Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25157 | 1 Osgeo | 1 Geoserver | 2023-11-07 | N/A | 9.8 CRITICAL |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse. | |||||
| CVE-2023-23824 | 1 Wp Topbar Project | 1 Wp Topbar | 2023-11-07 | N/A | 8.8 HIGH |
| Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions. | |||||
| CVE-2023-22491 | 1 Gatsbyjs | 1 Gatsby | 2023-11-07 | N/A | 5.4 MEDIUM |
| Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner. | |||||
| CVE-2023-21521 | 1 Blackberry | 1 Athoc | 2023-11-07 | N/A | 7.2 HIGH |
| An SQL Injection vulnerability in the Management Console (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. | |||||
| CVE-2023-20110 | 1 Cisco | 1 Smart Software Manager On-prem | 2023-11-07 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database. | |||||
| CVE-2023-1765 | 1 Akbim | 1 Panon | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2. | |||||
| CVE-2023-1522 | 1 Genetec | 1 Security Center | 2023-11-07 | N/A | 8.8 HIGH |
| SQL Injection in the Hardware Inventory report of Security Center 5.11.2. | |||||
| CVE-2023-1267 | 1 Pttemkart | 1 Pttem Kart | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1. | |||||
| CVE-2023-1251 | 1 Akinsoft | 1 Wolvox | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03. | |||||
| CVE-2023-1198 | 1 Saysis | 1 Starcities | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.This issue affects Starcities: through 1.3. | |||||
| CVE-2023-1153 | 1 Pacsrapor | 1 Pacsrapor | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22. | |||||
| CVE-2023-1152 | 1 Utarit | 1 Persolus | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93. | |||||
| CVE-2023-1091 | 1 Alpatateknoloji | 1 Licensed Warehousing Automation System | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01. | |||||
| CVE-2023-1064 | 1 Uzaybaskul | 1 Weighbridge Automation Software | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.This issue affects Weighbridge Automation Software: before 1.1. | |||||
| CVE-2023-1050 | 1 Askoc | 1 Web Report System | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.This issue affects Web Report System: before 23.03.10. | |||||
| CVE-2023-0953 | 1 Devolutions | 1 Devolutions Server | 2023-11-07 | N/A | 8.8 HIGH |
| Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. | |||||
| CVE-2023-0939 | 1 Online Services Project | 1 Online Services | 2023-11-07 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.This issue affects Online Services Software: before 1.17. | |||||
| CVE-2023-0487 | 1 Premio | 1 My Sticky Elements | 2023-11-07 | N/A | 7.2 HIGH |
| The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2023-0388 | 1 Random Text Project | 1 Random Text | 2023-11-07 | N/A | 8.8 HIGH |
| The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. | |||||
| CVE-2022-4726 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-216739. | |||||