Total
263811 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43233 | 1 Yzncms | 1 Yzncms | 2024-09-24 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. | ||||
| CVE-2023-41949 | 1 Avirtum | 1 Ifolders | 2024-09-24 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions. | ||||
| CVE-2023-41948 | 1 Christophrado | 1 Cookie Notice \& Consent | 2024-09-24 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions. | ||||
| CVE-2023-5192 | 1 Pimcore | 2 Core, Pimcore | 2024-09-24 | 6.5 Medium |
| Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. | ||||
| CVE-2023-39408 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-24 | 7.5 High |
| DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | ||||
| CVE-2023-43828 | 1 Intelliants | 1 Subrion | 2024-09-24 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. | ||||
| CVE-2023-39409 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-24 | 7.5 High |
| DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | ||||
| CVE-2023-43830 | 1 Intelliants | 1 Subrion | 2024-09-24 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'. | ||||
| CVE-2023-44047 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2024-09-24 | 7.2 High |
| Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. | ||||
| CVE-2023-42657 | 1 Progress | 1 Ws Ftp Server | 2024-09-24 | 9.9 Critical |
| In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. | ||||
| CVE-2024-3149 | 1 Mintplexlabs | 1 Anythingllm | 2024-09-24 | 8.8 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information. | ||||
| CVE-2023-44048 | 1 Oretnom23 | 1 Expense Tracker | 2024-09-24 | 5.4 Medium |
| Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. | ||||
| CVE-2023-44020 | 2 Tenda, Tendacn | 3 Ac10u, Ac10u, Ac10u Firmware | 2024-09-24 | 9.8 Critical |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. | ||||
| CVE-2023-44021 | 2 Tenda, Tendacn | 3 Ac10u, Ac10u, Ac10u Firmware | 2024-09-24 | 9.8 Critical |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. | ||||
| CVE-2023-5223 | 1 Hdoi | 1 Hcode Online Judge | 2024-09-24 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240365 was assigned to this vulnerability. | ||||
| CVE-2023-0456 | 1 Redhat | 2 Apicast, Red Hat 3scale Amp | 2024-09-24 | 7.4 High |
| A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | ||||
| CVE-2024-3404 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-09-24 | 6.5 Medium |
| In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users. | ||||
| CVE-2023-44022 | 2 Tenda, Tendacn | 3 Ac10u, Ac10u, Ac10u Firmware | 2024-09-24 | 9.8 Critical |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | ||||
| CVE-2023-43825 | 1 Ekakin | 1 Shihonkanri Plus | 2024-09-24 | 7.8 High |
| Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product.. | ||||
| CVE-2024-3234 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-09-24 | 9.8 Critical |
| The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305. | ||||