Search Results (363163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4438 1 Inventory Management System Project 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237559.
CVE-2023-4437 1 Inventory Management System Project 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237558 is the identifier assigned to this vulnerability.
CVE-2023-4436 1 Inventory Management System Project 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237557 was assigned to this vulnerability.
CVE-2023-4435 1 Hamza417 1 Inure 2024-11-21 5.5 Medium
Improper Input Validation in GitHub repository hamza417/inure prior to build88.
CVE-2023-4434 1 Hamza417 1 Inure 2024-11-21 6.1 Medium
Missing Authorization in GitHub repository hamza417/inure prior to build88.
CVE-2023-4433 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-4432 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-4424 1 Zephyrproject 1 Zephyr 2024-11-21 8.3 High
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
CVE-2023-4422 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVE-2023-4417 2 Devolutions, Microsoft 2 Remote Desktop Manager, Windows 2024-11-21 6.5 Medium
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
CVE-2023-4415 1 Ruijienetworks 2 Rg-ew1200g, Rg-ew1200g Firmware 2024-11-21 7.3 High
A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4412 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-11-21 6.3 Medium
A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4411 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-11-21 6.3 Medium
A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4409 1 Happysoft 1 Nbs\&happysoftwechat 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512.
CVE-2023-4407 1 Credit Lite Project 1 Credit Lite 2024-11-21 6.3 Medium
A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.
CVE-2023-4401 1 Dell 1 Smartfabric Storage Software 2024-11-21 7.8 High
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.
CVE-2023-4400 1 Skyhighsecurity 1 Secure Web Gateway 2024-11-21 6.2 Medium
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.
CVE-2023-4398 1 Zyxel 25 Atp100, Atp100w, Atp200 and 22 more 2024-11-21 7.5 High
An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.
CVE-2023-4397 1 Zyxel 16 Atp100, Atp100w, Atp200 and 13 more 2024-11-21 4.4 Medium
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.
CVE-2023-4395 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.