CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-38863 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38865 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44694 D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39852 Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session va... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-27630 In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39850 Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43791 Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any accoun... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46042 An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47583 Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-30131 An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45225 Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP CamerasΒ with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overfl... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43986 DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43755 Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overf... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-3959 Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overfl... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45381 In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().` | 9.8 | CRITICAL | β | 0 |
| CVE-2023-29974 An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38584 In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authe... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43492 In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authen... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45376 In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProd... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36706 The Simple:Press β WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-0311 Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-47397 WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5941 In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39796 SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-26037 Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33663 In the module βCustomization fields fee for your storeβ (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4488 The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39115 install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5227 Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46800 Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46793 Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validat... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46789 Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does n... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46788 Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not valid... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37824 Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46787 Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters receive... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-8543 Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 ... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-46785 Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters rece... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46679 Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46677 Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46010 An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46424 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44273 Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45797 A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38870 A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35071 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administrati... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43792 baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-46502 An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5865 Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32485 Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27846 SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategoryc... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.