Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0912 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability. | |||||
| CVE-2022-40348 | 1 Intern Record System Project | 1 Intern Record System | 2023-02-28 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. | |||||
| CVE-2023-0919 | 1 Kavitareader | 1 Kavita | 2023-02-28 | N/A | 3.5 LOW |
| Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | |||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2023-02-28 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2023-0913 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability. | |||||
| CVE-2012-10007 | 1 Buddystream Project | 1 Buddystream | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479. | |||||
| CVE-2014-125087 | 1 Java-xmlbuilder Project | 1 Java-xmlbuilder | 2023-02-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480. | |||||
| CVE-2022-48328 | 1 Misp | 1 Misp | 2023-02-28 | N/A | 9.8 CRITICAL |
| app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | |||||
| CVE-2022-48115 | 1 Jspreadsheet | 1 Jspreadsheet | 2023-02-28 | N/A | 6.1 MEDIUM |
| The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS). | |||||
| CVE-2020-5000 | 1 Ibm | 1 Financial Transaction Manager | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. | |||||
| CVE-2022-48329 | 1 Misp | 1 Misp | 2023-02-28 | N/A | 9.8 CRITICAL |
| MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | |||||
| CVE-2021-33949 | 1 Wms Project | 1 Wms | 2023-02-28 | N/A | 9.8 CRITICAL |
| An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function. | |||||
| CVE-2021-33950 | 1 Openkm | 1 Openkm | 2023-02-28 | N/A | 7.5 HIGH |
| An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | |||||
| CVE-2019-11559 | 1 Hrworks | 1 Hrworks | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. | |||||
| CVE-2019-15741 | 1 Gitlab | 1 Omnibus | 2023-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation | |||||
| CVE-2019-0207 | 1 Apache | 1 Tapestry | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform. | |||||
| CVE-2021-33948 | 1 Hotels Server Project | 1 Hotels Server | 2023-02-28 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter. | |||||
| CVE-2023-26092 | 1 Puzzle | 1 Liima | 2023-02-28 | N/A | 9.8 CRITICAL |
| Liima before 1.17.28 allows server-side template injection. | |||||
| CVE-2023-26093 | 1 Puzzle | 1 Liima | 2023-02-28 | N/A | 9.8 CRITICAL |
| Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. | |||||
| CVE-2012-10008 | 1 Oneapp Project | 1 Oneapp | 2023-02-28 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483. | |||||