Total
254538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33789 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2023-34565 | 2024-02-02 | N/A | 5.4 MEDIUM | ||
| Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function. | |||||
| CVE-2023-33800 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2023-37625 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates. | |||||
| CVE-2023-36234 | 1 Netbox | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. | |||||
| CVE-2023-33799 | 1 Netbox Project | 1 Netbox | 2024-02-02 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2023-45117 | 1 Projectworlds | 1 Online Examination System | 2024-02-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45116 | 1 Projectworlds | 1 Online Examination System | 2024-02-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45121 | 1 Projectworlds | 1 Online Examination System | 2024-02-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45120 | 1 Projectworlds | 1 Online Examination System | 2024-02-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2008-0599 | 1 Php | 1 Php | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | |||||
| CVE-2023-45118 | 1 Projectworlds | 1 Online Examination System | 2024-02-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-45119 | 1 Projectworlds | 1 Online Examination System | 2024-02-02 | N/A | 8.8 HIGH |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2024-02-02 | 9.3 HIGH | 8.6 HIGH |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | |||||
| CVE-2024-25001 | 2024-02-02 | N/A | N/A | ||
| Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID. ConsultIDs: none. Reason: This CVE ID is unused by its CNA. Notes: none. | |||||
| CVE-2023-44764 | 1 Concretecms | 1 Concrete Cms | 2024-02-02 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). | |||||
| CVE-2022-41613 | 1 Bentley | 1 Microstation Connect | 2024-02-02 | N/A | 7.8 HIGH |
| Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code. | |||||
| CVE-2022-40201 | 1 Bentley | 1 Microstation Connect | 2024-02-02 | N/A | 7.8 HIGH |
| Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code. | |||||
| CVE-2024-0625 | 2024-02-02 | N/A | 4.8 MEDIUM | ||
| The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-0617 | 2024-02-02 | N/A | 5.3 MEDIUM | ||
| The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue. | |||||