Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36159 1 Oretnom23 1 Lost And Found Information System 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.
CVE-2023-36141 1 Phpjabbers 1 Cleaning Business Software 2024-11-21 5.3 Medium
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-36140 1 Phpjabbers 1 Cleaning Business Software 2024-11-21 9.8 Critical
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.
CVE-2023-36139 1 Phpjabbers 1 Cleaning Business Software 2024-11-21 9.8 Critical
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
CVE-2023-36138 1 Phpjabbers 1 Cleaning Business Software 2024-11-21 6.1 Medium
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.
CVE-2023-36137 1 Phpjabbers 1 Class Scheduling System 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.
CVE-2023-36136 1 Phpjabbers 1 Class Scheduling System 2024-11-21 6.5 Medium
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.
CVE-2023-36135 1 Phpjabbers 1 Class Scheduling System 2024-11-21 7.5 High
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-36134 1 Phpjabbers 1 Class Scheduling System 2024-11-21 9.8 Critical
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
CVE-2023-36133 1 Phpjabbers 1 Availability Booking Calendar 2024-11-21 9.8 Critical
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.
CVE-2023-36132 1 Phpjabbers 1 Availability Booking Calendar 2024-11-21 9.8 Critical
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.
CVE-2023-36131 1 Phpjabbers 1 Availability Booking Calendar 2024-11-21 9.8 Critical
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.
CVE-2023-36127 1 Phpjabbers 1 Appointment Scheduler 2024-11-21 7.5 High
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-36126 1 Phpjabbers 1 Appointment Scheduler 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0
CVE-2023-36123 1 Plain Craft Launcher 2 Project 1 Plain Craft Launcher 2 2024-11-21 7.8 High
Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.
CVE-2023-36121 1 E107 1 E107 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
CVE-2023-36109 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.
CVE-2023-36106 1 Powerjob 1 Powerjob 2024-11-21 7.5 High
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
CVE-2023-36100 1 Macwk 1 Icecms 2024-11-21 9.8 Critical
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser.
CVE-2023-36095 1 Langchain 1 Langchain 2024-11-21 9.8 Critical
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.