Search Results (363807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36387 1 Apache 1 Superset 2024-11-21 5.4 Medium
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.
CVE-2023-36386 1 Siemens 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more 2024-11-21 8.8 High
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the get_elements parameters.
CVE-2023-36384 1 Booking Calendar Project 1 Booking Calendar 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.
CVE-2023-36383 1 Mage-people 1 Event Manager And Tickets Selling For Woocommerce 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.9.5 versions.
CVE-2023-36376 1 Phpgurukul 1 Hostel Management System 2024-11-21 4.8 Medium
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
CVE-2023-36351 1 Viatomtech 1 Vihealth 2024-11-21 7.8 High
An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component.
CVE-2023-36344 1 Dieboldnixdorf 1 Vynamic View 2024-11-21 7.8 High
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.
CVE-2023-36340 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2023-36339 1 Webboss 1 Webboss.io Cms 2024-11-21 7.5 High
An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request.
CVE-2023-36327 1 Relic Project 1 Relic 2024-11-21 9.8 Critical
Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function.
CVE-2023-36326 1 Relic Project 1 Relic 2024-11-21 9.8 Critical
Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function.
CVE-2023-36321 1 Covesa 1 Dlt-daemon 2024-11-21 7.5 High
Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c.
CVE-2023-36319 1 Openupload Project 1 Openupload 2024-11-21 8.8 High
File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.
CVE-2023-36317 1 Oretnom23 1 Student Study Center Desk Management System 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.
CVE-2023-36315 1 Phpjabbers 1 Callback Widget 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0.
CVE-2023-36314 1 Phpjabbers 1 Callback Widget 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.
CVE-2023-36313 1 Phpjabbers 1 Document Creator 2024-11-21 6.1 Medium
PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".
CVE-2023-36312 1 Phpjabbers 1 Callback Widget 2024-11-21 5.4 Medium
There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.
CVE-2023-36311 1 Phpjabbers 1 Document Creator 2024-11-21 9.8 Critical
There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.
CVE-2023-36310 1 Phpjabbers 1 Document Creator 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.