Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-4005 Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4006 Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4007 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-4868 IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furth... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-22595 IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code ... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-24971 IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java obje... | 7.5 | HIGH | β | 0 |
| CVE-2023-34358 ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary ... | 7.5 | HIGH | β | 0 |
| CVE-2023-34359 ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_de... | 7.5 | HIGH | β | 0 |
| CVE-2023-34360 A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.Β After a remote attacker log... | 8.2 | HIGH | β | 0 |
| CVE-2023-33534 A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request ... | 8.8 | HIGH | β | 0 |
| CVE-2022-4888 The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordP... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0602 The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-3130 The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even ... | 4.8 | MEDIUM | β | 0 |
| CVE-2023-3134 The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS att... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-3292 The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-35861 A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37647 SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34635 Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34644 Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series busines... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34842 Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36089 Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affec... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36090 Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer suppo... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36091 Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects produc... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36092 Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no long... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38303 An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-38304 An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in th... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-38305 An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a maliciou... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-38306 An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain fi... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-38307 An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user add... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-37771 Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38308 An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL fr... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-38309 An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malic... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-38310 An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an at... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-38311 An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malic... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-36763 Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-34916 Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-34917 Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-4004 A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a loca... | 7.8 | HIGH | β | 0 |
| CVE-2023-4010 A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition ... | 4.6 | MEDIUM | β | 0 |
| CVE-2023-38989 An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-3983 An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInj... | 8.8 | HIGH | β | 0 |
| CVE-2022-42182 Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-42183 Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF). | 9.1 | CRITICAL | β | 0 |
| CVE-2023-21411 User provided input is not sanitized in the βSettings > Access Controlβ configuration interface allowing for arbitrary code execution. | 7.2 | HIGH | β | 0 |
| CVE-2023-3462 HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the respo... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-3825 PTCβs KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which... | 7.5 | HIGH | β | 0 |
| CVE-2023-37496 HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's... | 8.3 | HIGH | β | 0 |
| CVE-2023-37772 Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | 8.8 | HIGH | β | 0 |
| CVE-2023-4033 OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | 7.8 | HIGH | β | 0 |
| CVE-2020-10962 In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enabl... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.