Search Results (364251 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-38999 1 Opnsense 1 Opnsense 2024-11-21 6.5 Medium
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2023-38998 1 Opnsense 1 Opnsense 2024-11-21 6.1 Medium
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
CVE-2023-38997 1 Opnsense 1 Opnsense 2024-11-21 7.2 High
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.
CVE-2023-38996 1 Douran 1 Dsgate 2024-11-21 6.7 Medium
An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.
CVE-2023-38992 1 Jeecg 1 Jeecg Boot 2024-11-21 9.8 Critical
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.
CVE-2023-38991 1 Jeesite 1 Jeesite 2024-11-21 5.4 Medium
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.
CVE-2023-38990 1 Jeesite 1 Jeesite 2024-11-21 4.3 Medium
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.
CVE-2023-38989 1 Jeesite 1 Jeesite 2024-11-21 4.3 Medium
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.
CVE-2023-38988 1 Jeesite 1 Jeesite 2024-11-21 4.3 Medium
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.
CVE-2023-38976 1 Weaviate 1 Weaviate 2024-11-21 7.5 High
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.
CVE-2023-38975 1 Qdrant 1 Qdrant 2024-11-21 7.5 High
* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component.
CVE-2023-38974 1 Uatech 1 Badaso 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
CVE-2023-38973 1 Uatech 1 Badaso 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
CVE-2023-38971 1 Uatech 1 Badaso 2024-11-21 5.4 Medium
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.
CVE-2023-38970 1 Uatech 1 Badaso 2024-11-21 5.4 Medium
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.
CVE-2023-38969 1 Uatech 1 Badaso 2024-11-21 5.4 Medium
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
CVE-2023-38964 1 Creativeitem 1 Academy Lms 2024-11-21 6.1 Medium
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2023-38961 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.
CVE-2023-38958 1 Zkteco 1 Bioaccess Ivs 2024-11-21 5.3 Medium
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.
CVE-2023-38956 1 Zkteco 1 Bioaccess Ivs 2024-11-21 7.5 High
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.