Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43604 | 2023-03-16 | N/A | N/A | ||
| An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability. | |||||
| CVE-2023-0598 | 2023-03-16 | N/A | N/A | ||
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | |||||
| CVE-2023-0978 | 2 Mcafee, Trellix | 2 Advanced Threat Defense, Intelligent Sandbox | 2023-03-16 | N/A | 6.7 MEDIUM |
| A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack | |||||
| CVE-2022-47595 | 1 Wpgmaps | 1 Wp Go Maps | 2023-03-16 | N/A | 6.5 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions. | |||||
| CVE-2023-24762 | 1 Dlink | 2 Dir-867, Dir-867 Firmware | 2023-03-16 | N/A | 9.8 CRITICAL |
| OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. | |||||
| CVE-2023-24180 | 1 Libelfin Project | 1 Libelfin | 2023-03-16 | N/A | 6.5 MEDIUM |
| Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted elf file. | |||||
| CVE-2022-47422 | 1 Hmplugin | 1 Accept Stripe Donation - Aidwp | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions. | |||||
| CVE-2022-47154 | 1 Piwebsolution | 1 Css Js Manager\, Async Javascript\, Defer Render Blocking Css Supports Woocommerce | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin <= 2.4.49 versions. | |||||
| CVE-2023-27073 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-03-16 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. | |||||
| CVE-2023-1398 | 1 Teacms Project | 1 Teacms | 2023-03-16 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability. | |||||
| CVE-2023-1299 | 1 Hashicorp | 1 Nomad | 2023-03-16 | N/A | 8.8 HIGH |
| HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1. | |||||
| CVE-2023-1296 | 1 Hashicorp | 1 Nomad | 2023-03-16 | N/A | 5.3 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1. | |||||
| CVE-2023-27074 | 1 Bp Monitoring Management System Project | 1 Bp Monitoring Management System | 2023-03-16 | N/A | 9.8 CRITICAL |
| BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. | |||||
| CVE-2023-1359 | 1 Gadget Works Online Ordering System Project | 1 Gadget Works Online Ordering System | 2023-03-16 | N/A | 4.8 MEDIUM |
| A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1358 | 1 Gadget Works Online Ordering System Project | 1 Gadget Works Online Ordering System | 2023-03-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability. | |||||
| CVE-2023-1357 | 1 Simple Bakery Shop Management System Project | 1 Simple Bakery Shop Management System | 2023-03-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860. | |||||
| CVE-2023-1246 | 1 Saysis | 1 Starcities | 2023-03-16 | N/A | 7.5 HIGH |
| Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3. | |||||
| CVE-2023-1198 | 1 Saysis | 1 Starcities | 2023-03-16 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.This issue affects Starcities: through 1.3. | |||||
| CVE-2023-1364 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2023-03-16 | N/A | 7.5 HIGH |
| A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222871. | |||||
| CVE-2023-1363 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2023-03-16 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222870 is the identifier assigned to this vulnerability. | |||||