Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2023-26246 |
|
Privilege Escalation in hyundai (CVE-2023-26246)
vulnerability in hyundai (CVE-2023-26246). Successful exploitation can lead to full system takeover.
|
| CVE-2023-26243 |
|
Path Traversal in hyundai (CVE-2023-26243)
path traversal in hyundai (CVE-2023-26243). Successful exploitation can lead to full system takeover.
|
| CVE-2023-25292 |
|
Cross-Site Scripting (XSS) in group-office (CVE-2023-25292)
cross-site scripting in group-office (CVE-2023-25292). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-27979 |
|
Cross-Site Scripting (XSS) in tooljet (CVE-2022-27979)
cross-site scripting in tooljet (CVE-2022-27979). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-27978 |
|
Vulnerability in tooljet (CVE-2022-27978)
vulnerability in tooljet (CVE-2022-27978). Data can be tampered with by attackers.
|
| CVE-2023-30404 |
|
Code Injection in aigital (CVE-2023-30404)
code injection in aigital (CVE-2023-30404). Successful exploitation can lead to full system takeover.
|
| CVE-2023-26735 |
|
SSRF (Server-Side Request Forgery) in prometheus (CVE-2023-26735)
SSRF in prometheus (CVE-2023-26735). Confidential information can be exposed externally.
|
| CVE-2023-27350 KEV |
|
[KEV] Vulnerability in Papercut mfng (CVE-2023-27350)
vulnerability in Papercut mfng (CVE-2023-27350). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-28432 KEV |
|
[KEV] Information Disclosure in minio (CVE-2023-28432)
vulnerability in minio (CVE-2023-28432). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-2136 KEV |
|
[KEV] Vulnerability in Google platform/external/skia (CVE-2023-2136)
vulnerability in Google platform/external/skia (CVE-2023-2136). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `13:2023-07-01` or later.
|
| CVE-2023-27043 |
|
Vulnerability in libpython (CVE-2023-27043)
vulnerability in libpython (CVE-2023-27043). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.8.20, 3.10.15, 3.11.10, 3.12.6, 3.9.20` or later.
|
| CVE-2017-6742 KEV |
|
[KEV] Buffer Overflow in Cisco ios-and-ios-xe-software (CVE-2017-6742)
vulnerability in Cisco ios-and-ios-xe-software (CVE-2017-6742). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-46640 |
|
Command Injection in nanoleaf (CVE-2022-46640)
command injection in nanoleaf (CVE-2022-46640). Successful exploitation can lead to full system takeover.
|
| CVE-2023-1873 |
|
SQL Injection in sqli (CVE-2023-1873)
SQL injection in sqli (CVE-2023-1873). Successful exploitation can lead to full system takeover.
|
| CVE-2023-1723 |
|
SQL Injection in sqli (CVE-2023-1723)
SQL injection in sqli (CVE-2023-1723). Successful exploitation can lead to full system takeover.
|
| CVE-2019-8526 KEV |
|
[KEV] Use-After-Free in Apple macos (CVE-2019-8526)
vulnerability in Apple macos (CVE-2019-8526). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-2033 KEV |
|
[KEV] Vulnerability in Google chromium-v8 (CVE-2023-2033)
vulnerability in Google chromium-v8 (CVE-2023-2033). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-1833 |
|
Vulnerability in redline (CVE-2023-1833)
vulnerability in redline (CVE-2023-1833). Successful exploitation can lead to full system takeover.
|
| CVE-2023-1803 |
|
Vulnerability in redline (CVE-2023-1803)
vulnerability in redline (CVE-2023-1803). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27666 |
|
Cross-Site Scripting (XSS) in auto-dealer-management-system-project (CVE-2023-27666)
cross-site scripting in auto-dealer-management-system-project (CVE-2023-27666). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-1863 |
|
SQL Injection in sqli (CVE-2023-1863)
SQL injection in sqli (CVE-2023-1863). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27667 |
|
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.
|
| CVE-2023-27779 |
|
SQL Injection in sqli (CVE-2023-27779)
SQL injection in sqli (CVE-2023-27779). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27812 |
|
Path Traversal in bloofox (CVE-2023-27812)
path traversal in bloofox (CVE-2023-27812). Data can be tampered with by attackers.
|
| CVE-2023-29492 KEV |
|
[KEV] Code Injection in Novi survey novi-survey (CVE-2023-29492)
code injection in Novi survey novi-survey (CVE-2023-29492). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-20963 KEV |
|
[KEV] Vulnerability in Android platform/frameworks/base (CVE-2023-20963)
vulnerability in Android platform/frameworks/base (CVE-2023-20963). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `13:2023-03-01` or later.
|
| CVE-2023-27216 |
|
OS Command Injection in dlink (CVE-2023-27216)
OS command injection in dlink (CVE-2023-27216). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27775 |
|
Cross-Site Scripting (XSS) in liveaction (CVE-2023-27775)
cross-site scripting in liveaction (CVE-2023-27775). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-0645 |
|
Out-of-Bounds Read in libjxl-project (CVE-2023-0645)
vulnerability in libjxl-project (CVE-2023-0645). Confidential information can be exposed externally.
|
| CVE-2023-28252 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2023-28252)
vulnerability in Microsoft windows (CVE-2023-28252). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-24721 |
|
Cross-Site Scripting (XSS) in liveaction (CVE-2023-24721)
cross-site scripting in liveaction (CVE-2023-24721). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-28205 KEV |
|
[KEV] Use-After-Free in Apple multiple-products (CVE-2023-28205)
vulnerability in Apple multiple-products (CVE-2023-28205). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-28206 KEV |
|
[KEV] Out-of-Bounds Write in Apple ios (CVE-2023-28206)
out-of-bounds write in Apple ios (CVE-2023-28206). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-43309 |
|
Vulnerability in supermicro (CVE-2022-43309)
vulnerability in supermicro (CVE-2022-43309). Data can be tampered with by attackers.
|
| CVE-2023-1726 |
|
Cross-Site Scripting (XSS) in prolizyazilim (CVE-2023-1726)
cross-site scripting in prolizyazilim (CVE-2023-1726). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-26083 KEV |
|
[KEV] Vulnerability in Arm mali-graphics-processing-unit-gpu (CVE-2023-26083)
vulnerability in Arm mali-graphics-processing-unit-gpu (CVE-2023-26083). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-27876 KEV |
|
[KEV] Authentication Bypass in Veritas backup-exec-agent (CVE-2021-27876)
authentication bypass in Veritas backup-exec-agent (CVE-2021-27876). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-27877 KEV |
|
[KEV] Authentication Bypass in Veritas backup-exec-agent (CVE-2021-27877)
authentication bypass in Veritas backup-exec-agent (CVE-2021-27877). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-27878 KEV |
|
[KEV] Authentication Bypass in Veritas backup-exec-agent (CVE-2021-27878)
authentication bypass in Veritas backup-exec-agent (CVE-2021-27878). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-1388 KEV |
|
[KEV] Privilege Escalation in Microsoft windows (CVE-2019-1388)
vulnerability in Microsoft windows (CVE-2019-1388). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-22985 |
|
Cross-Site Scripting (XSS) in simple-guestbook-management-system-project (CVE-2023-22985)
cross-site scripting in simple-guestbook-management-system-project (CVE-2023-22985). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-29312 |
|
Unsafe Deserialization in zend (CVE-2020-29312)
vulnerability in zend (CVE-2020-29312). Successful exploitation can lead to full system takeover.
|
| CVE-2021-28235 |
|
Authentication Bypass in etcd (CVE-2021-28235)
authentication bypass in etcd (CVE-2021-28235). Successful exploitation can lead to full system takeover.
|
| CVE-2023-1728 |
|
Unrestricted File Upload in fernus (CVE-2023-1728)
vulnerability in fernus (CVE-2023-1728). Successful exploitation can lead to full system takeover.
|
| CVE-2023-1765 |
|
SQL Injection in sqli (CVE-2023-1765)
SQL injection in sqli (CVE-2023-1765). Successful exploitation can lead to full system takeover.
|
| CVE-2023-1766 |
|
Cross-Site Scripting (XSS) in akbim (CVE-2023-1766)
cross-site scripting in akbim (CVE-2023-1766). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-27926 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2022-27926)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2022-27926). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-27162 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27162)
SSRF in ssrf (CVE-2023-27162). Confidential information can be exposed externally.
|
| CVE-2023-27163 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27163)
SSRF in ssrf (CVE-2023-27163). Confidential information can be exposed externally.
|
| CVE-2023-27159 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27159)
SSRF in ssrf (CVE-2023-27159). Confidential information can be exposed externally.
|