Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-13 | CVE-2023-33472 | Unspecified vulnerability in Scada-Lts An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. | 8.8 |
| 2024-01-13 | CVE-2023-46942 | Improper Authentication vulnerability in Evershop 1.0.0 Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | 7.5 |
| 2024-01-13 | CVE-2023-46943 | Use of Hard-coded Credentials vulnerability in Evershop 1.0.0 An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. | 9.1 |
| 2024-01-13 | CVE-2023-51804 | Server-Side Request Forgery (SSRF) vulnerability in Rymcu Forest 0.02 An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. | 7.5 |
| 2024-01-13 | CVE-2023-51805 | SQL Injection vulnerability in Tduckcloud Tduck-Platform 4.0 SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file. | 6.5 |
| 2024-01-13 | CVE-2023-50072 | Cross-site Scripting vulnerability in Openkm 7.1.40 A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. | 5.4 |
| 2024-01-13 | CVE-2024-0475 | SQL Injection vulnerability in Code-Projects Dormitory Management System 1.0 A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. | 9.8 |
| 2024-01-13 | CVE-2024-22137 | Cross-site Scripting vulnerability in Mailmunch Constant Contact Forms 2.0.10 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11. | 5.4 |
| 2024-01-13 | CVE-2024-22142 | Cross-site Scripting vulnerability in Cozmoslabs Profile Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 6.1 |
| 2024-01-12 | CVE-2023-48166 | Path Traversal vulnerability in Unify Openscape Voice 10.0 A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. | 7.5 |