Export limit exceeded: 366301 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366301 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-51311 1 Phpjabbers 1 Car Park Booking System 2025-11-04 8.8 High
PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
CVE-2023-51310 1 Phpjabbers 1 Car Park Booking System 2025-11-04 4.3 Medium
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVE-2023-51309 1 Phpjabbers 1 Car Park Booking System 2025-11-04 4.3 Medium
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVE-2023-51308 1 Phpjabbers 1 Car Park Booking System 2025-11-04 6.1 Medium
PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
CVE-2023-51306 1 Phpjabbers 1 Event Ticketing System 2025-11-04 5.4 Medium
PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters.
CVE-2023-51303 1 Phpjabbers 1 Event Ticketing System 2025-11-04 6.1 Medium
PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTML Injection in the "lid, name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
CVE-2023-51301 1 Phpjabbers 1 Hotel Booking System 2025-11-04 7.5 High
A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVE-2023-51300 1 Phpjabbers 1 Hotel Booking System 2025-11-04 6.1 Medium
PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters.
CVE-2023-51299 1 Phpjabbers 1 Hotel Booking System 2025-11-04 6.1 Medium
PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
CVE-2023-51296 1 Phpjabbers 1 Event Booking Calendar 2025-11-04 6.1 Medium
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attackers to execute arbitrary code
CVE-2023-51295 1 Phpjabbers 1 Event Booking Calendar 2025-11-04 6.5 Medium
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
CVE-2023-51059 1 Mokosmart 2 Mkgw1 Gateway, Mkgw1 Gateway Firmware 2025-11-04 8.8 High
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.
CVE-2023-50784 1 Unrealircd 1 Unrealircd 2025-11-04 7.5 High
A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms.
CVE-2023-50495 1 Invisible-island 1 Ncurse 2025-11-04 6.5 Medium
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
CVE-2023-50387 8 Fedoraproject, Isc, Microsoft and 5 more 18 Fedora, Bind, Windows Server 2008 and 15 more 2025-11-04 7.5 High
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-50172 1 Wwbn 1 Avideo 2025-11-04 5.3 Medium
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.
CVE-2023-4235 3 Fedoraproject, Ofono, Ofono Project 3 Fedora, Ofono, Ofono 2025-11-04 8.1 High
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report().
CVE-2023-4234 3 Fedoraproject, Linux, Ofono Project 3 Fedora, Ofono, Ofono 2025-11-04 8.1 High
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report().
CVE-2023-4233 2 Fedoraproject, Ofono Project 2 Fedora, Ofono 2025-11-04 8.1 High
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS.
CVE-2023-4232 2 Fedoraproject, Ofono Project 2 Fedora, Ofono 2025-11-04 8.1 High
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report().