Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2023-27160 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27160)
SSRF in ssrf (CVE-2023-27160). Successful exploitation can lead to full system takeover.
CVE-2023-1060 Cross-Site Scripting (XSS) in ykmbilisim (CVE-2023-1060)
cross-site scripting in ykmbilisim (CVE-2023-1060). Risk of unauthorized operations or information disclosure.
CVE-2023-1725 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-1725)
SSRF in ssrf (CVE-2023-1725). Successful exploitation can lead to full system takeover.
CVE-2023-1013 Vulnerability in dizayn (CVE-2023-1013)
vulnerability in dizayn (CVE-2023-1013). Risk of unauthorized operations or information disclosure.
CVE-2022-39197 KEV [KEV] Vulnerability in Fortra cobalt-strike (CVE-2022-39197)
vulnerability in Fortra cobalt-strike (CVE-2022-39197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-30900 KEV [KEV] Vulnerability in Apple ios (CVE-2021-30900)
vulnerability in Apple ios (CVE-2021-30900). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-42948 KEV [KEV] Cross-Site Scripting (XSS) in Fortra cobalt-strike (CVE-2022-42948)
cross-site scripting in Fortra cobalt-strike (CVE-2022-42948). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-38181 KEV [KEV] Use-After-Free in Arm :unknown: (CVE-2022-38181)
vulnerability in Arm :unknown: (CVE-2022-38181). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-04-05` or later.
CVE-2023-0266 KEV [KEV] Use-After-Free in Linux kernel (CVE-2023-0266)
vulnerability in Linux kernel (CVE-2023-0266). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-3038 KEV [KEV] Use-After-Free in Google chromium-network-service (CVE-2022-3038)
vulnerability in Google chromium-network-service (CVE-2022-3038). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2013-3163 KEV [KEV] Code Injection in Microsoft internet-explorer (CVE-2013-3163)
code injection in Microsoft internet-explorer (CVE-2013-3163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-7494 KEV [KEV] Code Injection in samba (CVE-2017-7494)
code injection in samba (CVE-2017-7494). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-22706 KEV [KEV] Buffer Overflow in Arm :unknown: (CVE-2022-22706)
vulnerability in Arm :unknown: (CVE-2022-22706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `SoCVersion:2023-06-05` or later.
CVE-2023-1652 Use-After-Free in c (CVE-2023-1652)
vulnerability in c (CVE-2023-1652). Confidential information can be exposed externally.
CVE-2023-27167 SQL Injection in sqli (CVE-2023-27167)
SQL injection in sqli (CVE-2023-27167). Confidential information can be exposed externally.
CVE-2023-25260 Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
CVE-2023-25262 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-25262)
SSRF in ssrf (CVE-2023-25262). Confidential information can be exposed externally.
CVE-2023-25263 Vulnerability in stimulsoft (CVE-2023-25263)
vulnerability in stimulsoft (CVE-2023-25263). Confidential information can be exposed externally.
CVE-2023-25261 Code Injection in stimulsoft (CVE-2023-25261)
code injection in stimulsoft (CVE-2023-25261). Successful exploitation can lead to full system takeover.
CVE-2023-24094 Out-of-Bounds Write in dos (CVE-2023-24094)
out-of-bounds write in dos (CVE-2023-24094). Risk of unauthorized operations or information disclosure.
CVE-2022-41354 Vulnerability in linuxfoundation (CVE-2022-41354)
vulnerability in linuxfoundation (CVE-2022-41354). Risk of unauthorized operations or information disclosure.
CVE-2023-28884 In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
CVE-2022-45597 Vulnerability in componentspace (CVE-2022-45597)
vulnerability in componentspace (CVE-2022-45597). Successful exploitation can lead to full system takeover.
CVE-2023-1051 Cross-Site Scripting (XSS) in askoc (CVE-2023-1051)
cross-site scripting in askoc (CVE-2023-1051). Risk of unauthorized operations or information disclosure.
CVE-2023-1050 SQL Injection in sqli (CVE-2023-1050)
SQL injection in sqli (CVE-2023-1050). Successful exploitation can lead to full system takeover.
CVE-2023-27249 Out-of-Bounds Write in c (CVE-2023-27249)
out-of-bounds write in c (CVE-2023-27249). Risk of unauthorized operations or information disclosure.
CVE-2023-1153 SQL Injection in sqli (CVE-2023-1153)
SQL injection in sqli (CVE-2023-1153). Successful exploitation can lead to full system takeover.
CVE-2023-1154 Cross-Site Scripting (XSS) in pacsrapor (CVE-2023-1154)
cross-site scripting in pacsrapor (CVE-2023-1154). Risk of unauthorized operations or information disclosure.
CVE-2023-0320 Cross-Site Scripting (XSS) in university-information-management-system-project (CVE-2023-0320)
cross-site scripting in university-information-management-system-project (CVE-2023-0320). Risk of unauthorized operations or information disclosure.
CVE-2023-28606 js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
CVE-2023-28607 js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
CVE-2023-1152 SQL Injection in sqli (CVE-2023-1152)
SQL injection in sqli (CVE-2023-1152). Successful exploitation can lead to full system takeover.
CVE-2023-28531 Vulnerability in openbsd (CVE-2023-28531)
vulnerability in openbsd (CVE-2023-28531). Successful exploitation can lead to full system takeover.
CVE-2023-26769 Vulnerability in c (CVE-2023-26769)
vulnerability in c (CVE-2023-26769). Risk of unauthorized operations or information disclosure.
CVE-2023-0322 Cross-Site Scripting (XSS) in talentyazilim (CVE-2023-0322)
cross-site scripting in talentyazilim (CVE-2023-0322). Risk of unauthorized operations or information disclosure.
CVE-2023-26360 KEV [KEV] Vulnerability in Adobe coldfusion (CVE-2023-26360)
vulnerability in Adobe coldfusion (CVE-2023-26360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-23398 Microsoft Excel Spoofing Vulnerability
Microsoft Excel Spoofing Vulnerability
CVE-2023-23391 Office for Android Spoofing Vulnerability
Office for Android Spoofing Vulnerability
CVE-2022-23791 Cross-Site Scripting (XSS) in firmanet (CVE-2022-23791)
cross-site scripting in firmanet (CVE-2022-23791). Risk of unauthorized operations or information disclosure.
CVE-2022-23790 Cross-Site Scripting (XSS) in firmanet (CVE-2022-23790)
cross-site scripting in firmanet (CVE-2022-23790). Risk of unauthorized operations or information disclosure.
CVE-2021-4195 Cross-Site Scripting (XSS) in firmanet (CVE-2021-4195)
cross-site scripting in firmanet (CVE-2021-4195). Risk of unauthorized operations or information disclosure.
CVE-2023-24880 KEV [KEV] Authorization Flaw in Microsoft windows (CVE-2023-24880)
vulnerability in Microsoft windows (CVE-2023-24880). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-41328 KEV [KEV] Path Traversal in Fortinet fortios (CVE-2022-41328)
path traversal in Fortinet fortios (CVE-2022-41328). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-23397 KEV [KEV] Vulnerability in Microsoft office (CVE-2023-23397)
vulnerability in Microsoft office (CVE-2023-23397). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-23327 Information Disclosure in avantfax (CVE-2023-23327)
vulnerability in avantfax (CVE-2023-23327). Confidential information can be exposed externally.
CVE-2023-23328 Unrestricted File Upload in avantfax (CVE-2023-23328)
vulnerability in avantfax (CVE-2023-23328). Successful exploitation can lead to full system takeover.
CVE-2023-23326 Cross-Site Scripting (XSS) in avantfax (CVE-2023-23326)
cross-site scripting in avantfax (CVE-2023-23326). Risk of unauthorized operations or information disclosure.
CVE-2023-1198 SQL Injection in sqli (CVE-2023-1198)
SQL injection in sqli (CVE-2023-1198). Successful exploitation can lead to full system takeover.
CVE-2023-1246 Vulnerability in saysis (CVE-2023-1246)
vulnerability in saysis (CVE-2023-1246). Confidential information can be exposed externally.
CVE-2023-27164 Unrestricted File Upload in halo (CVE-2023-27164)
vulnerability in halo (CVE-2023-27164). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →