Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27205 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | |||||
| CVE-2023-27204 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | |||||
| CVE-2023-27203 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php. | |||||
| CVE-2023-27202 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 9.8 CRITICAL |
| Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php. | |||||
| CVE-2023-0623 | 1 Hornerautomation | 1 Cscape Envision Rv | 2023-03-12 | N/A | 7.8 HIGH |
| Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-0622 | 1 Hornerautomation | 1 Cscape Envision Rv | 2023-03-12 | N/A | 7.8 HIGH |
| Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-0621 | 1 Hornerautomation | 1 Cscape Envision Rv | 2023-03-12 | N/A | 7.8 HIGH |
| Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | |||||
| CVE-2023-27208 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2023-03-12 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. | |||||
| CVE-2023-27206 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-12 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | |||||
| CVE-2023-26952 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-12 | N/A | 5.4 MEDIUM |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module. | |||||
| CVE-2023-26950 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-12 | N/A | 5.4 MEDIUM |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module. | |||||
| CVE-2023-1320 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1319 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1318 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1317 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1316 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2023-1315 | 1 Enhancesoft | 1 Osticket | 2023-03-12 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | |||||
| CVE-2022-23837 | 2 Contribsys, Debian | 2 Sidekiq, Debian Linux | 2023-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. | |||||
| CVE-2021-30151 | 2 Contribsys, Debian | 2 Sidekiq, Debian Linux | 2023-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | |||||
| CVE-2019-13038 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 4 Ubuntu Linux, Fedora, Mod Auth Mellon and 1 more | 2023-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | |||||