Search Results (37046 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-3590 1 Mattermost 1 Mattermost Server 2024-11-21 3.1 Low
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.
CVE-2023-3587 1 Mattermost 1 Mattermost Server 2024-11-21 2.7 Low
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
CVE-2023-3586 1 Mattermost 1 Mattermost Server 2024-11-21 4.2 Medium
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.
CVE-2023-3584 1 Mattermost 1 Mattermost Server 2024-11-21 3.1 Low
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
CVE-2023-3582 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, 
CVE-2023-3534 1 Sanchitkmr 1 Shopping Website 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.
CVE-2023-3528 1 Thinutech 1 Thinu-cms 2024-11-21 6.3 Medium
A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-233252.
CVE-2023-3502 1 Sanchitkmr 1 Shopping Website 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability.
CVE-2023-3490 1 Fossbilling 1 Fossbilling 2024-11-21 9.8 Critical
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVE-2023-3485 1 Temporal 1 Temporal 2024-11-21 3 Low
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.
CVE-2023-3481 1 Google 1 Critters 2024-11-21 5.7 Medium
Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension. 
CVE-2023-3473 1 Retro Cellphone Online Store Project 1 Retro Cellphone Online Store 2024-11-21 4.7 Medium
A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752.
CVE-2023-3458 1 Sanchitkmr 1 Shopping Website 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.
CVE-2023-3457 1 Sanchitkmr 1 Shopping Website 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.
CVE-2023-3449 1 Ibos 1 Ibos 2024-11-21 5.5 Medium
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-232546 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-3442 1 Jenkins 1 Servicenow Devops 2024-11-21 7.7 High
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.
CVE-2023-3436 1 Xpdfreader 1 Xpdf 2024-11-21 3.3 Low
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
CVE-2023-3396 1 Retro Cellphone Online Store Project 1 Retro Cellphone Online Store 2024-11-21 6.3 Medium
A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351.
CVE-2023-3383 1 Game Result Matrix System Project 1 Game Result Matrix System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239.
CVE-2023-3379 1 Wago 14 Compact Controller 100, Compact Controller 100 Firmware, Edge Controller and 11 more 2024-11-21 5.3 Medium
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.