Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31933 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 7.2 High
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.
CVE-2023-31932 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 7.2 High
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.
CVE-2023-31925 1 Broadcom 1 Brocade Sannav 2024-11-21 5.4 Medium
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.
CVE-2023-31853 1 Cudy 2 Lt400, Lt400 Firmware 2024-11-21 6.1 Medium
Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.
CVE-2023-31851 1 Cudy 2 Lt400, Lt400 Firmware 2024-11-21 6.1 Medium
Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.
CVE-2023-31825 1 Inageya 1 Inageya 2024-11-21 7.5 High
An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function.
CVE-2023-31824 1 Dericia 1 Delicia 2024-11-21 7.5 High
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.
CVE-2023-31823 1 Marui 1 Marui 2024-11-21 7.5 High
An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.
CVE-2023-31822 1 Entetsu 1 Entetsu Store 2024-11-21 7.5 High
An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function.
CVE-2023-31821 1 Albis 1 Albis 2024-11-21 7.5 High
An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function.
CVE-2023-31820 1 Shizutetsu 1 Shizutetsu Store 2024-11-21 7.5 High
An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
CVE-2023-31818 1 Marukyu 1 Marukyu Line 2024-11-21 7.5 High
An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
CVE-2023-31808 1 Technicolor 2 Tg670, Tg670 Firmware 2024-11-21 7.2 High
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.
CVE-2023-31794 1 Artifex 1 Mupdf 2024-11-21 5.5 Medium
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2023-31754 1 Optimizely 1 Optimizely Cms 2024-11-21 4.8 Medium
Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel.
CVE-2023-31753 1 Endonesia 1 Endonesia 2024-11-21 9.8 Critical
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.
CVE-2023-31719 1 Frangoteam 1 Fuxa 2024-11-21 9.8 Critical
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
CVE-2023-31718 1 Frangoteam 1 Fuxa 2024-11-21 7.5 High
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
CVE-2023-31717 1 Frangoteam 1 Fuxa 2024-11-21 7.5 High
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
CVE-2023-31716 1 Frangoteam 1 Fuxa 2024-11-21 7.5 High
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log