Vulnerabilities (CVE)

Total 21356 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40394 2 Debian, Gerbv Project 2 Debian Linux, Gerbv 2023-09-30 7.5 HIGH 9.8 CRITICAL
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40393 2 Debian, Gerbv Project 2 Debian Linux, Gerbv 2023-09-30 7.5 HIGH 9.8 CRITICAL
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-23304 2 Fedoraproject, W1.fi 3 Fedora, Hostapd, Wpa Supplicant 2023-09-30 6.8 MEDIUM 9.8 CRITICAL
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
CVE-2023-2136 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2023-09-30 N/A 9.6 CRITICAL
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2023-1529 1 Google 1 Chrome 2023-09-30 N/A 9.8 CRITICAL
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)
CVE-2022-23303 2 Fedoraproject, W1.fi 3 Fedora, Hostapd, Wpa Supplicant 2023-09-30 6.8 MEDIUM 9.8 CRITICAL
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
CVE-2023-41993 1 Apple 3 Ipad Os, Iphone Os, Safari 2023-09-30 N/A 9.8 CRITICAL
The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
CVE-2023-5201 2023-09-30 N/A 9.9 CRITICAL
The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.
CVE-2018-21004 1 Carrcommunications 1 Rsvpmaker 2023-09-30 7.5 HIGH 9.8 CRITICAL
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
CVE-2019-15646 1 Carrcommunications 1 Rsvpmaker 2023-09-30 7.5 HIGH 9.8 CRITICAL
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
CVE-2023-44165 1 Projectworlds 1 Online Movie Ticket Booking System 2023-09-30 N/A 9.8 CRITICAL
The 'Password' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44168 1 Projectworlds 1 Online Movie Ticket Booking System 2023-09-30 N/A 9.8 CRITICAL
The 'phone' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44163 1 Projectworlds 1 Online Movie Ticket Booking System 2023-09-30 N/A 9.8 CRITICAL
The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44164 1 Projectworlds 1 Online Movie Ticket Booking System 2023-09-30 N/A 9.8 CRITICAL
The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44167 1 Projectworlds 1 Online Movie Ticket Booking System 2023-09-30 N/A 9.8 CRITICAL
The 'name' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44166 1 Projectworlds 1 Online Movie Ticket Booking System 2023-09-30 N/A 9.8 CRITICAL
The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-43739 1 Online Book Store Project Project 1 Online Book Store Project 2023-09-30 N/A 9.8 CRITICAL
The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-41878 1 Metersphere 1 Metersphere 2023-09-30 N/A 9.8 CRITICAL
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2021-32292 1 Json-c Project 1 Json-c 2023-09-29 N/A 9.8 CRITICAL
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.
CVE-2019-19450 1 Reportlab 1 Reportlab 2023-09-29 N/A 9.8 CRITICAL
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.