Search Results (363392 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27225 1 User Registration \& Login And User Management System With Admin Panel Project 1 User Registration \& Login And User Management System With Admin Panel 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.
CVE-2023-27198 1 Paxtechnology 2 Pax A930, Pax A930 Firmware 2024-11-21 6.8 Medium
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.
CVE-2023-27170 1 Xpand-it 1 Write-back Manager 2024-11-21 7.5 High
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.
CVE-2023-27169 1 Xpand-it 1 Write-back Manager 2024-11-21 6.5 Medium
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.
CVE-2023-27152 1 Opnsense 1 Opnsense 2024-11-21 9.8 Critical
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.
CVE-2023-27150 1 Opencrx 1 Opencrx 2024-11-21 5.4 Medium
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
CVE-2023-27149 1 Enhancesoft 1 Osticket 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.
CVE-2023-27148 1 Enhancesoft 1 Osticket 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.
CVE-2023-27133 1 Tsplus 1 Tsplus Remote Work 2024-11-21 9.8 Critical
TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.
CVE-2023-27132 1 Tsplus 1 Tsplus Remote Work 2024-11-21 9.8 Critical
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.
CVE-2023-27121 1 Pleasantsolutions 1 Pleasant Password Server 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter.
CVE-2023-27103 1 Struktur 1 Libde265 2024-11-21 8.8 High
Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.
CVE-2023-27102 1 Struktur 1 Libde265 2024-11-21 6.5 Medium
Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.
CVE-2023-27074 1 Phpgurukul 1 Bp Monitoring Management System 2024-11-21 9.8 Critical
BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.
CVE-2023-26980 2 Pax, Paxtechnology 3 A920 Pro, Paydroid, A920 Pro 2024-11-21 7.0 High
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications.
CVE-2023-26979 1 Bluetens 1 Bluetensq 2024-11-21 3.1 Low
Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication.
CVE-2023-26961 1 Alteryx 1 Alteryx Server 2024-11-21 4.8 Medium
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files (e.g., JavaScript content for stored XSS) via the type field in a JSON document within a PUT /gallery/api/media request.
CVE-2023-26959 1 Phpgurukul 1 Park Ticketing Management System 2024-11-21 9.8 Critical
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.
CVE-2023-26958 1 Phpgurukul 1 Park Ticketing Management System 2024-11-21 4.8 Medium
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.
CVE-2023-26943 1 Assaabloy 2 Yale Keyless Smart Lock, Yale Keyless Smart Lock Firmware 2024-11-21 6.5 Medium
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original.