Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-24396 |
|
Cross-Site Scripting (XSS) in stimulsoft (CVE-2024-24396)
cross-site scripting in stimulsoft (CVE-2024-24396). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-24397 |
|
Cross-Site Scripting (XSS) in stimulsoft (CVE-2024-24397)
cross-site scripting in stimulsoft (CVE-2024-24397). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-6919 |
|
Vulnerability in c (CVE-2023-6919)
vulnerability in c (CVE-2023-6919). Confidential information can be exposed externally.
|
| CVE-2024-22922 |
|
Privilege Escalation in projectworlds (CVE-2024-22922)
vulnerability in projectworlds (CVE-2024-22922). Successful exploitation can lead to full system takeover.
|
| CVE-2024-22099 |
|
Vulnerability in c (CVE-2024-22099)
vulnerability in c (CVE-2024-22099). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-23848 |
|
Use-After-Free in c (CVE-2024-23848)
vulnerability in c (CVE-2024-23848). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-51946 |
|
Cross-Site Scripting (XSS) in actidata (CVE-2023-51946)
cross-site scripting in actidata (CVE-2023-51946). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-51947 |
|
Vulnerability in actidata (CVE-2023-51947)
vulnerability in actidata (CVE-2023-51947). Confidential information can be exposed externally.
|
| CVE-2023-46474 |
|
Unrestricted File Upload in sigb (CVE-2023-46474)
vulnerability in sigb (CVE-2023-46474). Successful exploitation can lead to full system takeover.
|
| CVE-2024-0241 |
|
Vulnerability in rails (CVE-2024-0241)
vulnerability in rails (CVE-2024-0241). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37607 |
|
Path Traversal in path-traversal (CVE-2023-37607)
path traversal in path-traversal (CVE-2023-37607). Confidential information can be exposed externally.
|
| CVE-2023-50470 |
|
Cross-Site Scripting (XSS) in seacms (CVE-2023-50470)
cross-site scripting in seacms (CVE-2023-50470). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-46987 |
|
Code Injection in seacms (CVE-2023-46987)
code injection in seacms (CVE-2023-46987). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48795 |
|
Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
|
| CVE-2023-50918 |
|
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
|
| CVE-2023-49494 |
|
Cross-Site Scripting (XSS) in dedecms (CVE-2023-49494)
cross-site scripting in dedecms (CVE-2023-49494). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-48940 |
|
Cross-Site Scripting (XSS) in daicuo (CVE-2023-48940)
cross-site scripting in daicuo (CVE-2023-48940). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-42917 KEV |
|
[KEV] Out-of-Bounds Write in Apple java (CVE-2023-42917)
out-of-bounds write in Apple java (CVE-2023-42917). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.8.0, 8.0.411` or later.
|
| CVE-2023-49926 |
|
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
|
| CVE-2023-49081 |
|
Vulnerability in aiohttp (CVE-2023-49081)
vulnerability in aiohttp (CVE-2023-49081). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-49082 |
|
Vulnerability in aiohttp (CVE-2023-49082)
vulnerability in aiohttp (CVE-2023-49082). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-48105 |
|
Out-of-Bounds Write in c (CVE-2023-48105)
out-of-bounds write in c (CVE-2023-48105). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4911 KEV |
|
[KEV] Vulnerability in Gnu c (CVE-2023-4911)
vulnerability in Gnu c (CVE-2023-4911). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2023-48238 |
|
Vulnerability in json-web-token (CVE-2023-48238)
vulnerability in json-web-token (CVE-2023-48238). Data can be tampered with by attackers. Exploitable via ``decode``. Mitigation: upgrade to `4.0.0` or later.
|
| CVE-2023-48655 |
|
Vulnerability in misp-project (CVE-2023-48655)
vulnerability in misp-project (CVE-2023-48655). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48656 |
|
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
|
| CVE-2023-48657 |
|
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
|
| CVE-2023-48658 |
|
Vulnerability in misp-project (CVE-2023-48658)
vulnerability in misp-project (CVE-2023-48658). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48659 |
|
Vulnerability in misp-project (CVE-2023-48659)
vulnerability in misp-project (CVE-2023-48659). Successful exploitation can lead to full system takeover.
|
| CVE-2023-47233 |
|
Use-After-Free in c (CVE-2023-47233)
vulnerability in c (CVE-2023-47233). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-46958 |
|
Code Injection in lmxcms (CVE-2023-46958)
code injection in lmxcms (CVE-2023-46958). Successful exploitation can lead to full system takeover.
|
| CVE-2023-46246 |
|
Vulnerability in c (CVE-2023-46246)
vulnerability in c (CVE-2023-46246). Risk of unauthorized operations or information disclosure. Exploitable via ``ga_grow_inner``.
|
| CVE-2023-46233 |
|
Vulnerability in crypto-js-project (CVE-2023-46233)
vulnerability in crypto-js-project (CVE-2023-46233). Confidential information can be exposed externally.
|
| CVE-2023-5367 |
|
Out-of-Bounds Write in c (CVE-2023-5367)
out-of-bounds write in c (CVE-2023-5367). Successful exploitation can lead to full system takeover.
|
| CVE-2023-46010 |
|
Code Injection in seacms (CVE-2023-46010)
code injection in seacms (CVE-2023-46010). Successful exploitation can lead to full system takeover.
|
| CVE-2023-45815 |
|
Cross-Site Scripting (XSS) in archivebox (CVE-2023-45815)
cross-site scripting in archivebox (CVE-2023-45815). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2023-38546 |
|
Vulnerability in c (CVE-2023-38546)
vulnerability in c (CVE-2023-38546). Risk of unauthorized operations or information disclosure. Exploitable via ``none``.
|
| CVE-2023-45898 |
|
Use-After-Free in c (CVE-2023-45898)
vulnerability in c (CVE-2023-45898). Successful exploitation can lead to full system takeover.
|
| CVE-2023-30148 |
|
Cross-Site Scripting (XSS) in store-opart (CVE-2023-30148)
cross-site scripting in store-opart (CVE-2023-30148). Confidential information can be exposed externally.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2023-41446 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41446)
cross-site scripting in phpkobo (CVE-2023-41446). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41447 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41447)
cross-site scripting in phpkobo (CVE-2023-41447). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41448 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41448)
cross-site scripting in phpkobo (CVE-2023-41448). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41451 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41451)
cross-site scripting in phpkobo (CVE-2023-41451). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41452 |
|
Cross-Site Request Forgery (CSRF) in phpkobo (CVE-2023-41452)
vulnerability in phpkobo (CVE-2023-41452). Successful exploitation can lead to full system takeover.
|
| CVE-2023-41453 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41453)
cross-site scripting in phpkobo (CVE-2023-41453). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41445 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41445)
cross-site scripting in phpkobo (CVE-2023-41445). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-43856 |
|
Vulnerability in iteachyou (CVE-2023-43856)
vulnerability in iteachyou (CVE-2023-43856). Confidential information can be exposed externally.
|
| CVE-2023-43234 |
|
Code Injection in dedebiz (CVE-2023-43234)
code injection in dedebiz (CVE-2023-43234). Successful exploitation can lead to full system takeover.
|
| CVE-2023-43278 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2023-43278)
vulnerability in csrf (CVE-2023-43278). Successful exploitation can lead to full system takeover.
|