Search Results (362833 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0867 1 Opennms 2 Horizon, Meridian 2024-11-21 6.7 Medium
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
CVE-2023-0850 1 Netgear 2 Wndr3700, Wndr3700 Firmware 2024-11-21 2.7 Low
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability.
CVE-2023-0849 1 Netgear 2 Wndr3700, Wndr3700 Firmware 2024-11-21 4.7 Medium
A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.
CVE-2023-0848 1 Netgear 2 Wndr3700, Wndr3700 Firmware 2024-11-21 5.3 Medium
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.
CVE-2023-0846 1 Opennms 2 Horizon, Meridian 2024-11-21 6.7 Medium
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
CVE-2023-0829 1 Plesk 1 Plesk 2024-11-21 8.8 High
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.
CVE-2023-0828 1 Pandorafms 1 Pandora Fms 2024-11-21 6.7 Medium
Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVE-2023-0813 1 Redhat 3 Enterprise Linux, Network Observ Optr, Network Observability 2024-11-21 7.5 High
A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
CVE-2023-0808 3 Bosswerk, Deyeinverter, Revolt-power 6 Inverter, Inverter Firmware, Inverter and 3 more 2024-11-21 3.9 Low
A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability.
CVE-2023-0783 1 Shopex 1 Ecshop 2024-11-21 4.7 Medium
A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.
CVE-2023-0781 1 Canteen Management System Project 1 Canteen Management System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624.
CVE-2023-0774 1 Medical Certificate Generator App Project 1 Medical Certificate Generator App 2024-11-21 7.3 High
A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220558 is the identifier assigned to this vulnerability.
CVE-2023-0773 1 Uniview 3 Ip Camera Ipc322lb-sf28-a, Ipc322lb-sf28-a, Ipc322lb-sf28-a Firmware 2024-11-21 9.1 Critical
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.
CVE-2023-0770 2 Debian, Gpac 2 Debian Linux, Gpac 2024-11-21 7.8 High
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
CVE-2023-0757 1 Phoenixcontact 2 Multiprog, Proconos Eclr 2024-11-21 9.8 Critical
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.
CVE-2023-0707 1 Medical Certificate Generator App Project 1 Medical Certificate Generator App 2024-11-21 5.5 Medium
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability.
CVE-2023-0706 1 Medical Certificate Generator App Project 1 Medical Certificate Generator App 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-220340.
CVE-2023-0703 1 Google 1 Chrome 2024-11-21 8.8 High
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
CVE-2023-0702 1 Google 1 Chrome 2024-11-21 8.8 High
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0701 1 Google 1 Chrome 2024-11-21 8.8 High
Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)