CVE Vulnerability Database

Search and browse 198 known security vulnerabilities. Filter by severity, vendor, product, and year.

198 vulnerabilities found
Recent Highest Score Oldest
Year: 2023 ร— Clear all
CVE-2023-33150
9.6 critical

Microsoft Office Security Feature Bypass Vulnerability

Microsoft 365 Apps Jul 11, 2023
CVE-2023-33149
7.8 high

Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft 365 Apps Jul 11, 2023
CVE-2023-33148
7.8 high

Microsoft Office Elevation of Privilege Vulnerability

Microsoft 365 Apps Jul 11, 2023
CVE-2023-3273
7.5 high

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control.

Sick Icr890-4 Firmware Jul 10, 2023
CVE-2023-3272
7.5 high

Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.

Sick Icr890-4 Firmware Jul 10, 2023
CVE-2023-3271
8.2 high

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints.

Sick Icr890-4 Firmware Jul 10, 2023
CVE-2023-3045
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: before 2.1.

Tise Parking Web Report Jul 10, 2023
CVE-2023-35699
5.3 medium

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.

Sick Icr890-4 Firmware Jul 10, 2023
CVE-2023-35698
5.3 medium

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.

Sick Icr890-4 Firmware Jul 10, 2023
CVE-2023-35697
5.3 medium

Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.

Sick Icr890-4 Firmware Jul 10, 2023
CVE-2023-35696
7.5 high

Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.

Sick Icr890-4 Firmware Jul 10, 2023
CVE-2023-2853
6.1 medium

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS.This issue affects SelfPatron : before 2.0.

Softmedyazilim Selfpatron Jul 10, 2023
CVE-2023-2852
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.This issue affects SelfPatron : before 2.0.

Softmedyazilim Selfpatron Jul 10, 2023
CVE-2023-2046
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8.

Yontemizleme Vehicle Tracking System Jul 10, 2023
CVE-2023-2907
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.

Marksoft Marksoft Jun 19, 2023
CVE-2023-35064
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering. This issue affects Satos Mobile: before 20230607.

Satos Satos Mobile Jun 13, 2023
CVE-2023-3050
9.8 critical

Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. This issue affects Lockcell: before 15.

Tmtmakine Lockcell Firmware Jun 13, 2023
CVE-2023-3049
9.8 critical

Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection. This issue affects Lockcell: before 15.

Tmtmakine Lockcell Firmware Jun 13, 2023
CVE-2023-3048
9.8 critical

Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass. This issue affects Lockcell: before 15.

Tmtmakine Lockcell Firmware Jun 13, 2023
CVE-2023-3047
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15.

Tmtmakine Lockcell Firmware Jun 13, 2023
CVE-2023-3000
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass. This issue affects ErMon: before 230602.

Erikogluteknoloji Energy Monitoring Jun 2, 2023
CVE-2023-2851
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.

Agtteknik Ceppatron May 25, 2023
CVE-2023-2887
9.8 critical

Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

Cbot Cbot Core May 25, 2023
CVE-2023-2886
4.3 medium

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

Cbot Cbot Core May 25, 2023