CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-50867 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and the... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48434 Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters rece... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48433 Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters re... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50866 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26582 Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34267 An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34268 An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-31224 There is broken access control during authentication in Jamf Pro Server before 10.46.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51135 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-47990 SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33025 Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50865 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49001 An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26581 Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-47883 The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23634 SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-1870 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remot... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2023-51136 TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49677 Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and th... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50628 Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50044 Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49681 Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-52262 outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50589 Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6975 A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6974 A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-52103 Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51095 Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45887 DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50864 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37824 Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6928 EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49688 Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent u... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49004 An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-52042 An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49689 Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50863 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50104 ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51023 TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43955 The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perfor... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50862 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and the... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48689 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50753 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters rec... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50752 Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46265 An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46264 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48716 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49658 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received a... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-51090 Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46263 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.