Search Results (363855 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-37144 2 Tenda, Tendacn 2 Ac10, Ac10 Firmware 2024-11-21 9.8 Critical
Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.
CVE-2023-37143 1 Microsoft 1 Chakracore 2024-11-21 5.5 Medium
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().
CVE-2023-37142 1 Microsoft 1 Chakracore 2024-11-21 5.5 Medium
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().
CVE-2023-37141 1 Microsoft 1 Chakracore 2024-11-21 5.5 Medium
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().
CVE-2023-37140 1 Microsoft 1 Chakracore 2024-11-21 5.5 Medium
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().
CVE-2023-37139 1 Microsoft 1 Chakracore 2024-11-21 5.5 Medium
ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().
CVE-2023-37136 1 Eyoucms 1 Eyoucms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37135 1 Eyoucms 1 Eyoucms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37134 1 Eyoucms 1 Eyoucms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37133 1 Eyoucms 1 Eyoucms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37132 1 Eyoucms 1 Eyoucms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37131 1 Yzncms 1 Yzncms 2024-11-21 6.5 Medium
A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.
CVE-2023-37125 1 Seacms 1 Seacms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37124 1 Seacms 1 Seacms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37122 1 Bagesoft 1 Bagecms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.
CVE-2023-37117 1 Live555 1 Live555 2024-11-21 9.8 Critical
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
CVE-2023-37070 1 Code-projects 1 Hospital Information System 2024-11-21 4.8 Medium
Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-37069 1 Online Hospital Management System Project 1 Online Hospital Management System 2024-11-21 9.8 Critical
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVE-2023-37068 1 Sherlock 1 Gym Management System 2024-11-21 9.8 Critical
Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.
CVE-2023-37067 1 Chamilo 1 Chamilo 2024-11-21 4.8 Medium
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.