Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1366 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2023-03-16 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. This affects the function query of the file admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222873 was assigned to this vulnerability. | |||||
| CVE-2023-1365 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2023-03-16 | N/A | 7.5 HIGH |
| A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222872. | |||||
| CVE-2023-0193 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-03-16 | N/A | 4.4 MEDIUM |
| NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. | |||||
| CVE-2023-1374 | 1 Solidres | 1 Solidres | 2023-03-16 | N/A | 4.8 MEDIUM |
| The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-1372 | 1 Webhostings | 1 Wh Testimonials | 2023-03-16 | N/A | 6.1 MEDIUM |
| The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as wh_homepage, wh_text_short, wh_text_full and in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-1368 | 1 Xhcms Project | 1 Xhcms | 2023-03-16 | N/A | 9.8 CRITICAL |
| A vulnerability was found in XHCMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. The manipulation of the argument user leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222874 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-25279 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2023-03-16 | N/A | 9.8 CRITICAL |
| OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2023-1378 | 1 Friendly Island Pizza Website And Ordering System Project | 1 Friendly Island Pizza Website And Ordering System | 2023-03-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This vulnerability affects unknown code of the file paypalsuccess.php of the component POST Parameter Handler. The manipulation of the argument cusid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222904. | |||||
| CVE-2023-0628 | 1 Docker | 1 Docker Desktop | 2023-03-16 | N/A | 7.8 HIGH |
| Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | |||||
| CVE-2022-46705 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-03-16 | N/A | 4.3 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2022-32877 | 1 Apple | 1 Macos | 2023-03-16 | N/A | 5.5 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data. | |||||
| CVE-2022-32863 | 1 Apple | 2 Macos, Safari | 2023-03-16 | N/A | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-32793 | 2 Apple, Fedoraproject | 6 Ipados, Iphone Os, Macos and 3 more | 2023-03-16 | N/A | 7.5 HIGH |
| Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. | |||||
| CVE-2022-22643 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. | |||||
| CVE-2022-47171 | 1 Ip Vault - Wp Firewall Project | 1 Ip Vault - Wp Firewall | 2023-03-16 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions. | |||||
| CVE-2022-47163 | 1 Wp Csv To Database Project | 1 Wp Csv To Database | 2023-03-16 | N/A | 7.5 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions. | |||||
| CVE-2022-47162 | 1 Dh - Anti Adblocker Project | 1 Dh - Anti Adblocker | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions. | |||||
| CVE-2022-47155 | 1 Supsystic | 1 Slider | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions. | |||||
| CVE-2022-23791 | 1 Firmanet | 1 Customer Relation Manager | 2023-03-16 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS).This issue affects Customer Relation Manager: before 2022.03.13. | |||||
| CVE-2023-24921 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||