Search Results (363673 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33789 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33788 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33787 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33786 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33777 1 Prestashop 1 Amazon 2024-11-21 5.3 Medium
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack.
CVE-2023-33768 1 Belkin 2 Wemo Smart Plug Wsp080, Wemo Smart Plug Wsp080 Firmware 2024-11-21 6.5 Medium
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.
CVE-2023-33756 1 Foswiki 1 Foswiki 2024-11-21 7.5 High
An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.
CVE-2023-33745 1 Teleadapt 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware 2024-11-21 9.8 Critical
TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).
CVE-2023-33744 1 Teleadapt 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware 2024-11-21 9.8 Critical
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671.
CVE-2023-33742 1 Teleadapt 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware 2024-11-21 7.5 High
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe.
CVE-2023-33706 1 Sysaid 1 Sysaid 2024-11-21 6.5 Medium
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
CVE-2023-33684 1 Dbbroadcast 3 Sft Dab 600\/c, Sft Dab 600\/c Bios, Sft Dab 600\/c Firmware 2024-11-21 5.7 Medium
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.
CVE-2023-33668 1 Digiexam 1 Digiexam 2024-11-21 9.8 Critical
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.
CVE-2023-33666 1 Ai-dev 1 Aioptimizedcombinations 2024-11-21 9.8 Critical
ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.
CVE-2023-33665 1 Ai-dev 1 Ai-table 2024-11-21 9.8 Critical
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.
CVE-2023-33664 1 Ai-dev 1 Declinaisons A La Volee 2024-11-21 8.8 High
ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.
CVE-2023-33663 1 Ai-dev 1 Aicustomfee 2024-11-21 9.8 Critical
In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue.
CVE-2023-33595 1 Python 1 Python 2024-11-21 5.5 Medium
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
CVE-2023-33584 1 Enrollment System Project 1 Enrollment System 2024-11-21 9.8 Critical
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVE-2023-33580 1 Phpgurukul 1 Student Study Center Management System 2024-11-21 4.8 Medium
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.