Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36281 1 Langchain 1 Langchain 2024-11-21 9.8 Critical
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
CVE-2023-36260 1 Craftcms 1 Craft Cms 2024-11-21 7.5 High
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has "nothing to do with security."
CVE-2023-36256 1 Online Examination System Project 1 Online Examination System 2024-11-21 6.5 Medium
The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.
CVE-2023-36255 1 Eramba 1 Eramba 2024-11-21 8.8 High
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.
CVE-2023-36250 1 Gnome 1 Gnome-time Tracker 2024-11-21 7.8 High
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
CVE-2023-36234 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.
CVE-2023-36220 1 Textpattern 1 Textpattern 2024-11-21 7.2 High
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
CVE-2023-36217 1 Xoops 1 Xoops 2024-11-21 9.0 Critical
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
CVE-2023-36213 1 Motocms 1 Motocms 2024-11-21 9.8 Critical
SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.
CVE-2023-36212 1 Totalcms 1 Total Cms 2024-11-21 8.8 High
File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.
CVE-2023-36211 1 Cubiclesoft 1 Barebones Cms 2024-11-21 5.4 Medium
The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.
CVE-2023-36201 1 Jerryscript 1 Jerryscript 2024-11-21 7.5 High
An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.
CVE-2023-36199 1 Skale 1 Sgxwallet 2024-11-21 7.5 High
An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component.
CVE-2023-36198 1 Skale 1 Sgxwallet 2024-11-21 7.5 High
Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.
CVE-2023-36189 1 Langchain 1 Langchain 2024-11-21 7.5 High
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
CVE-2023-36188 1 Langchain 1 Langchain 2024-11-21 9.8 Critical
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
CVE-2023-36187 1 Netgear 30 Cbr40, Cbr40 Firmware, Lax20 and 27 more 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
CVE-2023-36184 3 Aptosfoundation, Move Project, Mystenlabs 3 Aptos, Move, Sui 2024-11-21 7.5 High
CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.
CVE-2023-36161 1 Quboworld 2 Smart Plug 10a, Smart Plug 10a Firmware 2024-11-21 7.5 High
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.
CVE-2023-36160 1 Quboworld 2 Smart Plug 10a, Smart Plug 10a Firmware 2024-11-21 5.5 Medium
An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.