Search Results (362462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-44008 1 Mojoportal 1 Mojoportal 2024-11-21 9.8 Critical
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.
CVE-2023-43998 1 Linecorp 1 Line 2024-11-21 5.4 Medium
An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43993 1 Linecorp 1 Line 2024-11-21 5.4 Medium
An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43986 1 Dmconcept 1 Configurator 2024-11-21 9.8 Critical
DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.
CVE-2023-43984 1 Advanced Export Products Orders Cron Csv Excel Project 1 Advanced Export Products Orders Cron Csv Excel 2024-11-21 7.5 High
Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table.
CVE-2023-43983 1 Presto-changeo 1 Attribute Grid 2024-11-21 9.8 Critical
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
CVE-2023-43982 1 Bontheme 1 Socialfeed - Photos \& Video Using Instagram Api 2024-11-21 9.8 Critical
Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call.
CVE-2023-43981 1 Presto-changeo 1 Test Site Creator 2024-11-21 9.8 Critical
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.
CVE-2023-43980 1 Presto-changeo 1 Testsitecreator 2024-11-21 9.8 Critical
Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
CVE-2023-43979 1 Prestahero 1 Ybc Blog 2024-11-21 9.8 Critical
ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().
CVE-2023-43976 1 Catonetworks 1 Cato Client 2024-11-21 8.1 High
An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.
CVE-2023-43961 1 Dromara 1 Sa-token 2024-11-21 8.8 High
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVE-2023-43960 2 D-link, Dlink 3 Dph-400se Fru, Dph-400se, Dph-400se Firmware 2024-11-21 8.8 High
An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.
CVE-2023-43959 1 Yealink 2 Sip-t19p-e2, Sip-t19p-e2 Firmware 2024-11-21 8.8 High
An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.
CVE-2023-43955 1 Fedirtsapana 1 Tv Bro 2024-11-21 9.8 Critical
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
CVE-2023-43952 1 Sscms Project 1 Sscms 2024-11-21 5.4 Medium
SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.
CVE-2023-43951 1 Sscms Project 1 Sscms 2024-11-21 5.4 Medium
SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.
CVE-2023-43909 2 Hospital Management System, Hospital Management System Project 2 Hospital Management System, Hospital Management System 2024-11-21 9.1 Critical
Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-43907 1 Optipng Project 1 Optipng 2024-11-21 7.8 High
OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.
CVE-2023-43906 1 Onworks 1 Xolo Cms 2024-11-21 6.1 Medium
Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.