Lucene search
K

79 matches found

Vulnrichment
Vulnrichment
added 2026/03/09 1:32 a.m.4 views

CVE-2026-3793 SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...

6.5CVSS5.7AI score0.00368EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/22 4:52 p.m.7 views

EUVD-2026-3793

Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...

4.6CVSS5.4AI score0.00132EPSS
Exploits0References2
OSV
OSV
added 2025/08/04 2:15 a.m.5 views

CVE-2025-20698

In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793...

6.7CVSS5.8AI score0.00091EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/08/04 1:49 a.m.4 views

CVE-2025-20698

In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793...

6.7CVSS5.4AI score0.00091EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:17 p.m.6 views

CVE-2022-3793

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to...

5.3CVSS6.3AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.5 views

CVE-2020-3793

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution...

9.8CVSS7.5AI score0.04888EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 a.m.8 views

CVE-2011-3793

Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files...

5CVSS6.5AI score0.01967EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/23 8:55 p.m.6 views

WordPress Buddypress Force Password Change plugin <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update vulnerability

Authenticated Subscriber+ Account Takeover via Password Update vulnerability discovered by kr0d in WordPress Plugin Buddypress Force Password Change versions = 0.1...

4.2CVSS8.4AI score0.00185EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2024/10/31 12:0 a.m.20 views

openSUSE: Security Advisory for the Linux Kernel (Live Patch 23 for SLE 15 SP4) (SUSE-SU-2024:3793-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.3AI score0.0094EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 12:25 p.m.5 views

CGA-C3WX-3793-RQQM

Bulletin has no description...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/04/15 2:13 p.m.11 views

CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...

4.8CVSS6AI score0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/15 2:13 p.m.19 views

CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...

4.8CVSS5.2AI score0.0038EPSS
Exploits0References1
Circl
Circl
added 2023/07/21 12:33 a.m.7 views

CVE-2023-3793

creationtimestamp| type| source ---|---|--- 2023-07-21 00:33:06+00:00| seen| https://t.me/cibsecurity/67061 2026-04-28 21:03:04+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mklibcr36m2c 2026-06-23 14:06:12+00:00| exploited|...

9.8CVSS6.3AI score0.00421EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/07/20 7:31 p.m.31 views

CVE-2023-3793 Weaver e-cology HTTP POST Request filelFileDownloadForOutDoc.class sql injection

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

5.5CVSS10AI score0.00421EPSS
Exploits0References2
CVE
CVE
added 2023/07/20 7:31 p.m.69 views

CVE-2023-3793

CVE-2023-3793 affects Weaver e-cology. The vulnerability resides in the HTTP POST Request Handler, specifically the filelFileDownloadForOutDoc.class, where the fileid parameter can be manipulated (example: 1+WAITFOR+DELAY) to yield SQL injection. Affected versions are prior to 10.58.0. Upgrading ...

9.8CVSS7AI score0.00421EPSS
In wildExploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/18 12:0 a.m.32 views

MariaDB 10.0.0 < 10.0.4 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.4 advisory. - Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect...

6.5CVSS6.7AI score0.18675EPSS
Exploits3References9
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.22 views

GitLab 12.6 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Multiple Vulnerabilities

GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

9CVSS7.4AI score0.00774EPSS
Exploits0References2
Circl
Circl
added 2022/11/10 2:53 a.m.5 views

CVE-2022-3793

creationtimestamp| type| source ---|---|--- 2022-11-10 02:53:01+00:00| seen| https://t.me/cibsecurity/52809...

5.3CVSS5.4AI score0.00537EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/11/10 12:15 a.m.38 views

CVE-2022-3793

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to...

5.3CVSS6.1AI score0.00537EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/11/10 12:0 a.m.40 views

GitLab 12.6 < 15.3.5 / 15.4 < 15.4.4 / 15.5 < 15.5.2 (CVE-2022-3793)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a...

5.3CVSS5.8AI score0.00537EPSS
Exploits0References3
Rows per page
Query Builder