• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0337
Daloradius
2023-01-23
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.
CVE-2023-0333
Templatesnext, Templatesnext Toolkit
Templatesnext_toolkit
2023-02-15
N/A
5.4 MEDIUM
The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0332
Online Food Ordering System Project
Online_food_ordering_system
2023-01-24
N/A
9.8 CRITICAL
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472.
CVE-2023-0327
Theradsystem Project
Theradsystem
2023-01-24
N/A
6.1 MEDIUM
A vulnerability was found in saemorris TheRadSystem. It has been classified as problematic. Affected is an unknown function of the file users.php. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. VDB-218454 is the identifier assigned to this vulnerability.
CVE-2023-0324
Online Tours & Travels Management System Project
2023-01-24
N/A
9.8 CRITICAL
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218426 is the identifier assigned to this vulnerability.
CVE-2023-0323
Pimcore
Adminbundle, Customer_management_framework, Data-hub, Perspective_editor, Admin_classic_bundle, Core, Customer-data-framework, Customer_data_framework
2023-01-24
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.
CVE-2023-0321
Campbellsci
Cr1000, Cr1000_firmware, Cr300, Cr3000, Cr3000_firmware, Cr300_firmware, Cr6, Cr6_firmware, Cr800, Cr800_firmware
2023-02-06
N/A
9.1 CRITICAL
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.
CVE-2023-0316
Froxlor
2023-01-24
N/A
5.5 MEDIUM
Path Traversal: '..filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
CVE-2023-0315
Froxlor
2023-02-23
N/A
8.8 HIGH
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVE-2023-0314
Phpmyfaq
2023-01-24
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
« Previous 1 … 11,235 11,236 11,237 11,238 11,239 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE