CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-26208 A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU a... | 3.7 | LOW | — | 0 |
| CVE-2023-26209 A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and me... | 3.7 | LOW | — | 0 |
| CVE-2023-0845 Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This v... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-1287 An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | 9.0 | CRITICAL | — | 0 |
| CVE-2023-1288 An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server. | 6.8 | MEDIUM | — | 0 |
| CVE-2023-25573 metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any f... | 8.6 | HIGH | — | 0 |
| CVE-2023-25814 metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submis... | 7.1 | HIGH | — | 0 |
| CVE-2022-4317 An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. | 5.0 | MEDIUM | — | 0 |
| CVE-2022-4462 An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulne... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-0483 An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was pos... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41821 A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. | 5.0 | MEDIUM | — | 0 |
| CVE-2023-1084 An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Mai... | 2.7 | LOW | — | 0 |
| CVE-2022-3381 An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary si... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-4289 An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integra... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-0223 An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-projec... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-1318 Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-27204 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27205 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27206 A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pa... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-27207 Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27208 A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-27210 Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27211 A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pa... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-27212 A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-27213 Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27214 Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-27483 crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Ap... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-21490 Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-27484 crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update C... | 6.2 | MEDIUM | — | 0 |
| CVE-2023-27490 NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authenticati... | 8.1 | HIGH | — | 0 |
| CVE-2023-0050 An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A speciall... | 8.7 | HIGH | — | 0 |
| CVE-2023-1072 An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was poss... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-1319 Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-1300 A vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file patient-report.php of ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-1301 A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the f... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-1302 A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the ... | 3.5 | LOW | — | 0 |
| CVE-2023-1303 A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipul... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-20049 A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performa... | 8.6 | HIGH | — | 0 |
| CVE-2023-20064 A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using... | 4.6 | MEDIUM | — | 0 |
| CVE-2022-3758 An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to imp... | 5.4 | MEDIUM | — | 0 |
| CVE-2013-10020 A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to ... | 3.5 | LOW | — | 0 |
| CVE-2023-1307 Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | 9.8 | CRITICAL | — | 0 |
| CVE-2014-125093 A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The ... | 4.3 | MEDIUM | — | 0 |
| CVE-2017-20182 A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js... | 3.5 | LOW | — | 0 |
| CVE-2023-27116 WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-27117 WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. | 7.8 | HIGH | — | 0 |
| CVE-2023-1091 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-1308 A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argum... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-1309 A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/search_it.php. The ma... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-33831 A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... | 7.4 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.