VIR Vulnerability Intelligence Relay

Search

Found 13,013 results in 614ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-4531 critical 9.8 9.8 mestav 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection. This issue affects E-commerce Software…
CVE-2023-4178 critical 9.8 9.8 neutron 3y ago Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neutron Smart VMS: before b1130.1.0.1.
CVE-2023-4034 critical 9.8 9.8 digitatek 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection. This is…
CVE-2023-3616 critical 9.8 9.8 mava 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection. This issue affects Hotel Management …
CVE-2023-35072 critical 9.8 9.8 coyavtravel 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection. This issue affects Proagent: before 20230904 .
CVE-2023-35068 critical 9.8 9.8 bma 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection. This issue affects Personnel Tracking System…
CVE-2023-35065 critical 9.8 9.8 osoft 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection. This issue affects Paint Production Mana…
CVE-2023-3374 critical 9.8 9.8 bookreen 3y ago Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0.
CVE-2023-4420 critical 9.8 9.8 3y ago A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the comm…
CVE-2023-4419 critical 9.8 9.8 3y ago The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.
CVE-2023-3632 critical 9.8 9.8 kunduz 3y ago Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz - …
CVE-2023-3522 critical 9.8 9.8 a2technology 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection. This issue affects License Portal System: before …
CVE-2023-3386 critical 9.8 9.8 a2technology 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection. This issue affects Camera Trap Tracking Sys…
CVE-2023-3651 critical 9.8 9.8 digital-ant 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: be…
CVE-2023-3716 critical 9.8 9.8 oduyo 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection. This issue affects Online Collection Soft…
CVE-2023-3717 critical 9.8 9.8 farmakom 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administr…
CVE-2023-3898 critical 9.8 9.8 mayanets 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before…
CVE-2023-35066 critical 9.8 9.8 infodrom 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection. This issue affects E-Invoice A…
CVE-2023-3046 critical 9.8 9.8 biltay 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection. This issue affects Scienta: before 20230630.1953.
CVE-2023-2958 critical 9.8 9.8 orjinyazilim 3y ago Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. This issue affects ATS Pro: before 20230714.
CVE-2023-3376 critical 9.8 9.8 dijital 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection. This issue affects Zekiweb: before 2.
CVE-2023-2963 critical 9.8 9.8 olivaekspertiz 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS…
CVE-2023-35070 critical 9.8 9.8 vegagroup 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection. This issue affects Web Collection: before 31197.
CVE-2023-2957 critical 9.8 9.8 lisayazilim 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0.
CVE-2023-1547 critical 9.8 9.8 elra 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution thro…
CVE-2023-33150 critical 9.6 9.6 microsoft 3y ago Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-3045 critical 9.8 9.8 tise 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: …
CVE-2023-2852 critical 9.8 9.8 softmedyazilim 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection. This issue affects SelfPatron : before 2.0.
CVE-2023-2046 critical 9.8 9.8 yontemizleme 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. This issue affects Vehicle Trac…
CVE-2023-29405 critical 9.5 FIX rheldebian debian rocky 3y ago RHSA-2023:3922: go-toolset:rhel8 security update (Critical)
CVE-2023-29404 critical 9.5 FIX rheldebian debian rocky 3y ago RHSA-2023:3922: go-toolset:rhel8 security update (Critical)
CVE-2023-29403 critical 9.5 FIX rheldebian debian rocky 3y ago RHSA-2023:3922: go-toolset:rhel8 security update (Critical)
CVE-2023-29402 critical 9.5 FIX rheldebian debian rocky 3y ago RHSA-2023:3922: go-toolset:rhel8 security update (Critical)
CVE-2016-9079 critical 10.0 KEVEXPFIX arch arch slesdebian debian 3y ago Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
CVE-2023-31411 critical 9.8 9.8 3y ago A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to …
CVE-2023-31410 critical 9.8 9.8 3y ago A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in th…
CVE-2023-2907 critical 9.8 9.8 marksoft 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ;…
CVE-2023-35064 critical 9.8 9.8 satos 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering. This issue affects Sat…
CVE-2023-3050 critical 9.8 9.8 3y ago Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. This issue affects Lockcell: before …
CVE-2023-3049 critical 9.8 9.8 3y ago Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection. This issue affects Lockcell: before 15.
CVE-2023-3048 critical 9.8 9.8 3y ago Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass. This issue affects Lockcell: before 15.
CVE-2023-3047 critical 9.8 9.8 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15.
CVE-2023-3000 critical 9.8 9.8 erikogluteknoloji 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Byp…
CVE-2023-2851 critical 9.8 9.8 agtteknik 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection. This issu…
CVE-2023-2887 critical 9.8 9.8 cbot 3y ago Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE-2023-2884 critical 9.8 9.8 cbot 3y ago Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects…
CVE-2023-2882 critical 9.8 9.8 cbot 3y ago Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE-2023-2064 critical 9.8 9.8 minovateknoloji 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection. This issue affects eTrace: before 23.05.20.
CVE-2023-2045 critical 9.8 9.8 ipekyolunet 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection. This issue affects Auto Da…
CVE-2023-2750 critical 9.8 9.8 cityboss 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection. This issue affects E-municipality: before 6.05.
CVE-2023-1508 critical 9.8 9.8 adampos 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. This issue affec…
CVE-2023-2713 critical 9.8 9.8 rental_module_project 3y ago Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. Thi…
CVE-2023-2712 critical 9.8 9.8 rental_module_project 3y ago Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a…
CVE-2023-1873 critical 9.8 9.8 faturamatik 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection. This issue affects Bircard: before 23.04.05.
CVE-2023-1723 critical 9.8 9.8 vegayazilim 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection. This issue affects Mobile Assistant: before 21.…
CVE-2023-1833 critical 9.8 9.8 3y ago Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17.
CVE-2023-1803 critical 9.8 9.8 3y ago Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17.
CVE-2023-1863 critical 9.8 9.8 eskom 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection. This issue af…
CVE-2023-1728 critical 9.8 9.8 fernus 3y ago Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection. This issue affects LMS: before 23.04.03.
CVE-2023-1765 critical 9.8 9.8 akbim 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2.
CVE-2023-1725 critical 9.8 9.8 infoline-tr 3y ago Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery. This issue affects Project Management System: before 4.09.31.125.
CVE-2023-1050 critical 9.8 9.8 askoc 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection. This issue affects Web Report System: befo…
CVE-2023-1153 critical 9.8 9.8 pacsrapor 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection. This issue affects…
CVE-2023-1152 critical 9.8 9.8 utarit 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: befor…
CVE-2023-28531 critical 9.8 9.8 FIX debian debian openbsd 3y ago ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2023-1198 critical 9.8 9.8 saysis 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection. This issue affects Starcities: through 1.3.
CVE-2023-1091 critical 9.8 9.8 alpatateknoloji 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection…
CVE-2023-1251 critical 9.8 9.8 akinsoft 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.
CVE-2023-1267 critical 9.8 9.8 pttemkart 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart. This issue affects PtteM Kart: before 2.1.
CVE-2022-3760 critical 9.8 9.8 miateknoloji 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58.
CVE-2023-0979 critical 9.8 9.8 meddatapacs 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection. This issue affects MedDataPACS : before 2023-03-03.
CVE-2023-0839 critical 9.8 9.8 inscada_project 3y ago Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting. This issue affects inSCADA: before 20230115-1.
CVE-2021-3854 critical 9.8 9.8 glox 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before …
CVE-2023-1114 critical 9.8 9.8 eskom 3y ago Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation. This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100.
CVE-2023-1064 critical 9.8 9.8 uzaybaskul 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection. This issue affects Weighbridge…
CVE-2021-4105 critical 9.8 9.8 3y ago Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion. This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.
CVE-2022-2504 critical 9.8 9.8 sdd-baro_project 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432.
CVE-2023-0939 critical 9.8 9.8 online_services_project 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection. This issue affects O…
CVE-2022-4557 critical 9.8 9.8 gruparge 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Sm…
CVE-2022-45088 critical 9.8 9.8 gruparge 3y ago Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion. This issue affects Smartpower Web: before 23.01.01.
CVE-2020-23256 critical 9.5 3y ago electerm allows unauthorized users to execute arbitrary commands
CVE-2022-4422 critical 9.8 9.8 bulutses 3y ago Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0
CVE-2022-3792 critical 9.8 9.8 gullseye 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection. This issue affects GullsEye te…
CVE-2022-46393 critical 9.8 9.8 FIX slesdebian debianfedora fedora armtrustedfirmware 4y ago An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is en…
CVE-2022-44588 critical 9.8 9.8 blocksera 4y ago Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.
CVE-2022-4364 critical 9.8 9.8 4y ago A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation …
CVE-2022-2807 critical 9.8 9.8 algan 4y ago SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection. This issue affects Prens Student Information System: before 2.1.11.
CVE-2022-45047 critical 9.8 9.8 FIX debian debian apache 4y ago Unsafe deserialization in Apache MINA SSHD
CVE-2020-26269 critical 9.5 FIX arch archdebian debian 4y ago In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the direc…
CVE-2022-39269 critical 9.1 9.1 FIX debian debian teluu 4y ago PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SR…
CVE-2022-0495 critical 9.4 9.4 parantezteknoloji 4y ago The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.
CVE-2022-2315 critical 9.4 9.4 databank 4y ago Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.
CVE-2022-2177 critical 9.4 9.4 kayrasoft 4y ago Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.
CVE-2022-24706 critical 10.0 KEVEXPFIX arch arch sles 4y ago Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
CVE-2022-1277 critical 9.4 9.4 inavitas 4y ago Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.
CVE-2021-41556 critical 10.0 10.0 debian debianfedora fedora squirrel-lang 4y ago sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel …
CVE-2022-35409 critical 9.1 9.1 FIX debian debian armtrustedfirmware 4y ago An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap…
CVE-2022-32224 critical 9.8 9.8 FIX rocky slesdebian debian activerecord_project 4y ago Active Record RCE bug with Serialized Columns
CVE-2022-34835 critical 9.8 9.8 FIX slesdebian debian denx 4y ago In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md …
CVE-2022-31801 critical 9.8 9.8 4y ago An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.