Search Results (37070 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-49003 1 Simplemobiletools 1 Simple Dialer 2024-11-21 5.3 Medium
An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.
CVE-2023-48987 1 Cusg 1 Content Management System 2024-11-21 7.5 High
Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component.
CVE-2023-48925 1 Buy-addons 1 Bavideotab 2024-11-21 9.8 Critical
SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().
CVE-2023-48893 1 Slims 1 Senayan Library Management System Bulian 2024-11-21 8.8 High
SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.
CVE-2023-48859 1 Totolink 2 A3002ru, A3002ru Firmware 2024-11-21 8.8 High
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.
CVE-2023-48823 1 Mayurik 1 Courier Management System 2024-11-21 9.8 Critical
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.
CVE-2023-48813 1 Slims 1 Senayan Library Management System Bulian 2024-11-21 8.8 High
Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.
CVE-2023-48760 1 Crocoblock 1 Jetelements 2024-11-21 8.2 High
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
CVE-2023-48759 1 Crocoblock 1 Jetelements 2024-11-21 7.5 High
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
CVE-2023-48722 1 Phpgurukul 1 Student Result Management System 2024-11-21 9.8 Critical
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48720 1 Phpgurukul 1 Student Result Management System 2024-11-21 9.8 Critical
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48716 1 Projectworlds 1 Student Result Management System 2024-11-21 9.8 Critical
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48712 1 Warpgate Project 1 Warpgate 2024-11-21 7.1 High
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-48692 1 Microsoft 1 Azure Rtos Netx Duo 2024-11-21 9.1 Critical
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-48687 1 Projectworlds 1 Railway Reservation System 2024-11-21 9.8 Critical
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48685 1 Projectworlds 1 Railway Reservation System 2024-11-21 9.8 Critical
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48434 1 Projectworlds 1 Online Voting System Project 2024-11-21 9.8 Critical
Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48433 1 Projectworlds 1 Online Voting System Project 2024-11-21 9.8 Critical
Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48417 1 Google 2 Chromecast, Chromecast Firmware 2024-11-21 9.8 Critical
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application
CVE-2023-48402 1 Google 1 Android 2024-11-21 7.8 High
In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.