Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-31579 Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the applicatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45576 Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-720... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45577 Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45578 Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-720... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37756 I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38912 SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45347 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the chara... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45346 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the character... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45345 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the charac... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23368 An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46980 An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to su... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41998 Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47445 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compl... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47426 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46859 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Cale... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46808 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45805 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment G... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41652 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a thro... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-34383 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Projec... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45573 Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-720... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45574 Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-720... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47588 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45575 Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43668 Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "auto... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-35662 there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4832 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection.This issue affects Company Management: before 3072 .... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a cra... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49060 An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41011 Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4669 Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.This issue affects SYSGuard 3001: before 3.2.20.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4766 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection.This issue affects Movus: before 20230913. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41351 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alter... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43982 Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers t... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27630 In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23821 Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5053 Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4322 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-21242 In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege wit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38861 An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38862 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38863 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38865 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27631 In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-36553 A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39852 Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session va... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43013 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of th... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-45852 In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for th... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39850 Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3631 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart No... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.