CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-44482 Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the chara... | 8.8 | HIGH | — | 0 |
| CVE-2023-47191 Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-49765 Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50834 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu E... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-7039 A vulnerability classified as critical has been found in Byzoro S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to inject... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-50732 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This... | 8.3 | HIGH | — | 0 |
| CVE-2023-7040 A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The mani... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-7041 A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-7042 A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigg... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-41097 An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | 4.6 | MEDIUM | — | 0 |
| CVE-2023-46645 A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need p... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-46647 Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making reque... | 8.0 | HIGH | — | 0 |
| CVE-2023-46648 An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulner... | 8.3 | HIGH | — | 0 |
| CVE-2023-46649 A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability af... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-48685 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and the... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48687 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48689 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48716 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48718 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the charact... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48720 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters recei... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48722 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characte... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6690 A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the trans... | 3.9 | LOW | — | 0 |
| CVE-2023-51432 Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 3.2 | LOW | — | 0 |
| CVE-2023-6802 An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit th... | 7.2 | HIGH | — | 0 |
| CVE-2023-6803 A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server si... | 5.8 | MEDIUM | — | 0 |
| CVE-2023-6804 Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnera... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-6847 An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an at... | 7.5 | HIGH | — | 0 |
| CVE-2023-27319 ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-7050 A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The... | 3.5 | LOW | — | 0 |
| CVE-2023-7051 A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the co... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-37520 Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status ... | 7.7 | HIGH | — | 0 |
| CVE-2023-48298 ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due ... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-49084 Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the includ... | 8.0 | HIGH | — | 0 |
| CVE-2023-4247 The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-6316 The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6583 The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it p... | 6.6 | MEDIUM | — | 0 |
| CVE-2022-4959 A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerability is an unknown functionality of the component Nickname Handler. The manipulation leads to cross... | 3.5 | LOW | — | 0 |
| CVE-2022-4958 A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross sit... | 3.5 | LOW | — | 0 |
| CVE-2023-51749 ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profi... | 8.8 | HIGH | — | 0 |
| CVE-2023-51750 ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configur... | 4.6 | MEDIUM | — | 0 |
| CVE-2023-5118 The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-0429 A denial service vulnerability has been found on  Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records re... | 7.3 | HIGH | — | 0 |
| CVE-2024-23057 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-23058 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-0411 A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. T... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0412 A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request H... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0413 A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper ... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0414 A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access con... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0415 A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of t... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-0416 A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.