Search Results (37074 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-51377 1 Wpeverest 1 Everest Forms 2024-11-21 5.3 Medium
Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3.
CVE-2023-51376 1 Brainstormforce 1 Surefeedback 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.
CVE-2023-51375 1 Wpdeveloper 1 Embedpress 2024-11-21 4.3 Medium
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3.
CVE-2023-51051 1 S-cms 1 S-cms 2024-11-21 9.8 Critical
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.
CVE-2023-51050 1 S-cms 1 S-cms 2024-11-21 9.8 Critical
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.
CVE-2023-51049 1 S-cms 1 S-cms 2024-11-21 9.8 Critical
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
CVE-2023-51048 1 S-cms 1 S-cms 2024-11-21 9.8 Critical
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.
CVE-2023-50752 1 Kashipara 1 Online Notice Board System 2024-11-21 9.8 Critical
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-50732 1 Xwiki 1 Xwiki 2024-11-21 8.3 High
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.
CVE-2023-50712 1 Dfir-iris 1 Iris 2024-11-21 4.6 Medium
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.
CVE-2023-50705 1 Efacec 2 Uc 500e, Uc 500e Firmware 2024-11-21 5.3 Medium
An attacker could create malicious requests to obtain sensitive information about the web server.
CVE-2023-50589 1 Embras 1 Geosiap Erp 2024-11-21 9.8 Critical
Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page.
CVE-2023-50578 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
CVE-2023-50570 1 Seancfoley 1 Ipaddress 2024-11-21 5.5 Medium
An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid arguments. The product is not intended to always halt for contrived inputs.
CVE-2023-50563 1 Sem-cms 1 Semcms 2024-11-21 9.8 Critical
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
CVE-2023-50457 1 Zammad 1 Zammad 2024-11-21 4.3 Medium
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.
CVE-2023-50429 1 Izybat 1 Orange Casiers 2024-11-21 9.1 Critical
IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection.
CVE-2023-50363 1 Qnap 2 Qts, Quts Hero 2024-11-21 7.4 High
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
CVE-2023-50073 1 Leadscloud 1 Empirecms 2024-11-21 9.8 Critical
EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.
CVE-2023-50071 1 Customer Support System Project 1 Customer Support System 2024-11-21 8.8 High
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.