Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-5375 1 Mosparo 1 Mosparo 2024-11-21 6.1 Medium
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
CVE-2023-5374 1 Oretnom23 1 Online Computer And Laptop Store 2024-11-21 6.3 Medium
A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241255.
CVE-2023-5373 1 Oretnom23 1 Online Computer And Laptop Store 2024-11-21 7.3 High
A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability.
CVE-2023-5372 1 Zyxel 4 Nas326, Nas326 Firmware, Nas542 and 1 more 2024-11-21 7.2 High
The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.
CVE-2023-5368 1 Freebsd 1 Freebsd 2024-11-21 6.5 Medium
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
CVE-2023-5365 1 Hp 1 Life 2024-11-21 9.8 Critical
HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.
CVE-2023-5358 1 Devolutions 1 Devolutions Server 2024-11-21 5.3 Medium
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.
CVE-2023-5353 1 Salesagility 1 Suitecrm 2024-11-21 6.5 Medium
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5351 1 Salesagility 1 Suitecrm 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5350 1 Salesagility 1 Suitecrm 2024-11-21 9.1 Critical
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5348 1 Multivendorx 1 Product Catalog Mode For Woocommerce 2024-11-21 6.1 Medium
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
CVE-2023-5343 1 Ays-pro 1 Popup Box 2024-11-21 4.8 Medium
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2023-5339 1 Mattermost 1 Mattermost Desktop 2024-11-21 4.7 Medium
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 
CVE-2023-5333 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
CVE-2023-5332 2 Gitlab, Hashicorp 2 Gitlab, Consul 2024-11-21 5.9 Medium
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
CVE-2023-5331 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
CVE-2023-5330 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
CVE-2023-5329 1 F-logic 2 Datacube4, Datacube4 Firmware 2024-11-21 4.3 Medium
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability.
CVE-2023-5328 1 Sato 2 Cl4nx-j Plus, Cl4nx-j Plus Firmware 2024-11-21 6.3 Medium
A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability.
CVE-2023-5327 1 Sato 2 Cl4nx-j Plus, Cl4nx-j Plus Firmware 2024-11-21 3.5 Low
A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241028.