Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24686 | 1 Churchcrm | 1 Churchcrm | 2023-02-16 | N/A | 4.8 MEDIUM |
| An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. | |||||
| CVE-2023-24685 | 1 Churchcrm | 1 Churchcrm | 2023-02-16 | N/A | 7.2 HIGH |
| ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | |||||
| CVE-2023-24684 | 1 Churchcrm | 1 Churchcrm | 2023-02-16 | N/A | 7.2 HIGH |
| ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. | |||||
| CVE-2023-0770 | 1 Gpac | 1 Gpac | 2023-02-16 | N/A | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. | |||||
| CVE-2023-24689 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 4.3 MEDIUM |
| An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx | |||||
| CVE-2023-24688 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 5.3 MEDIUM |
| An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. | |||||
| CVE-2023-24687 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 5.4 MEDIUM |
| Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. | |||||
| CVE-2023-24690 | 1 Churchcrm | 1 Churchcrm | 2023-02-16 | N/A | 5.4 MEDIUM |
| ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. | |||||
| CVE-2022-46650 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2023-02-16 | N/A | 4.9 MEDIUM |
| Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | |||||
| CVE-2022-46649 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2023-02-16 | N/A | 8.8 HIGH |
| Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. | |||||
| CVE-2023-0741 | 1 Answer | 1 Answer | 2023-02-16 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2022-45192 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2023-02-16 | N/A | 6.5 MEDIUM |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. | |||||
| CVE-2022-45191 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2023-02-16 | N/A | 6.5 MEDIUM |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. | |||||
| CVE-2015-10076 | 1 Shaarlier Project | 1 Shaarlier | 2023-02-16 | N/A | 9.8 CRITICAL |
| A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability. | |||||
| CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2023-02-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1767 | 1 Diagrams | 1 Drawio | 2023-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-1727 | 1 Diagrams | 1 Drawio | 2023-02-16 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. | |||||
| CVE-2022-1722 | 1 Diagrams | 1 Drawio | 2023-02-16 | 2.1 LOW | 3.3 LOW |
| SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses | |||||
| CVE-2022-1721 | 1 Diagrams | 1 Drawio | 2023-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. | |||||
| CVE-2022-1713 | 1 Diagrams | 1 Drawio | 2023-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. | |||||