Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2023-30186 |
|
Use-After-Free in onlyoffice (CVE-2023-30186)
vulnerability in onlyoffice (CVE-2023-30186). Successful exploitation can lead to full system takeover.
|
| CVE-2023-30187 |
|
Out-of-Bounds Write in onlyoffice (CVE-2023-30187)
out-of-bounds write in onlyoffice (CVE-2023-30187). Successful exploitation can lead to full system takeover.
|
| CVE-2023-30188 |
|
Vulnerability in dos (CVE-2023-30188)
vulnerability in dos (CVE-2023-30188). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37847 |
|
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.
|
| CVE-2020-35990 |
|
Vulnerability in dos (CVE-2020-35990)
vulnerability in dos (CVE-2020-35990). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-40224 |
|
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
|
| CVE-2023-39805 |
|
SQL Injection in sqli (CVE-2023-39805)
SQL injection in sqli (CVE-2023-39805). Successful exploitation can lead to full system takeover.
|
| CVE-2023-39806 |
|
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
|
| CVE-2023-33469 |
|
Code Injection in kramerav (CVE-2023-33469)
code injection in kramerav (CVE-2023-33469). Successful exploitation can lead to full system takeover.
|
| CVE-2023-33468 |
|
Authorization Flaw in kramerav (CVE-2023-33468)
vulnerability in kramerav (CVE-2023-33468). Confidential information can be exposed externally.
|
| CVE-2023-39004 |
|
Vulnerability in privilege-escalation (CVE-2023-39004)
vulnerability in privilege-escalation (CVE-2023-39004). Successful exploitation can lead to full system takeover.
|
| CVE-2023-39003 |
|
Vulnerability in opnsense (CVE-2023-39003)
vulnerability in opnsense (CVE-2023-39003). Confidential information can be exposed externally.
|
| CVE-2023-3632 |
|
Vulnerability in kunduz (CVE-2023-3632)
vulnerability in kunduz (CVE-2023-3632). Successful exploitation can lead to full system takeover.
|
| CVE-2023-26961 |
|
Cross-Site Scripting (XSS) in alteryx (CVE-2023-26961)
cross-site scripting in alteryx (CVE-2023-26961). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /gallery/api/media`.
|
| CVE-2023-36897 |
|
Visual Studio Tools for Office Runtime Spoofing Vulnerability
Visual Studio Tools for Office Runtime Spoofing Vulnerability
|
| CVE-2023-37646 |
|
Path Traversal in path-traversal (CVE-2023-37646)
path traversal in path-traversal (CVE-2023-37646). Successful exploitation can lead to full system takeover.
|
| CVE-2023-3386 |
|
SQL Injection in sqli (CVE-2023-3386)
SQL injection in sqli (CVE-2023-3386). Successful exploitation can lead to full system takeover.
|
| CVE-2023-3522 |
|
SQL Injection in sqli (CVE-2023-3522)
SQL injection in sqli (CVE-2023-3522). Successful exploitation can lead to full system takeover.
|
| CVE-2023-3651 |
|
SQL Injection in sqli (CVE-2023-3651)
SQL injection in sqli (CVE-2023-3651). Successful exploitation can lead to full system takeover.
|
| CVE-2023-3652 |
|
Cross-Site Scripting (XSS) in digital-ant (CVE-2023-3652)
cross-site scripting in digital-ant (CVE-2023-3652). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-3653 |
|
Cross-Site Scripting (XSS) in digital-ant (CVE-2023-3653)
cross-site scripting in digital-ant (CVE-2023-3653). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37684 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2023-37684)
cross-site scripting in phpgurukul (CVE-2023-37684). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37685 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2023-37685)
cross-site scripting in phpgurukul (CVE-2023-37685). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37686 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2023-37686)
cross-site scripting in phpgurukul (CVE-2023-37686). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37688 |
|
Cross-Site Scripting (XSS) in sqli (CVE-2023-37688)
cross-site scripting in sqli (CVE-2023-37688). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37689 |
|
Cross-Site Scripting (XSS) in sqli (CVE-2023-37689)
cross-site scripting in sqli (CVE-2023-37689). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37690 |
|
Cross-Site Scripting (XSS) in sqli (CVE-2023-37690)
cross-site scripting in sqli (CVE-2023-37690). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-3716 |
|
SQL Injection in sqli (CVE-2023-3716)
SQL injection in sqli (CVE-2023-3716). Successful exploitation can lead to full system takeover.
|
| CVE-2023-37687 |
|
SQL Injection in phpgurukul (CVE-2023-37687)
SQL injection in phpgurukul (CVE-2023-37687). Successful exploitation can lead to full system takeover.
|
| CVE-2023-37683 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2023-37683)
cross-site scripting in phpgurukul (CVE-2023-37683). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-3717 |
|
SQL Injection in sqli (CVE-2023-3717)
SQL injection in sqli (CVE-2023-3717). Successful exploitation can lead to full system takeover.
|
| CVE-2023-3898 |
|
SQL Injection in sqli (CVE-2023-3898)
SQL injection in sqli (CVE-2023-3898). Successful exploitation can lead to full system takeover.
|
| CVE-2017-18368 KEV |
|
[KEV] OS Command Injection in Zyxel p660hn-t1a-routers (CVE-2017-18368)
OS command injection in Zyxel p660hn-t1a-routers (CVE-2017-18368). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-36095 |
|
Code Injection in langchain (CVE-2023-36095)
code injection in langchain (CVE-2023-36095). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.236` or later.
|
| CVE-2023-36158 |
|
Cross-Site Scripting (XSS) in oretnom23 (CVE-2023-36158)
cross-site scripting in oretnom23 (CVE-2023-36158). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-36159 |
|
Cross-Site Scripting (XSS) in oretnom23 (CVE-2023-36159)
cross-site scripting in oretnom23 (CVE-2023-36159). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-38952 |
|
Vulnerability in zkteco (CVE-2023-38952)
vulnerability in zkteco (CVE-2023-38952). Confidential information can be exposed externally.
|
| CVE-2023-38951 |
|
Path Traversal in path-traversal (CVE-2023-38951)
path traversal in path-traversal (CVE-2023-38951). Successful exploitation can lead to full system takeover.
|
| CVE-2023-37679 |
|
Command Injection in nextgen (CVE-2023-37679)
command injection in nextgen (CVE-2023-37679). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38954 |
|
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
|
| CVE-2023-36255 |
|
Code Injection in eramba (CVE-2023-36255)
code injection in eramba (CVE-2023-36255). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38958 |
|
Authorization Flaw in zkteco (CVE-2023-38958)
vulnerability in zkteco (CVE-2023-38958). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-38956 |
|
Path Traversal in path-traversal (CVE-2023-38956)
path traversal in path-traversal (CVE-2023-38956). Confidential information can be exposed externally.
|
| CVE-2023-38955 |
|
Vulnerability in zkteco (CVE-2023-38955)
vulnerability in zkteco (CVE-2023-38955). Confidential information can be exposed externally.
|
| CVE-2023-36082 |
|
Vulnerability in gatesair (CVE-2023-36082)
vulnerability in gatesair (CVE-2023-36082). Successful exploitation can lead to full system takeover.
|
| CVE-2023-36081 |
|
Cross-Site Scripting (XSS) in gatesair (CVE-2023-36081)
cross-site scripting in gatesair (CVE-2023-36081). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-34552 |
|
Out-of-Bounds Write in c (CVE-2023-34552)
out-of-bounds write in c (CVE-2023-34552). Successful exploitation can lead to full system takeover.
|
| CVE-2023-34551 |
|
Out-of-Bounds Write in c (CVE-2023-34551)
out-of-bounds write in c (CVE-2023-34551). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38559 |
|
Out-of-Bounds Read in c (CVE-2023-38559)
vulnerability in c (CVE-2023-38559). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-34960 |
|
Command Injection in chamilo (CVE-2023-34960)
command injection in chamilo (CVE-2023-34960). Successful exploitation can lead to full system takeover.
|