Vulnerabilities (CVE)

Total 218097 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-31411 2023-06-19 N/A N/A
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
CVE-2023-31410 2023-06-19 N/A N/A
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.
CVE-2023-3318 2023-06-19 N/A N/A
A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability.
CVE-2023-35825 2023-06-19 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3141. Reason: This candidate is a reservation duplicate of CVE-2023-3141. Notes: All CVE users should reference CVE-2023-3141 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2023-3311 2023-06-19 N/A N/A
A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807.
CVE-2023-35116 2023-06-19 N/A N/A
** DISPUTED ** An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that the product is not intended for use with untrusted input.
CVE-2023-3141 1 Linux 1 Linux Kernel 2023-06-19 N/A 7.1 HIGH
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
CVE-2020-7921 1 Mongodb 1 Mongodb 2023-06-19 3.5 LOW 5.3 MEDIUM
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3; 4.0 versions prior to 4.0.15; 4.3 versions prior to 4.3.3; 3.6 versions prior to 3.6.18.
CVE-2023-35779 2023-06-19 N/A N/A
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions.
CVE-2023-35776 2023-06-19 N/A N/A
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
CVE-2023-35775 2023-06-19 N/A N/A
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions.
CVE-2023-35772 2023-06-19 N/A N/A
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.
CVE-2019-2386 1 Mongodb 1 Mongodb 2023-06-19 6.0 MEDIUM 7.1 HIGH
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22.
CVE-2023-34373 2023-06-19 N/A N/A
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
CVE-2023-33213 2023-06-19 N/A N/A
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions.
CVE-2023-2907 2023-06-19 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.
CVE-2022-46850 2023-06-19 N/A N/A
Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions.
CVE-2023-3050 2023-06-19 N/A 9.8 CRITICAL
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.
CVE-2023-3049 2023-06-19 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.
CVE-2023-3048 2023-06-19 N/A 8.8 HIGH
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.