Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2023-49494 |
|
Cross-Site Scripting (XSS) in dedecms (CVE-2023-49494)
cross-site scripting in dedecms (CVE-2023-49494). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-48940 |
|
Cross-Site Scripting (XSS) in daicuo (CVE-2023-48940)
cross-site scripting in daicuo (CVE-2023-48940). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-49926 |
|
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
|
| CVE-2023-48655 |
|
Vulnerability in misp-project (CVE-2023-48655)
vulnerability in misp-project (CVE-2023-48655). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48656 |
|
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
|
| CVE-2023-48657 |
|
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
|
| CVE-2023-48658 |
|
Vulnerability in misp-project (CVE-2023-48658)
vulnerability in misp-project (CVE-2023-48658). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48659 |
|
Vulnerability in misp-project (CVE-2023-48659)
vulnerability in misp-project (CVE-2023-48659). Successful exploitation can lead to full system takeover.
|
| CVE-2023-46958 |
|
Code Injection in lmxcms (CVE-2023-46958)
code injection in lmxcms (CVE-2023-46958). Successful exploitation can lead to full system takeover.
|
| CVE-2023-46010 |
|
Code Injection in seacms (CVE-2023-46010)
code injection in seacms (CVE-2023-46010). Successful exploitation can lead to full system takeover.
|
| CVE-2023-30148 |
|
Cross-Site Scripting (XSS) in store-opart (CVE-2023-30148)
cross-site scripting in store-opart (CVE-2023-30148). Confidential information can be exposed externally.
|
| CVE-2023-41446 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41446)
cross-site scripting in phpkobo (CVE-2023-41446). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41447 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41447)
cross-site scripting in phpkobo (CVE-2023-41447). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41448 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41448)
cross-site scripting in phpkobo (CVE-2023-41448). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41451 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41451)
cross-site scripting in phpkobo (CVE-2023-41451). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41452 |
|
Cross-Site Request Forgery (CSRF) in phpkobo (CVE-2023-41452)
vulnerability in phpkobo (CVE-2023-41452). Successful exploitation can lead to full system takeover.
|
| CVE-2023-41453 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41453)
cross-site scripting in phpkobo (CVE-2023-41453). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-41445 |
|
Cross-Site Scripting (XSS) in phpkobo (CVE-2023-41445)
cross-site scripting in phpkobo (CVE-2023-41445). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-43234 |
|
Code Injection in dedebiz (CVE-2023-43234)
code injection in dedebiz (CVE-2023-43234). Successful exploitation can lead to full system takeover.
|
| CVE-2023-43278 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2023-43278)
vulnerability in csrf (CVE-2023-43278). Successful exploitation can lead to full system takeover.
|
| CVE-2023-34576 |
|
SQL Injection in sqli (CVE-2023-34576)
SQL injection in sqli (CVE-2023-34576). Successful exploitation can lead to full system takeover.
|
| CVE-2023-40931 |
|
SQL Injection in sqli (CVE-2023-40931)
SQL injection in sqli (CVE-2023-40931). Confidential information can be exposed externally.
|
| CVE-2021-45811 |
|
SQL Injection in sqli (CVE-2021-45811)
SQL injection in sqli (CVE-2021-45811). Confidential information can be exposed externally.
|
| CVE-2023-41098 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2023-41098)
cross-site scripting in misp-project (CVE-2023-41098). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-39807 |
|
SQL Injection in sqli (CVE-2023-39807)
SQL injection in sqli (CVE-2023-39807). Successful exploitation can lead to full system takeover.
|
| CVE-2023-39809 |
|
Command Injection in nvki (CVE-2023-39809)
command injection in nvki (CVE-2023-39809). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38838 |
|
SQL Injection in sqli (CVE-2023-38838)
SQL injection in sqli (CVE-2023-38838). Confidential information can be exposed externally.
|
| CVE-2023-39805 |
|
SQL Injection in sqli (CVE-2023-39805)
SQL injection in sqli (CVE-2023-39805). Successful exploitation can lead to full system takeover.
|
| CVE-2023-34842 |
|
Code Injection in dedecms (CVE-2023-34842)
code injection in dedecms (CVE-2023-34842). Successful exploitation can lead to full system takeover.
|
| CVE-2023-37647 |
|
SQL Injection in sqli (CVE-2023-37647)
SQL injection in sqli (CVE-2023-37647). Successful exploitation can lead to full system takeover.
|
| CVE-2023-34752 |
|
SQL Injection in sqli (CVE-2023-34752)
SQL injection in sqli (CVE-2023-34752). Successful exploitation can lead to full system takeover.
|
| CVE-2023-34944 |
|
Unrestricted File Upload in chamilo (CVE-2023-34944)
vulnerability in chamilo (CVE-2023-34944). Successful exploitation can lead to full system takeover.
|
| CVE-2022-47879 |
|
Code Injection in jedox (CVE-2022-47879)
code injection in jedox (CVE-2022-47879). Successful exploitation can lead to full system takeover.
|
| CVE-2022-47880 |
|
Vulnerability in jedox (CVE-2022-47880)
vulnerability in jedox (CVE-2022-47880). Confidential information can be exposed externally.
|
| CVE-2023-30185 |
|
Unrestricted File Upload in crmeb (CVE-2023-30185)
vulnerability in crmeb (CVE-2023-30185). Successful exploitation can lead to full system takeover.
|
| CVE-2023-30242 |
|
SQL Injection in sqli (CVE-2023-30242)
SQL injection in sqli (CVE-2023-30242). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27666 |
|
Cross-Site Scripting (XSS) in auto-dealer-management-system-project (CVE-2023-27666)
cross-site scripting in auto-dealer-management-system-project (CVE-2023-27666). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-28884 |
|
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
|
| CVE-2023-23328 |
|
Unrestricted File Upload in avantfax (CVE-2023-23328)
vulnerability in avantfax (CVE-2023-23328). Successful exploitation can lead to full system takeover.
|
| CVE-2021-35377 |
|
Cross-Site Scripting (XSS) in vicidial (CVE-2021-35377)
cross-site scripting in vicidial (CVE-2021-35377). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-24317 |
|
Unrestricted File Upload in judging-management-system-project (CVE-2023-24317)
vulnerability in judging-management-system-project (CVE-2023-24317). Confidential information can be exposed externally.
|
| CVE-2022-48328 |
|
Vulnerability in misp-project (CVE-2022-48328)
vulnerability in misp-project (CVE-2022-48328). Successful exploitation can lead to full system takeover.
|
| CVE-2022-48329 |
|
Vulnerability in misp-project (CVE-2022-48329)
vulnerability in misp-project (CVE-2022-48329). Successful exploitation can lead to full system takeover.
|
| CVE-2022-45088 |
|
Vulnerability in gruparge (CVE-2022-45088)
vulnerability in gruparge (CVE-2022-45088). Successful exploitation can lead to full system takeover.
|
| CVE-2020-22452 |
|
SQL Injection in sqli (CVE-2020-22452)
SQL injection in sqli (CVE-2020-22452). Successful exploitation can lead to full system takeover.
|
| CVE-2022-44960 |
|
Cross-Site Scripting (XSS) in webtareas-project (CVE-2022-44960)
cross-site scripting in webtareas-project (CVE-2022-44960). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-44961 |
|
Cross-Site Scripting (XSS) in webtareas-project (CVE-2022-44961)
cross-site scripting in webtareas-project (CVE-2022-44961). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-44962 |
|
Cross-Site Scripting (XSS) in webtareas-project (CVE-2022-44962)
cross-site scripting in webtareas-project (CVE-2022-44962). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-44944 |
|
Cross-Site Scripting (XSS) in rukovoditel (CVE-2022-44944)
cross-site scripting in rukovoditel (CVE-2022-44944). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-44946 |
|
Cross-Site Scripting (XSS) in rukovoditel (CVE-2022-44946)
cross-site scripting in rukovoditel (CVE-2022-44946). Risk of unauthorized operations or information disclosure.
|