CVE-2023-42261
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions..This CVE has a CVSS3.1 score of 7.5 and a Base Severity of HIGH. Info… Read More »CVE-2023-42261
Shan
I am a Technical Architect who dabbles with different languages and technologies
CVE-2023-39575
A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML… Read More »CVE-2023-39575
CVE-2023-36319
File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file..This CVE has… Read More »CVE-2023-36319
CVE-2020-24089
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).. Info Details CVE… Read More »CVE-2020-24089
CVE-2023-40788
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs.This CVE has… Read More »CVE-2023-40788
CVE-2021-26837
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive… Read More »CVE-2021-26837
CVE-2023-5013 | CMS
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component… Read More »CVE-2023-5013 | CMS
CVE-2023-41436
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter… Read More »CVE-2023-41436
CVE-2023-36160
An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console..This… Read More »CVE-2023-36160
CVE-2023-4680 | Vault,Vault Enterprise
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination… Read More »CVE-2023-4680 | Vault,Vault Enterprise
CVE-2023-40958
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a… Read More »CVE-2023-40958
CVE-2023-40957
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a… Read More »CVE-2023-40957
CVE-2023-40956
A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py… Read More »CVE-2023-40956
CVE-2023-40955
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a… Read More »CVE-2023-40955
CVE-2023-39642
Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display()..This CVE has a CVSS3.1 score of 5.5… Read More »CVE-2023-39642