Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-35033 Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authen... | 8.8 | HIGH | — | 0 |
| CVE-2023-35035 Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authen... | 8.8 | HIGH | — | 0 |
| CVE-2015-10118 A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The ma... | 3.5 | LOW | — | 0 |
| CVE-2023-23818 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-33253 LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the messag... | 8.8 | HIGH | — | 0 |
| CVE-2023-33290 The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). | 7.5 | HIGH | — | 0 |
| CVE-2023-33492 EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). | 5.4 | MEDIUM | — | 0 |
| CVE-2023-34855 A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a cr... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-38156 A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in ... | 7.2 | HIGH | — | 0 |
| CVE-2023-23819 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin <= 3.5.201706131 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-31236 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFocus Projects Scripts n Styles plugin <= 3.5.7 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-32118 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-32961 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-34581 Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | 9.8 | CRITICAL | — | 0 |
| CVE-2023-35042 GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3206 A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=restart. The manipulation of... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-3208 A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Affected by this issue is some unknown functionality of the file /Log/Query?ap... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-28933 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <= 1.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-34026 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCrust This Day In History plugin <= 3.10.1 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-35053 In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms | 7.5 | HIGH | — | 0 |
| CVE-2023-35054 In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible | 4.6 | MEDIUM | — | 0 |
| CVE-2023-34105 SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's `api-server` server is vulnerable to a drive-b... | 7.5 | HIGH | — | 0 |
| CVE-2023-2718 The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-34341 AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, whi... | 7.2 | HIGH | — | 0 |
| CVE-2023-34344 AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-34345 AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-36331 Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.... | 10.0 | CRITICAL | — | 0 |
| CVE-2023-0431 The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Sc... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-2398 The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high pr... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-2568 The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against hi... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-34334 AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, informati... | 7.2 | HIGH | — | 0 |
| CVE-2023-34335 AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability ma... | 7.7 | HIGH | — | 0 |
| CVE-2023-34336 AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of ... | 8.1 | HIGH | — | 0 |
| CVE-2023-34342 AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileg... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-34343 AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, informati... | 7.2 | HIGH | — | 0 |
| CVE-2023-1897 Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain cre... | 9.4 | CRITICAL | — | 0 |
| CVE-2023-41082 Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. | 4.4 | MEDIUM | — | 0 |
| CVE-2023-1898 Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session. | 9.4 | CRITICAL | — | 0 |
| CVE-2023-1899 Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller. | 9.4 | CRITICAL | — | 0 |
| CVE-2023-33625 D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33626 D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-34941 A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inject... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-34942 Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the... | 7.5 | HIGH | — | 0 |
| CVE-2023-40817 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-40591 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` ... | 7.1 | HIGH | — | 0 |
| CVE-2023-2827 SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent ... | 7.9 | HIGH | — | 0 |
| CVE-2023-32114 SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program ... | 2.7 | LOW | — | 0 |
| CVE-2023-32115 An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. | 4.2 | MEDIUM | — | 0 |
| CVE-2023-33984 SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content ... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-33985 SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changin... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.