CVE-2022-36769

IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product’s environment. IBM X-Force ID: 232034.

Source: CVE-2022-36769

CVE-2023-30111

Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).

Source: CVE-2023-30111

CVE-2023-27843

SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.

Source: CVE-2023-27843

CVE-2023-30106

Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.

Source: CVE-2023-30106

CVE-2023-30404

Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.

Source: CVE-2023-30404

CVE-2023-26560

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.

Source: CVE-2023-26560

CVE-2023-26735

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.

Source: CVE-2023-26735

CVE-2012-5872

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.

Source: CVE-2012-5872

CVE-2012-5873

ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.

Source: CVE-2012-5873

CVE-2023-31223

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

Source: CVE-2023-31223