79 matches found
CVE-2026-3793 SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...
EUVD-2026-3793
Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...
CVE-2025-20698
In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793...
CVE-2025-20698
In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793...
CVE-2022-3793
An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to...
CVE-2020-3793
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2011-3793
Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files...
WordPress Buddypress Force Password Change plugin <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update vulnerability
Authenticated Subscriber+ Account Takeover via Password Update vulnerability discovered by kr0d in WordPress Plugin Buddypress Force Password Change versions = 0.1...
openSUSE: Security Advisory for the Linux Kernel (Live Patch 23 for SLE 15 SP4) (SUSE-SU-2024:3793-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CGA-C3WX-3793-RQQM
Bulletin has no description...
CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...
CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...
CVE-2023-3793
creationtimestamp| type| source ---|---|--- 2023-07-21 00:33:06+00:00| seen| https://t.me/cibsecurity/67061 2026-04-28 21:03:04+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mklibcr36m2c 2026-06-23 14:06:12+00:00| exploited|...
CVE-2023-3793 Weaver e-cology HTTP POST Request filelFileDownloadForOutDoc.class sql injection
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...
CVE-2023-3793
CVE-2023-3793 affects Weaver e-cology. The vulnerability resides in the HTTP POST Request Handler, specifically the filelFileDownloadForOutDoc.class, where the fileid parameter can be manipulated (example: 1+WAITFOR+DELAY) to yield SQL injection. Affected versions are prior to 10.58.0. Upgrading ...
MariaDB 10.0.0 < 10.0.4 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.4 advisory. - Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect...
GitLab 12.6 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Multiple Vulnerabilities
GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...
CVE-2022-3793
creationtimestamp| type| source ---|---|--- 2022-11-10 02:53:01+00:00| seen| https://t.me/cibsecurity/52809...
CVE-2022-3793
An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to...
GitLab 12.6 < 15.3.5 / 15.4 < 15.4.4 / 15.5 < 15.5.2 (CVE-2022-3793)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a...