Search Results (363555 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32063 1 Oroinc 1 Client Relationship Management 2024-11-21 5 Medium
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.
CVE-2023-32062 1 Oroinc 1 Oroplatform 2024-11-21 5 Medium
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.
CVE-2023-32000 1 Ui 1 Unifi Network Application 2024-11-21 4.8 Medium
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
CVE-2023-31998 1 Ui 4 Aircube, Aircube Firmware, Edgemax Edgerouter and 1 more 2024-11-21 7.5 High
A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.
CVE-2023-31973 1 Tortall 1 Yasm 2024-11-21 5.5 Medium
yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
CVE-2023-31946 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php.
CVE-2023-31945 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.
CVE-2023-31944 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.
CVE-2023-31943 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.
CVE-2023-31942 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 4.8 Medium
Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.
CVE-2023-31941 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php.
CVE-2023-31940 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php.
CVE-2023-31939 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.
CVE-2023-31938 1 Online Travel Agency System Project 1 Online Travel Agency System 2024-11-21 7.2 High
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.
CVE-2023-31937 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 7.2 High
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.
CVE-2023-31935 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 4.8 Medium
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.
CVE-2023-31934 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 4.8 Medium
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.
CVE-2023-31933 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 7.2 High
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.
CVE-2023-31932 1 Phpgurukul 1 Rail Pass Management System 2024-11-21 7.2 High
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.
CVE-2023-31925 1 Broadcom 1 Brocade Sannav 2024-11-21 5.4 Medium
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.