CVE-2023-3841

CVE-2023-3841 affects NxFilter 4.3.2.5, with CSRF in the file user.jsp confirmed in multiple sources. The vulnerability enables cross-site request forgery from remote access, impacting potentially authenticated sessions depending on user interaction. Documented details consistently identify the a...

Sql injection

A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city leads to sql...

CVE-2023-3787 Codecanyon Tiva Events Calender cross site scripting

A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2023-3681

A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. This vulnerability affects unknown code of the file /admin/modaladdproduct.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The...

Cross site scripting

A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. This vulnerability affects unknown code of the file /admin/modaladdproduct.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The...

Mystic Stealer Malware Targeting Browsers, Wallets, and Messaging Platforms

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mystic Stealer is an advanced information stealer malware known for its low detection rate, code manipulation techniques and is stealing sensitive data from browsers, wallets & messaging platforms, posin...

Moderate: Red Hat Security Advisory: gcc-toolset-12-binutils security update

An update for gcc-toolset-12-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: gcc-toolset-12-binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: NULL pointer...

CVE-2023-2670

CVE-2023-2670 affects SourceCodester Lost and Found Information System v1.0, with an improper access control issue in the admin/?page=user/manage_user path. The vulnerability enables remote exploitation and is conditioned on unknown code, with the exploit publicly disclosed (VDB-228886). Multiple...

CVE-2023-2649

A vulnerability was found in Tenda AC23 16.03.07.45cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The explo...

CVE-2023-2565

A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complainttype with the input...

CVE-2022-43376

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 V4.7.0 and prior...

CVE-2022-43376

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 V4.7.0 and prior...

Sql injection

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=savecategory. The manipulation of the argument category leads to sql injection. The attack can be initiated...

CVE-2015-10085 GoPistolet MTA denial of service

A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor...

CVE-2023-0618

CVE-2023-0618 affects TRENDnet TEW-652BRP with version 3.04B01, where the Web Service component’s file cfg_op.ccp contains code likely leading to memory corruption. The vulnerability can be exploited remotely, and the public disclosure indicates practical risk. Connected sources corroborate the s...

NYUCCL psiTurk IS vulnerable to Improper Neutralization of Special Elements

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has...

CVE-2021-4315

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has...

Design/Logic Flaw

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has...

CVE-2014-125082

A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql injection. The name of the patch is fc2c1ea1b8d795094abb15ac73cab90830534e04. It is recommended to appl...