Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-1149 Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. | 5.4 | MEDIUM | โ | 0 |
| CVE-2023-1151 A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrato... | 6.3 | MEDIUM | โ | 0 |
| CVE-2021-45477 Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before... | 6.5 | MEDIUM | โ | 0 |
| CVE-2021-45478 Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before... | 6.5 | MEDIUM | โ | 0 |
| CVE-2021-45479 Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: b... | 5.4 | MEDIUM | โ | 0 |
| CVE-2021-3854 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection.ย This issue affects Useroam Hotspot: before 5... | 9.8 | CRITICAL | โ | 0 |
| CVE-2023-25362 A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | HIGH | โ | 0 |
| CVE-2023-25363 A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | HIGH | โ | 0 |
| CVE-2023-25536 Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate man... | 6.7 | MEDIUM | โ | 0 |
| CVE-2023-26780 CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | โ | 0 |
| CVE-2018-20250 In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with s... | 7.8 | HIGH | KEV | 0 |
| CVE-2023-26477 XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeN... | 10.0 | CRITICAL | โ | 0 |
| CVE-2023-26478 XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc... | 6.6 | MEDIUM | โ | 0 |
| CVE-2023-26479 XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2023-26480 XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XW... | 8.9 | HIGH | โ | 0 |
| CVE-2021-4328 A vulnerability has been found in ็ฎๅญ้ฑผCMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument g... | 6.3 | MEDIUM | โ | 0 |
| CVE-2023-1156 A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. This vulnerability affects unknown code of the file admin/fecalysis_form.php. ... | 3.5 | LOW | โ | 0 |
| CVE-2023-1157 A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads... | 2.8 | LOW | โ | 0 |
| CVE-2023-26051 Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. S... | 6.5 | MEDIUM | โ | 0 |
| CVE-2023-26052 Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. S... | 3.7 | LOW | โ | 0 |
| CVE-2023-26055 XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be e... | 9.9 | CRITICAL | โ | 0 |
| CVE-2023-26056 XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming rig... | 5.4 | MEDIUM | โ | 0 |
| CVE-2023-26470 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. ... | 5.7 | MEDIUM | โ | 0 |
| CVE-2023-26471 XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but... | 9.9 | CRITICAL | โ | 0 |
| CVE-2023-26472 XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content.... | 9.9 | CRITICAL | โ | 0 |
| CVE-2023-26473 XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been pat... | 6.5 | MEDIUM | โ | 0 |
| CVE-2023-26474 XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XW... | 9.9 | CRITICAL | โ | 0 |
| CVE-2023-26475 XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the r... | 9.9 | CRITICAL | โ | 0 |
| CVE-2023-26476 XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The... | 7.5 | HIGH | โ | 0 |
| CVE-2023-22883 Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain du... | 7.2 | HIGH | โ | 0 |
| CVE-2022-35645 IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary Java... | 6.4 | MEDIUM | โ | 0 |
| CVE-2022-46501 Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. | 9.8 | CRITICAL | โ | 0 |
| CVE-2023-22381 A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a W... | 4.1 | MEDIUM | โ | 0 |
| CVE-2023-0656 A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | 7.5 | HIGH | โ | 0 |
| CVE-2023-1160 Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. | 5.5 | MEDIUM | โ | 0 |
| CVE-2023-20104 A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interfa... | 6.1 | MEDIUM | โ | 0 |
| CVE-2023-0457 Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to... | 7.5 | HIGH | โ | 0 |
| CVE-2023-0577 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: ... | 6.1 | MEDIUM | โ | 0 |
| CVE-2023-0578 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book... | 6.1 | MEDIUM | โ | 0 |
| CVE-2023-1162 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the ... | 7.2 | HIGH | โ | 0 |
| CVE-2023-1163 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the fil... | 6.5 | MEDIUM | โ | 0 |
| CVE-2023-24643 Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. | 9.8 | CRITICAL | โ | 0 |
| CVE-2023-1164 A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads... | 8.4 | HIGH | โ | 0 |
| CVE-2023-0957 An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Git... | 8.2 | HIGH | โ | 0 |
| CVE-2023-1165 A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argum... | 5.5 | MEDIUM | โ | 0 |
| CVE-2023-20061 Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on a... | 6.5 | MEDIUM | โ | 0 |
| CVE-2023-27566 Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file. | 7.8 | HIGH | โ | 0 |
| CVE-2023-20062 Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on a... | 6.5 | MEDIUM | โ | 0 |
| CVE-2023-20069 A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stor... | 5.4 | MEDIUM | โ | 0 |
| CVE-2023-20078 Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) c... | 9.8 | CRITICAL | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.