Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2014-125077 A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2014-125078 A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipu... | 3.5 | LOW | β | 0 |
| CVE-2014-125079 A vulnerability was found in agy pontifex.http. It has been declared as critical. This vulnerability affects unknown code of the file lib/Http.coffee. The manipulation leads to sql injection. Upgradin... | 5.5 | MEDIUM | β | 0 |
| CVE-2015-10044 A vulnerability classified as critical was found in gophergala sqldump. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 76db54e9073b5248b88... | 5.5 | MEDIUM | β | 0 |
| CVE-2015-10045 A vulnerability, which was classified as critical, was found in tutrantta project_todolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipu... | 5.5 | MEDIUM | β | 0 |
| CVE-2015-10046 A vulnerability has been found in lolfeedback and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The identifier of the pat... | 5.5 | MEDIUM | β | 0 |
| CVE-2015-10047 A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The patch... | 5.5 | MEDIUM | β | 0 |
| CVE-2015-10048 A vulnerability was found in bmattoso desafio_buzz_woody. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patc... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-0303 A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-0304 A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. This affects an unknown part of the file admin_class.php of the component Signup Module. The manipu... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-0305 A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The m... | 6.3 | MEDIUM | β | 0 |
| CVE-2015-10049 A vulnerability was found in Overdrive EletrΓ΄nica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oedit... | 3.5 | LOW | β | 0 |
| CVE-2015-10050 A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/... | 5.5 | MEDIUM | β | 0 |
| CVE-2015-10051 A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. Affected by this issue is the function display_all_replies of the file functions/main.php. The manipulat... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-0307 Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 9.8 | CRITICAL | β | 0 |
| CVE-2015-10052 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open r... | 4.6 | MEDIUM | β | 0 |
| CVE-2016-15018 A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to add... | 5.5 | MEDIUM | β | 0 |
| CVE-2016-15019 A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information thr... | 4.3 | MEDIUM | β | 0 |
| CVE-2018-25075 A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao... | 4.6 | MEDIUM | β | 0 |
| CVE-2023-0306 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0308 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0309 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0310 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0311 Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0312 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-0313 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0314 Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-20859 In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-24788 NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | 8.8 | HIGH | β | 0 |
| CVE-2023-28329 Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | 8.8 | HIGH | β | 0 |
| CVE-2023-28330 Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-41822 An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands.Β | 4.8 | MEDIUM | β | 0 |
| CVE-2023-28332 If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-28333 The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28334 Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-28335 The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | 8.8 | HIGH | β | 0 |
| CVE-2023-28443 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to ... | 4.2 | MEDIUM | β | 0 |
| CVE-2023-28336 Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-24295 A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file. | 7.8 | HIGH | β | 0 |
| CVE-2023-27034 PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28441 smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5... | 8.0 | HIGH | β | 0 |
| CVE-2023-28442 GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive ... | 7.5 | HIGH | β | 0 |
| CVE-2023-20984 In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-28445 Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could resul... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-1616 A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the inp... | 3.5 | LOW | β | 0 |
| CVE-2023-1176 Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | 3.3 | LOW | β | 0 |
| CVE-2023-1177 Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | 9.3 | CRITICAL | β | 0 |
| CVE-2021-3844 Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an... | 5.7 | MEDIUM | β | 0 |
| CVE-2023-20985 In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional ex... | 7.8 | HIGH | β | 0 |
| CVE-2021-3684 A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exp... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.