Search Results (37050 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41908 1 Cerebrate-project 1 Cerebrate 2024-11-21 5.3 Medium
Cerebrate before 1.15 lacks the Secure attribute for the session cookie.
CVE-2023-41891 1 Flyte 1 Flyteadmin 2024-11-21 3.5 Low
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.
CVE-2023-41887 1 Openrefine 1 Openrefine 2024-11-21 9.8 Critical
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.
CVE-2023-41886 1 Openrefine 1 Openrefine 2024-11-21 7.5 High
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.
CVE-2023-41882 1 Vantage6 1 Vantage6 2024-11-21 5.4 Medium
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.
CVE-2023-41805 1 Brainstormforce 1 Starter Templates 2024-11-21 6.5 Medium
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5.
CVE-2023-41750 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2024-11-21 5.5 Medium
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.
CVE-2023-41640 1 Grupposcai 1 Realgimm 2024-11-21 8.8 High
An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.
CVE-2023-41636 1 Grupposcai 1 Realgimm 2024-11-21 9.8 Critical
A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.
CVE-2023-41623 1 Emlog 1 Emlog 2024-11-21 7.2 High
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
CVE-2023-41615 1 Phpgurukul 1 Zoo Management System 2024-11-21 9.8 Critical
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.
CVE-2023-41594 1 Phpgurukul 1 Dairy Farm Shop Management System 2024-11-21 7.5 High
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.
CVE-2023-41543 1 Jeecg 1 Jeecg Boot 2024-11-21 9.8 Critical
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
CVE-2023-41542 1 Jeecg 1 Jeecg Boot 2024-11-21 9.8 Critical
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
CVE-2023-41539 1 Phpjabbers 1 Business Directory Script 2024-11-21 7.5 High
phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter.
CVE-2023-41507 1 Superstorefinder 1 Super Store Finder 2024-11-21 9.8 Critical
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.
CVE-2023-41443 1 Xxyopen 1 Novel-plus 2024-11-21 7.2 High
SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.
CVE-2023-41387 2 Apple, Patreon 2 Iphone Os, Flutter Downloader 2024-11-21 9.1 Critical
A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.
CVE-2023-41364 1 Metaways 1 Tine 2024-11-21 9.8 Critical
In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.
CVE-2023-41328 1 Frappe 1 Frappe 2024-11-21 4.2 Medium
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.