CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-1063 A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-24206 Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-32302 Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-1067 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-23080 Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23108 In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. | 7.5 | HIGH | — | 0 |
| CVE-2023-23109 In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv. | 7.5 | HIGH | — | 0 |
| CVE-2022-40237 IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-45137 The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality an... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-45138 The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45139 A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead ... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-45140 The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromi... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45697 Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | 7.8 | HIGH | — | 0 |
| CVE-2023-22860 IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. T... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-26042 Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the p... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-27263 A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-27264 A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | 7.1 | HIGH | — | 0 |
| CVE-2023-27265 Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner'... | 2.7 | LOW | — | 0 |
| CVE-2023-27266 Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner... | 2.7 | LOW | — | 0 |
| CVE-2023-1070 External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | 7.1 | HIGH | — | 0 |
| CVE-2023-23155 Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23156 Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23157 A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullna... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-23158 A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the messag... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-24251 WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-21452 Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | 3.3 | LOW | — | 0 |
| CVE-2023-24249 An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 | HIGH | — | 0 |
| CVE-2023-24253 Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22582 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, m... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-26760 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32830 An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of us... | 7.5 | HIGH | — | 0 |
| CVE-2022-32891 The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-28560 Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. | 7.8 | HIGH | — | 0 |
| CVE-2022-42797 An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. | 7.8 | HIGH | — | 0 |
| CVE-2022-42833 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | HIGH | — | 0 |
| CVE-2022-42838 An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activ... | 3.3 | LOW | — | 0 |
| CVE-2022-46705 A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a ... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-46712 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code wit... | 7.8 | HIGH | — | 0 |
| CVE-2022-46713 A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the fil... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-23493 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user wit... | 3.3 | LOW | — | 0 |
| CVE-2023-23498 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be select... | 3.3 | LOW | — | 0 |
| CVE-2023-23501 The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-23512 The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-s... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-23513 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba networ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24258 SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26041 Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they w... | 2.6 | LOW | — | 0 |
| CVE-2023-26043 GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-1055 A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information lea... | 5.5 | MEDIUM | — | 0 |
| CVE-2015-10086 A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to ... | 7.3 | HIGH | — | 0 |
| CVE-2023-1081 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | 4.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.