Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36133 1 Phpjabbers 1 Availability Booking Calendar 2024-11-21 9.8 Critical
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.
CVE-2023-36132 1 Phpjabbers 1 Availability Booking Calendar 2024-11-21 9.8 Critical
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.
CVE-2023-36131 1 Phpjabbers 1 Availability Booking Calendar 2024-11-21 9.8 Critical
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.
CVE-2023-36127 1 Phpjabbers 1 Appointment Scheduler 2024-11-21 7.5 High
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-36126 1 Phpjabbers 1 Appointment Scheduler 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0
CVE-2023-36123 1 Plain Craft Launcher 2 Project 1 Plain Craft Launcher 2 2024-11-21 7.8 High
Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.
CVE-2023-36121 1 E107 1 E107 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
CVE-2023-36109 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.
CVE-2023-36106 1 Powerjob 1 Powerjob 2024-11-21 7.5 High
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
CVE-2023-36100 1 Macwk 1 Icecms 2024-11-21 9.8 Critical
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser.
CVE-2023-36095 1 Langchain 1 Langchain 2024-11-21 9.8 Critical
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
CVE-2023-36092 1 Dlink 2 Dir-859, Dir-859 Firmware 2024-11-21 9.8 Critical
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-36091 2 D-link, Dlink 3 Dir-895, Dir-895l, Dir-895l Firmware 2024-11-21 9.8 Critical
Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-36090 1 Dlink 2 Dir-885l, Dir-885l Firmware 2024-11-21 9.8 Critical
Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-36089 2 D-link, Dlink 3 Dir-645 Firmware, Dir-645, Dir-645 Firmware 2024-11-21 9.8 Critical
Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-36088 1 Vesoft 1 Nebulagraph Studio 2024-11-21 7.5 High
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.
CVE-2023-36085 1 Sisqualwfm 1 Sisqualwfm 2024-11-21 6.1 Medium
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.
CVE-2023-36082 1 Gatesair 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware 2024-11-21 9.8 Critical
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.
CVE-2023-36081 1 Gatesair 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.
CVE-2023-36076 1 Pocketmanga 1 Smanga 2024-11-21 9.8 Critical
SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php.