Search Results (362534 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-44758 1 Gdidees 1 Gdidees Cms 2024-11-21 5.4 Medium
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.
CVE-2023-44709 1 Sammycage 1 Plutosvg 2024-11-21 9.8 Critical
PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.
CVE-2023-44694 2 D-link, Dlink 3 Dar-7000, Dar-7000, Dar-7000 Firmware 2024-11-21 9.8 Critical
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php.
CVE-2023-44693 1 Dlink 2 Dar-7000, Dar-7000 Firmware 2024-11-21 9.8 Critical
D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.
CVE-2023-44690 1 Dbcli 1 Mycli 2024-11-21 7.5 High
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py
CVE-2023-44689 1 E-gov 1 E-gov 2024-11-21 4.3 Medium
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.
CVE-2023-44488 4 Debian, Fedoraproject, Redhat and 1 more 8 Debian Linux, Fedora, Enterprise Linux and 5 more 2024-11-21 7.5 High
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-44484 1 Projectworlds 1 Online Blood Donation Management System 2024-11-21 6.1 Medium
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
CVE-2023-44481 1 Projectworlds 1 Leave Management System 2024-11-21 8.8 High
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44480 1 Projectworlds 1 Leave Management System 2024-11-21 8.8 High
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44477 1 Boxystudio 1 Cooked 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions.
CVE-2023-44476 1 Wp-copyrightpro 1 Wp-copyrightpro 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.
CVE-2023-44474 1 Md Jakir Hosen 1 Tiger Forms - Drag And Drop Form Builder 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions.
CVE-2023-44473 1 Dublue 1 Table Of Contents Plus 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.
CVE-2023-44471 1 Kau-boys 1 Backend Localization 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions.
CVE-2023-44470 1 Kvvaradha 1 Kv Tinymce Editor Add Fonts 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions.
CVE-2023-44469 1 Lemonldap-ng 1 Lemonldap\ 2024-11-21 4.3 Medium
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
CVE-2023-44467 1 Langchain 1 Langchain Experimental 2024-11-21 9.8 Critical
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
CVE-2023-44464 1 Rami 1 Pretix 2024-11-21 7.8 High
pretix before 2023.7.2 allows Pillow to parse EPS files.
CVE-2023-44463 1 Rami 1 Pretix 2024-11-21 5.3 Medium
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.