Search Results (37071 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4037 1 Setelsa-security 1 Conacwin 2024-11-21 9.9 Critical
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
CVE-2023-49980 1 Sourcecodester 1 Best Student Result Management System 2024-11-21 7.5 High
A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.
CVE-2023-49949 1 Passwork 1 Passwork 2024-11-21 8.1 High
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
CVE-2023-49947 1 Forgejo 1 Forgejo 2024-11-21 7.5 High
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.
CVE-2023-49708 1 Joomstar 1 Starshop 2024-11-21 9.8 Critical
SQLi vulnerability in Starshop component for Joomla.
CVE-2023-49707 1 Joomlart 1 S5 Register 2024-11-21 9.8 Critical
SQLi vulnerability in S5 Register module for Joomla.
CVE-2023-49689 1 Kashipara 1 Job Portal 2024-11-21 9.8 Critical
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49688 1 Kashipara 1 Job Portal 2024-11-21 9.8 Critical
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49681 1 Kashipara 1 Job Portal 2024-11-21 9.8 Critical
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49677 1 Kashipara 1 Job Portal 2024-11-21 9.8 Critical
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49652 1 Jenkins 1 Google Compute Engine 2024-11-21 2.7 Low
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1.
CVE-2023-49581 1 Sap 1 Netweaver Application Server Abap 2024-11-21 4.1 Medium
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.
CVE-2023-49429 1 Tenda 2 Ax9, Ax9 Firmware 2024-11-21 9.8 Critical
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.
CVE-2023-49371 1 Ruoyi 1 Ruoyi 2024-11-21 9.8 Critical
RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
CVE-2023-49363 1 Rockoa 1 Rockoa 2024-11-21 9.8 Critical
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.
CVE-2023-49316 1 Phpseclib 1 Phpseclib 2024-11-21 7.5 High
In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
CVE-2023-49273 1 Umbraco 1 Umbraco Cms 2024-11-21 5.4 Medium
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
CVE-2023-49240 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49230 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 8.8 High
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
CVE-2023-49229 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 4.3 Medium
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.