Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50178 1 Fortinet 1 Fortiadc 2024-11-21 7.2 High
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.
CVE-2023-50165 1 Pega 1 Platform 2024-11-21 8.5 High
Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.
CVE-2023-50147 1 Totolink 2 A3700r, A3700r Firmware 2024-11-21 9.8 Critical
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.
CVE-2023-50137 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
CVE-2023-50124 1 Flient 2 Smart Lock Advanced, Smart Lock Advanced Firmware 2024-11-21 6.8 Medium
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.
CVE-2023-50110 1 Testlink 1 Testlink 2024-11-21 7.5 High
TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.
CVE-2023-50104 1 Zzcms 1 Zzcms 2024-11-21 9.8 Critical
ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.
CVE-2023-50102 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-50100 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.4 Medium
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
CVE-2023-50096 1 St 1 X-cube-safea1 2024-11-21 7.5 High
STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.
CVE-2023-50073 1 Leadscloud 1 Empirecms 2024-11-21 9.8 Critical
EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.
CVE-2023-50071 1 Customer Support System Project 1 Customer Support System 2024-11-21 8.8 High
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
CVE-2023-50070 1 Oretnom23 1 Customer Support System 2024-11-21 8.8 High
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.
CVE-2023-50069 1 Wiremock 1 Wiremock 2024-11-21 6.1 Medium
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.
CVE-2023-50061 1 Store-opart 1 Op\'art Easy Redirect 2024-11-21 9.8 Critical
PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher().
CVE-2023-50044 1 Cesanta 1 Mjs 2024-11-21 9.8 Critical
Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
CVE-2023-50035 1 Small Crm Project 1 Small Crm 2024-11-21 9.8 Critical
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.
CVE-2023-50017 1 Iteachyou 1 Dreamer Cms 2024-11-21 8.8 High
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup
CVE-2023-50011 1 Popojicms 1 Popojicms 2024-11-21 7.2 High
PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.
CVE-2023-50002 1 Tenda 2 W30e, W30e Firmware 2024-11-21 9.8 Critical
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.