CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-30847 H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from un... | 8.2 | HIGH | — | 0 |
| CVE-2023-2349 A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the... | 3.5 | LOW | — | 0 |
| CVE-2023-2350 A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php.... | 3.5 | LOW | — | 0 |
| CVE-2023-1477 Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3. | 7.2 | HIGH | — | 0 |
| CVE-2023-30848 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to rec... | 8.8 | HIGH | — | 0 |
| CVE-2023-30849 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 ... | 8.8 | HIGH | — | 0 |
| CVE-2023-30624 Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level ... | 3.9 | LOW | — | 0 |
| CVE-2023-30850 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 ... | 8.8 | HIGH | — | 0 |
| CVE-2023-30852 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vu... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-2335 Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects sure... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-21712 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2023-27860 IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 24920... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-2355 Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. | 7.8 | HIGH | — | 0 |
| CVE-2023-29489 An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.1... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-2356 Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | 7.5 | HIGH | — | 0 |
| CVE-2023-1968 Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, incl... | 10.0 | CRITICAL | — | 0 |
| CVE-2023-27556 IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-4729 IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker und... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-27557 IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected crypt... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-31436 qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | 7.8 | HIGH | — | 0 |
| CVE-2023-2361 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-2363 A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulatio... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2364 A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the a... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-30466 This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-30467 This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-base... | 7.5 | HIGH | — | 0 |
| CVE-2023-2360 Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. | 7.5 | HIGH | — | 0 |
| CVE-2023-28472 Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-2365 A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2366 A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2367 A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of ... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-2368 A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. Th... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-2369 A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manip... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-28473 Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. | 3.3 | LOW | — | 0 |
| CVE-2023-28474 Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-28475 Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-28476 Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-28477 Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-0834 Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | 7.0 | HIGH | — | 0 |
| CVE-2023-28819 Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. | 3.5 | LOW | — | 0 |
| CVE-2023-2370 A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2371 A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2372 A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.... | 2.4 | LOW | — | 0 |
| CVE-2023-2373 A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2374 A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipula... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2375 A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulati... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2376 A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2377 A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management In... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-2378 A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-30853 Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have exe... | 7.6 | HIGH | — | 0 |
| CVE-2023-30854 AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve ... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.