Vulnerabilities (CVE)

Total 19153 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1606 1 Novel-plus Project 1 Novel-plus 2023-03-27 N/A 9.8 CRITICAL
A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is some unknown functionality of the file DictController.java. The manipulation of the argument orderby leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223736.
CVE-2022-37109 1 Camp Project 1 Camp 2023-03-27 N/A 9.8 CRITICAL
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie.
CVE-2022-40684 1 Fortinet 3 Fortios, Fortiproxy, Fortiswitchmanager 2023-03-27 N/A 9.8 CRITICAL
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE-2023-25589 1 Arubanetworks 1 Clearpass Policy Manager 2023-03-27 N/A 9.8 CRITICAL
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.
CVE-2023-1594 1 Novel-plus Project 1 Novel-plus 2023-03-27 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigned to this vulnerability.
CVE-2023-1592 1 Automatic Question Paper Generator System Project 1 Automatic Question Paper Generator System 2023-03-27 N/A 9.8 CRITICAL
A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-223660.
CVE-2023-1591 1 Automatic Question Paper Generator System Project 1 Automatic Question Paper Generator System 2023-03-27 N/A 9.8 CRITICAL
A vulnerability classified as critical has been found in SourceCodester Automatic Question Paper Generator System 1.0. This affects an unknown part of the file classes/Users.php?f=save_ruser. The manipulation of the argument id/email leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223659.
CVE-2023-1590 1 Online Tours \& Travels Management System Project 1 Online Tours \& Travels Management System 2023-03-27 N/A 9.8 CRITICAL
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223655.
CVE-2023-1589 1 Online Tours \& Travels Management System Project 1 Online Tours \& Travels Management System 2023-03-27 N/A 9.8 CRITICAL
A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approve_delete.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223654 is the identifier assigned to this vulnerability.
CVE-2023-1050 1 Askoc 1 Web Report System 2023-03-27 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.This issue affects Web Report System: before 23.03.10.
CVE-2022-22512 1 Varta 16 Element Backup, Element Backup Firmware, Element S1 and 13 more 2023-03-27 N/A 9.8 CRITICAL
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.
CVE-2023-26114 1 Coder 1 Code-server 2023-03-27 N/A 9.3 CRITICAL
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
CVE-2023-27135 1 Totolink 2 A7100ru, A7100ru Firmware 2023-03-27 N/A 9.8 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
CVE-2023-27078 1 Tp-link 2 Tl-mr3020, Tl-mr3020 Firmware 2023-03-27 N/A 9.8 CRITICAL
A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.
CVE-2022-28493 1 Totolink 2 Cp900, Cp900 Firmware 2023-03-27 N/A 9.8 CRITICAL
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,
CVE-2022-28491 1 Totolink 2 Cp900, Cp900 Firmware 2023-03-27 N/A 9.8 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-28492 1 Totolink 2 Cp900, Cp900 Firmware 2023-03-27 N/A 9.8 CRITICAL
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.
CVE-2023-24080 1 Chamberlain 1 Myq 2023-03-27 N/A 9.8 CRITICAL
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.
CVE-2023-1529 1 Google 1 Chrome 2023-03-27 N/A 9.8 CRITICAL
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)
CVE-2021-4105 1 Bg-tek 16 Coslat Bx5s1d3, Coslat Bx5s1d3 Firmware, Coslat Bx5s1d4 and 13 more 2023-03-26 N/A 9.8 CRITICAL
Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.