Search Results (37023 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24451 1 Jenkins 1 Cisco Spark 2024-11-21 4.3 Medium
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2023-24052 1 Connectize 2 Ac21000 G6, Ac21000 G6 Firmware 2024-11-21 8.8 High
An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.
CVE-2023-24051 1 Connectize 2 Ac21000 G6, Ac21000 G6 Firmware 2024-11-21 8.8 High
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks.
CVE-2023-24047 1 Connectize 2 Ac21000 G6, Ac21000 G6 Firmware 2024-11-21 8 High
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm.
CVE-2023-23763 1 Github 1 Enterprise Server 2024-11-21 5.3 Medium
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2023-23758 1 Creative-solutions 1 Creative Gallery 2024-11-21 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.
CVE-2023-23757 1 Bestaddon 1 Bestaddon Gallery 2024-11-21 9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.
CVE-2023-23737 1 Managewp 1 Broken Link Checker 2024-11-21 9.3 Critical
Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.
CVE-2023-23660 1 Mainwp 1 Mainwp Maintenance Extension 2024-11-21 8.5 High
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions.
CVE-2023-23651 1 Mainwp 1 Mainwp Google Analytics Extension 2024-11-21 8.5 High
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions.
CVE-2023-23639 1 Mainwp 1 Staging Extension 2024-11-21 5.4 Medium
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.
CVE-2023-23634 1 Documize 1 Documize 2024-11-21 9.8 Critical
SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.
CVE-2023-23563 1 Geomatika 1 Isigeo Web 2024-11-21 6.5 Medium
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection.
CVE-2023-23548 1 Checkmk 1 Checkmk 2024-11-21 5.4 Medium
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
CVE-2023-23476 1 Ibm 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak 2024-11-21 3.1 Low
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.
CVE-2023-23344 1 Hcltech 1 Bigfix Webui Insights 2024-11-21 3 Low
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
CVE-2023-23162 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 9.8 Critical
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.
CVE-2023-23156 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 9.8 Critical
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
CVE-2023-23155 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 9.8 Critical
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login.
CVE-2023-22834 1 Palantir 1 Contour 2024-11-21 2.7 Low
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.