Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41637 1 Grupposcai 1 Realgimm 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVE-2023-41636 1 Grupposcai 1 Realgimm 2024-11-21 9.8 Critical
A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.
CVE-2023-41635 1 Grupposcai 1 Realgimm 2024-11-21 6.5 Medium
A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.
CVE-2023-41631 1 Esst 1 Esst Monitoring 2024-11-21 8.8 High
eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function.
CVE-2023-41630 1 Esst 1 Esst Monitoring 2024-11-21 9.8 Critical
eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component.
CVE-2023-41629 1 Esst 1 Esst Monitoring 2024-11-21 7.5 High
A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal.
CVE-2023-41628 1 O-ran-sc 1 E2 2024-11-21 7.5 High
An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components.
CVE-2023-41627 1 O-ran-sc 1 Ric Message Router 2024-11-21 7.5 High
O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device.
CVE-2023-41626 1 Gradio Project 1 Gradio 2024-11-21 4.8 Medium
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.
CVE-2023-41623 1 Emlog 1 Emlog 2024-11-21 7.2 High
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
CVE-2023-41616 1 Student Management System Project 1 Student Management System 2024-11-21 4.8 Medium
A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload.
CVE-2023-41615 1 Phpgurukul 1 Zoo Management System 2024-11-21 9.8 Critical
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.
CVE-2023-41614 1 Phpgurukul 1 Zoo Management System 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.
CVE-2023-41613 2 Ezviz, Microsoft 2 Ezviz Studio, Windows 2024-11-21 7.8 High
EzViz Studio v2.2.0 is vulnerable to DLL hijacking.
CVE-2023-41609 1 Couchcms 1 Couchcms 2024-11-21 6.1 Medium
An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
CVE-2023-41601 1 Cszcms 1 Csz Cms 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.
CVE-2023-41599 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 5.3 Medium
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.
CVE-2023-41597 1 Eyoucms 1 Eyoucms 2024-11-21 6.1 Medium
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.
CVE-2023-41595 1 Vaxilu 1 X-ui 2024-11-21 7.5 High
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
CVE-2023-41594 1 Phpgurukul 1 Dairy Farm Shop Management System 2024-11-21 7.5 High
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.