Search Results (37066 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-44148 1 Brainstormforce 1 Astra 2024-11-21 5.4 Medium
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
CVE-2023-44113 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44108 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44094 1 Huawei 2 Emui, Harmonyos 2024-11-21 5.3 Medium
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44044 1 Superstorefinder 1 Super Store Finder 2024-11-21 7.2 High
Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php.
CVE-2023-44025 1 Addify 1 Free Gifts 2024-11-21 9.8 Critical
SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component.
CVE-2023-44024 1 Knowband 1 One Page Checkout\, Social Login \& Mailchimp 2024-11-21 9.8 Critical
SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.
CVE-2023-43986 1 Dmconcept 1 Configurator 2024-11-21 9.8 Critical
DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.
CVE-2023-43983 1 Presto-changeo 1 Attribute Grid 2024-11-21 9.8 Critical
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
CVE-2023-43980 1 Presto-changeo 1 Testsitecreator 2024-11-21 9.8 Critical
Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
CVE-2023-43979 1 Prestahero 1 Ybc Blog 2024-11-21 9.8 Critical
ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().
CVE-2023-43961 1 Dromara 1 Sa-token 2024-11-21 8.8 High
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVE-2023-43909 2 Hospital Management System, Hospital Management System Project 2 Hospital Management System, Hospital Management System 2024-11-21 9.1 Critical
Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-43899 1 Hansuncms Project 1 Hansuncms 2024-11-21 9.8 Critical
hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx.
CVE-2023-43885 1 Tenda 2 Rx9 Pro, Rx9 Pro Firmware 2024-11-21 8.1 High
Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.
CVE-2023-43836 1 Jizhicms 1 Jizhicms 2024-11-21 6.5 Medium
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
CVE-2023-43813 1 Glpi-project 1 Glpi 2024-11-21 6.5 Medium
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.
CVE-2023-43761 4 Apple, F-secure, Linux and 1 more 10 Macos, Atlant, Client Security and 7 more 2024-11-21 7.5 High
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
CVE-2023-43739 1 Online Book Store Project Project 1 Online Book Store Project 2024-11-21 9.8 Critical
The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-43700 1 Sick 3 Apu0200, Apu0200 Firmware, Rdt400 2024-11-21 7.7 High
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.