Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25968 | 1 Cozmoslabs | 1 Client Portal | 2023-03-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions. | |||||
| CVE-2023-25709 | 1 Plainware | 1 Locatoraid | 2023-03-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions. | |||||
| CVE-2023-25708 | 1 Coderex | 1 Wp Vr | 2023-03-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions. | |||||
| CVE-2022-47427 | 1 My Calendar Project | 1 My Calendar | 2023-03-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions. | |||||
| CVE-2023-25695 | 1 Apache | 1 Airflow | 2023-03-17 | N/A | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. | |||||
| CVE-2019-0752 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2023-03-17 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. | |||||
| CVE-2018-18506 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2023-03-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. | |||||
| CVE-2023-1407 | 1 Student Study Center Desk Management System Project | 1 Student Study Center Desk Management System | 2023-03-17 | N/A | 7.2 HIGH |
| A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223111. | |||||
| CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2023-03-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | |||||
| CVE-2023-24726 | 1 Art Gallery Management System Project | 1 Art Gallery Management System | 2023-03-17 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | |||||
| CVE-2019-10790 | 1 Taffydb | 1 Taffy | 2023-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB. | |||||
| CVE-2022-44580 | 1 Richplugins | 1 Plugin For Google Reviews | 2023-03-17 | N/A | 8.8 HIGH |
| SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Reviews plugin <= 2.2.3 versions. | |||||
| CVE-2022-34148 | 1 Jetbackup | 1 Jetbackup | 2023-03-17 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions. | |||||
| CVE-2022-38456 | 1 Ajax Search Project | 1 Ajax Search | 2023-03-17 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions. | |||||
| CVE-2023-25206 | 1 Prestashop | 1 Advanced Reviews | 2023-03-17 | N/A | 8.8 HIGH |
| PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection. | |||||
| CVE-2023-27757 | 1 Perfree | 1 Perfreeblog | 2023-03-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. | |||||
| CVE-2023-27463 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. | |||||
| CVE-2023-27462 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for. | |||||
| CVE-2023-27310 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts. | |||||
| CVE-2023-27309 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions. | |||||