not needed
CVE-2023-34408 1 Dokuwiki 1 Dokuwiki 2025-01-08 5.4 Medium
DokuWiki before 2023-04-04a allows XSS via RSS titles.
CVE-2023-33763 1 Simpleredak 1 Simpleredak 2025-01-08 6.1 Medium
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php.
CVE-2023-33762 1 Simpleredak 1 Simpleredak 2025-01-08 9.8 Critical
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter.
CVE-2023-33761 1 Simpleredak 1 Simpleredak 2025-01-08 6.1 Medium
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php.
CVE-2023-33731 1 Escanav 1 Escan Management Console 2025-01-08 6.1 Medium
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
CVE-2023-33408 1 Minical 1 Minical 2025-01-08 5.4 Medium
Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.
CVE-2023-33386 1 Marsctf Project 1 Marsctf 2025-01-08 9.8 Critical
MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background.
CVE-2020-19028 1 Emlog 1 Emlog 2025-01-08 7.5 High
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.
CVE-2023-28702 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2025-01-08 8.8 High
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
CVE-2023-28703 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2025-01-08 7.2 High
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.
CVE-2023-28704 1 Furbo 2 Dog Camera, Dog Camera Firmware 2025-01-08 8.8 High
Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.
CVE-2024-31895 1 Ibm 1 App Connect Enterprise 2025-01-08 4.3 Medium
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
CVE-2023-28705 1 Openfind 1 Mail2000 2025-01-08 5.4 Medium
Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
CVE-2023-30603 1 Hitrontech 2 Coda-5310, Coda-5310 Firmware 2025-01-08 9.8 Critical
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.
CVE-2024-31894 1 Ibm 1 App Connect Enterprise 2025-01-08 4.3 Medium
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.