CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-45968 Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | 8.8 | HIGH | — | 0 |
| CVE-2022-45970 Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-45969 Alist v3.4.0 is vulnerable to Directory Traversal, | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43551 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-... | 7.5 | HIGH | — | 0 |
| CVE-2022-46763 A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database admini... | 8.8 | HIGH | — | 0 |
| CVE-2022-36943 SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when op... | 8.1 | HIGH | — | 0 |
| CVE-2020-36645 A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address th... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-0676 Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-4759 The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow use... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-23915 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using it... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-1041 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipula... | 3.5 | LOW | — | 0 |
| CVE-2023-1211 SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. | 7.2 | HIGH | — | 0 |
| CVE-2009-3654 Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | N/A | NONE | — | 0 |
| CVE-2023-31595 IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. | 7.5 | HIGH | — | 0 |
| CVE-2009-3587 Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust E... | N/A | NONE | — | 0 |
| CVE-2023-23408 Azure Apache Ambari Spoofing Vulnerability | 4.5 | MEDIUM | — | 0 |
| CVE-2023-27533 A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server... | 8.8 | HIGH | — | 0 |
| CVE-2020-36074 SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter. | 8.8 | HIGH | — | 0 |
| CVE-2023-25023 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin <= 2.14.2 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2020-36077 SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file | 8.8 | HIGH | — | 0 |
| CVE-2024-32256 Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for wha... | 8.1 | HIGH | — | 0 |
| CVE-2022-48177 X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vuln... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-48178 X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-26813 SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29636 Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default confi... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-29639 Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configurati... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-29240 An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Techni... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-31979 Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c. | 7.8 | HIGH | — | 0 |
| CVE-2023-31594 IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | 7.5 | HIGH | — | 0 |
| CVE-2023-32309 PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<-... | 7.5 | HIGH | — | 0 |
| CVE-2023-31233 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-31726 AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | 7.5 | HIGH | — | 0 |
| CVE-2023-33939 Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-33940 Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web scrip... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-33943 Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web scr... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-33944 Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arb... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-58955 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Kar... | 8.1 | HIGH | — | 0 |
| CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when... | 3.7 | LOW | — | 0 |
| CVE-2023-33498 alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. | 8.8 | HIGH | — | 0 |
| CVE-2023-29130 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An att... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-29131 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass ne... | 7.4 | HIGH | — | 0 |
| CVE-2009-1877 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CV... | N/A | NONE | — | 0 |
| CVE-2023-25835 There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create... | 8.4 | HIGH | — | 0 |
| CVE-2023-25837 There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked... | 8.4 | HIGH | — | 0 |
| CVE-2023-33951 A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operation... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-36118 Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-3426 The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-10581 A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privile... | 7.8 | HIGH | — | 0 |
| CVE-2009-3588 Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust E... | N/A | NONE | — | 0 |
| CVE-2023-29099 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions. | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.