Search Results (37027 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27526 1 Apache 1 Superset 2024-11-21 4.3 Medium
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. 
CVE-2023-27525 1 Apache 1 Superset 2024-11-21 3.1 Low
An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1
CVE-2023-27523 1 Apache 1 Superset 2024-11-21 5 Medium
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
CVE-2023-27262 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27260 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27255 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27254 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27074 1 Phpgurukul 1 Bp Monitoring Management System 2024-11-21 9.8 Critical
BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.
CVE-2023-26959 1 Phpgurukul 1 Park Ticketing Management System 2024-11-21 9.8 Critical
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.
CVE-2023-26861 1 Vivawallet 1 Viva Wallet 2024-11-21 9.8 Critical
SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module.
CVE-2023-26859 1 Brevo 1 Brevo 2024-11-21 9.8 Critical
SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component.
CVE-2023-26584 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26583 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26582 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26581 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26572 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26569 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26568 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-26562 1 Zimbra 1 Collaboration 2024-11-21 6.5 Medium
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
CVE-2023-26523 1 Codepeople 1 Calculated Fields Form 2024-11-21 4.3 Medium
Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.