126804 matches found
CVE-2023-46233 vulnerabilities
Vulnerabilities for packages: arangodb...
CVE-2023-46849
creationtimestamp| type| source ---|---|--- 2026-07-17 11:00:06+00:00| seen| https://t.me/cyberwarehouse/177...
ROOT-OS-UBUNTU-2404-CVE-2023-31082 CVE-2023-31082 in rootio-linux - Patched by Root
Root has patched CVE-2023-31082 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2023-53034 CVE-2023-53034 in rootio-linux - Patched by Root
Root has patched CVE-2023-53034 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2023-54105 CVE-2023-54105 in rootio-linux - Patched by Root
Root has patched CVE-2023-54105 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2023-4010 CVE-2023-4010 in rootio-linux - Patched by Root
Root has patched CVE-2023-4010 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2023-20585 CVE-2023-20585 in rootio-linux - Patched by Root
Root has patched CVE-2023-20585 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2023-53681 CVE-2023-53681 in rootio-linux - Patched by Root
Root has patched CVE-2023-53681 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2023-53469 CVE-2023-53469 in rootio-linux - Patched by Root
Root has patched CVE-2023-53469 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
Quiz and Survey Master <= 8.1.4 - SQL Injection
ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...
JS Help Desk <= 2.8.1 - SQL Injection
The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
SolarView Compact < 6.00 - Directory Traversal
SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd. id:...
LogDash Activity Log <= 1.1.3 - SQL Injection
The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing
JetBackup WordPress plugin = 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server. id: CVE-2023-7165 info: name: JetBackup = 2.0.9.7 - Sensitive Information Exposure via...
Subscribe to Category <= 2.7.4 - SQL Injection
The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...
JS Help Desk <= 2.8.2 - SQL Injection
JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...
Hongjing e-HR 2020 - SQL Injection
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
PHP Login System 2.0.1 - Cross-Site Scripting
msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL id: CVE-2023-38875 info...
tagDiv Composer < 4.2 - Stored Cross-Site Scripting
tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE. id: CVE-2023-4666 info: name: Form-Maker 1.15.20 - Unauthenticated Arbitrary File Upload author: pussycat0x severity: critical...