Search Results (364488 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33277 1 Gira 2 Knx Ip Router, Knx Ip Router Firmware 2024-11-27 7.5 High
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.
CVE-2023-34734 1 Secnet 1 Annet Ac Centralized Management Platform 2024-11-27 4.8 Medium
Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) .
CVE-2023-34735 1 Property Cloud Platform Management Center Project 1 Property Cloud Platform Management Center 2024-11-27 9.8 Critical
Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection.
CVE-2023-36143 1 Maxprintisp 2 Maxlink 1200g, Maxlink 1200g Firmware 2024-11-27 8.8 High
Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.
CVE-2023-36144 1 Intelbras 2 Sg 2404 Mr, Sg 2404 Mr Firmware 2024-11-27 7.5 High
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
CVE-2023-50924 1 Engelsystem 1 Engelsystem 2024-11-27 7.3 High
Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1.
CVE-2023-36146 1 Multilaser 2 Re170, Re170 Firmware 2024-11-27 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.
CVE-2023-51700 1 Jamieblomerus 1 Unofficial Mobile Bankid Integration 2024-11-27 6.4 Medium
Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts.
CVE-2023-52082 1 Lycheeorg 1 Lychee 2024-11-27 8.8 High
Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging.
CVE-2023-36347 1 Codekop 1 Codekop 2024-11-27 7.5 High
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.
CVE-2023-37298 1 Joplin Project 1 Joplin 2024-11-27 6.1 Medium
Joplin before 2.11.5 allows XSS via a USE element in an SVG document.
CVE-2023-37299 1 Joplin Project 1 Joplin 2024-11-27 6.1 Medium
Joplin before 2.11.5 allows XSS via an AREA element of an image map.
CVE-2023-23432 1 Hihonor 2 Nth-an00, Nth-an00 Firmware 2024-11-27 7.3 High
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
CVE-2023-23424 1 Hihonor 2 Nth-an00, Nth-an00 Firmware 2024-11-27 6.5 Medium
Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution
CVE-2023-51430 1 Hihonor 1 Magic Ui 2024-11-27 4.4 Medium
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
CVE-2023-1695 1 Huawei 2 Emui, Harmonyos 2024-11-27 7.5 High
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-50297 1 Alfasado 1 Powercms 2024-11-27 6.1 Medium
Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
CVE-2023-49119 1 Weseek 1 Growi 2024-11-27 5.4 Medium
Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVE-2023-22796 2 Activesupport Project, Redhat 3 Activesupport, Logging, Satellite 2024-11-27 7.5 High
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
CVE-2023-34761 1 7-eleven 2 Hello Cup, Led Message Cup 2024-11-27 6.5 Medium
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.