Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2023-42426 |
|
Cross-Site Scripting (XSS) in froala (CVE-2023-42426)
cross-site scripting in froala (CVE-2023-42426). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-43141 |
|
Vulnerability in totolink (CVE-2023-43141)
vulnerability in totolink (CVE-2023-43141). Successful exploitation can lead to full system takeover.
|
| CVE-2023-41991 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2023-41991)
vulnerability in Apple multiple-products (CVE-2023-41991). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41992 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2023-41992)
vulnerability in Apple multiple-products (CVE-2023-41992). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41993 KEV |
|
[KEV] Vulnerability in Apple java (CVE-2023-41993)
vulnerability in Apple java (CVE-2023-41993). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.8.0, 8.0.411` or later.
|
| CVE-2023-34576 |
|
SQL Injection in sqli (CVE-2023-34576)
SQL injection in sqli (CVE-2023-34576). Successful exploitation can lead to full system takeover.
|
| CVE-2023-42456 |
|
Path Traversal in sudo-rs (CVE-2023-42456)
path traversal in sudo-rs (CVE-2023-42456). Risk of unauthorized operations or information disclosure. Exploitable via ``useradd``. Mitigation: upgrade to `0.2.1` or later.
|
| CVE-2023-34575 |
|
SQL Injection in sqli (CVE-2023-34575)
SQL injection in sqli (CVE-2023-34575). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38888 |
|
Cross-Site Scripting (XSS) in dolibarr (CVE-2023-38888)
cross-site scripting in dolibarr (CVE-2023-38888). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38886 |
|
OS Command Injection in dolibarr (CVE-2023-38886)
OS command injection in dolibarr (CVE-2023-38886). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38887 |
|
Unrestricted File Upload in dolibarr (CVE-2023-38887)
vulnerability in dolibarr (CVE-2023-38887). Successful exploitation can lead to full system takeover.
|
| CVE-2023-40933 |
|
SQL Injection in sqli (CVE-2023-40933)
SQL injection in sqli (CVE-2023-40933). Successful exploitation can lead to full system takeover.
|
| CVE-2023-40934 |
|
SQL Injection in sqli (CVE-2023-40934)
SQL injection in sqli (CVE-2023-40934). Successful exploitation can lead to full system takeover.
|
| CVE-2023-40932 |
|
Cross-Site Scripting (XSS) in nagios (CVE-2023-40932)
cross-site scripting in nagios (CVE-2023-40932). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-40931 |
|
SQL Injection in sqli (CVE-2023-40931)
SQL injection in sqli (CVE-2023-40931). Confidential information can be exposed externally.
|
| CVE-2023-42399 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2023-42399)
cross-site scripting in csharp (CVE-2023-42399). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-28434 KEV |
|
[KEV] Privilege Escalation in minio (CVE-2023-28434)
vulnerability in minio (CVE-2023-28434). Risk of unauthorized operations or information disclosure. Exploitable via ``PostPolicyBucket``. Listed in CISA KEV — actively exploited.
|
| CVE-2023-39046 |
|
Vulnerability in tonton-tei-waiting-project (CVE-2023-39046)
vulnerability in tonton-tei-waiting-project (CVE-2023-39046). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39049 |
|
Vulnerability in youmart-tokunaga-project (CVE-2023-39049)
vulnerability in youmart-tokunaga-project (CVE-2023-39049). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39056 |
|
Vulnerability in coffee-jumbo-project (CVE-2023-39056)
vulnerability in coffee-jumbo-project (CVE-2023-39056). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39043 |
|
Vulnerability in ykc (CVE-2023-39043)
vulnerability in ykc (CVE-2023-39043). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39058 |
|
Vulnerability in the-b-members-card-project (CVE-2023-39058)
vulnerability in the-b-members-card-project (CVE-2023-39058). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39039 |
|
Vulnerability in camp-style-project-line-project (CVE-2023-39039)
vulnerability in camp-style-project-line-project (CVE-2023-39039). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39040 |
|
Vulnerability in cheese-cafe-line-project (CVE-2023-39040)
vulnerability in cheese-cafe-line-project (CVE-2023-39040). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4527 |
|
Vulnerability in gnu (CVE-2023-4527)
vulnerability in gnu (CVE-2023-4527). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4806 |
|
Use-After-Free in gnu (CVE-2023-4806)
vulnerability in gnu (CVE-2023-4806). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41595 |
|
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
|
| CVE-2022-22265 KEV |
|
[KEV] Vulnerability in Samsung mobile-devices (CVE-2022-22265)
vulnerability in Samsung mobile-devices (CVE-2022-22265). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-8361 KEV |
|
[KEV] Vulnerability in Realtek sdk (CVE-2014-8361)
vulnerability in Realtek sdk (CVE-2014-8361). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-6884 KEV |
|
[KEV] OS Command Injection in Zyxel emg2926-routers (CVE-2017-6884)
OS command injection in Zyxel emg2926-routers (CVE-2017-6884). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41325 |
|
Vulnerability in trustedfirmware (CVE-2023-41325)
vulnerability in trustedfirmware (CVE-2023-41325). Confidential information can be exposed externally. Exploitable via ``shdr_verify_signature``.
|
| CVE-2023-4835 |
|
SQL Injection in sqli (CVE-2023-4835)
SQL injection in sqli (CVE-2023-4835). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4833 |
|
SQL Injection in sqli (CVE-2023-4833)
SQL injection in sqli (CVE-2023-4833). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4663 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2023-4663)
cross-site scripting in adobe (CVE-2023-4663). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4664 |
|
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege...
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege...
|
| CVE-2023-4662 |
|
Vulnerability in adobe (CVE-2023-4662)
vulnerability in adobe (CVE-2023-4662). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4665 |
|
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows...
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows...
|
| CVE-2023-4661 |
|
SQL Injection in sqli (CVE-2023-4661)
SQL injection in sqli (CVE-2023-4661). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4670 |
|
SQL Injection in sqli (CVE-2023-4670)
SQL injection in sqli (CVE-2023-4670). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4231 |
|
SQL Injection in sqli (CVE-2023-4231)
SQL injection in sqli (CVE-2023-4231). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4673 |
|
SQL Injection in sqli (CVE-2023-4673)
SQL injection in sqli (CVE-2023-4673). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4830 |
|
SQL Injection in sqli (CVE-2023-4830)
SQL injection in sqli (CVE-2023-4830). Successful exploitation can lead to full system takeover.
|
| CVE-2023-40983 |
|
Cross-Site Scripting (XSS) in webmin (CVE-2023-40983)
cross-site scripting in webmin (CVE-2023-40983). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-40982 |
|
Cross-Site Scripting (XSS) in webmin (CVE-2023-40982)
cross-site scripting in webmin (CVE-2023-40982). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-40984 |
|
Cross-Site Scripting (XSS) in webmin (CVE-2023-40984)
cross-site scripting in webmin (CVE-2023-40984). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-40985 |
|
Cross-Site Scripting (XSS) in webmin (CVE-2023-40985)
cross-site scripting in webmin (CVE-2023-40985). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-40986 |
|
Cross-Site Scripting (XSS) in webmin (CVE-2023-40986)
cross-site scripting in webmin (CVE-2023-40986). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4766 |
|
SQL Injection in sqli (CVE-2023-4766)
SQL injection in sqli (CVE-2023-4766). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4676 |
|
Cross-Site Scripting (XSS) in yordam (CVE-2023-4676)
cross-site scripting in yordam (CVE-2023-4676). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4702 |
|
Vulnerability in yepas (CVE-2023-4702)
vulnerability in yepas (CVE-2023-4702). Successful exploitation can lead to full system takeover.
|