Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4442 1 Free Hospital Management System For Small Practices Project 1 Free Hospital Management System For Small Practices 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been rated as critical. This issue affects some unknown processing of the file \vm\patient\booking-complete.php. The manipulation of the argument userid/apponum/scheduleid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237563.
CVE-2023-4441 1 Free Hospital Management System For Small Practices Project 1 Free Hospital Management System For Small Practices 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /patient/appointment.php. The manipulation of the argument sheduledate leads to sql injection. The attack can be initiated remotely. VDB-237562 is the identifier assigned to this vulnerability.
CVE-2023-4440 1 Free Hospital Management System For Small Practices Project 1 Free Hospital Management System For Small Practices 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been classified as critical. This affects an unknown part of the file appointment.php. The manipulation of the argument sheduledate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237561 was assigned to this vulnerability.
CVE-2023-4439 1 Card Holder Management System Project 1 Card Holder Management System 2024-11-21 4.3 Medium
A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560.
CVE-2023-4438 1 Inventory Management System Project 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237559.
CVE-2023-4437 1 Inventory Management System Project 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237558 is the identifier assigned to this vulnerability.
CVE-2023-4436 1 Inventory Management System Project 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237557 was assigned to this vulnerability.
CVE-2023-4435 1 Hamza417 1 Inure 2024-11-21 5.5 Medium
Improper Input Validation in GitHub repository hamza417/inure prior to build88.
CVE-2023-4434 1 Hamza417 1 Inure 2024-11-21 6.1 Medium
Missing Authorization in GitHub repository hamza417/inure prior to build88.
CVE-2023-4433 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-4432 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.
CVE-2023-4424 1 Zephyrproject 1 Zephyr 2024-11-21 8.3 High
An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device.
CVE-2023-4422 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVE-2023-4417 2 Devolutions, Microsoft 2 Remote Desktop Manager, Windows 2024-11-21 6.5 Medium
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
CVE-2023-4415 1 Ruijienetworks 2 Rg-ew1200g, Rg-ew1200g Firmware 2024-11-21 7.3 High
A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4412 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-11-21 6.3 Medium
A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4411 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-11-21 6.3 Medium
A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4409 1 Happysoft 1 Nbs\&happysoftwechat 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512.
CVE-2023-4407 1 Credit Lite Project 1 Credit Lite 2024-11-21 6.3 Medium
A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.
CVE-2023-4401 1 Dell 1 Smartfabric Storage Software 2024-11-21 7.8 High
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.