CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-3143
Low

A vulnerability has been found in SourceCodester Online Discussion Forum Site version 1.0 that allows cross site scripting (XSS) attacks through manipulation of the 'content' argument in the file admin\posts\manage_post.php.

CVE-2023-33957
Low

A vulnerability in the CLI tool notation allows an attacker who has compromised a registry to add a high number of signatures to an artifact, potentially leading to denial of service on the machine when a user runs the 'notation inspect' command.

CVE-2023-3121
Low

A vulnerability has been found in Dahua Smart Parking Management up to version 20230528, leading to server-side request forgery through manipulation of the fileUrl argument. Exploitation of this vulnerability may allow unauthorized access to server resources.

CVE-2023-3085
Low

A vulnerability has been found in X-WRT luci up to version 22.10_b202303061504, affecting the run_action function in the modules/luci-base/ucode/dispatcher.uc file. Manipulation of the request_path argument leads to cross site scripting.

CVE-2023-3044
Low

Xpdf has a vulnerability related to excessively large PDF page sizes, which can lead to a divide-by-zero error in the text extraction code. This issue was discovered during fuzz testing and is unlikely to occur in normal PDF files.

CVE-2023-3060
Low

A vulnerability has been found in the Agro-School Management System 1.0 affecting the doAddQuestion function in the btn_functions.php file. Manipulation of the Question argument leads to cross-site scripting (XSS) attacks.

CVE-2023-3058
Low

A vulnerability was found in 07FLY CRM up to version 1.2.0, leading to cross site scripting (XSS) attacks through manipulation of the User Profile Handler component code. The attack can be initiated remotely.

CVE-2023-34339
Low

In JetBrains Ktor versions before 2.3.1, headers containing authentication data could be added to the exception's message.

CVE-2023-3035
Low

A vulnerability has been found in Guangdong Pythagorean OA Office System up to version 4.50.31, affecting an unknown functionality of the Schedule Handler component. Manipulation of the argument 'description' leads to cross site scripting.

CVE-2023-3017
Low

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 that allows basic cross site scripting attacks through manipulation of the First Name/Middle Name/Last Name arguments on the Manage User Page.

CVE-2023-3016
Low

A vulnerability was found in yiwent Vip Video Analysis 1.0, affecting some unknown functionality of the file admin/admincore.php. The manipulation leads to cross site scripting (XSS) attacks that can be launched remotely.

CVE-2023-3014
Low

A vulnerability was found in BeipyVideoResolution up to version 2.6, allowing cross site scripting attacks through manipulation in an unknown function of the file admin/admincore.php.

CVE-2023-3005
Low

A vulnerability was found in SourceCodester Local Service Search Engine Management System version 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the POST parameter in the /admin/ajax.php file. Inputting a malicious script like <script>alert(document.cookie)</script> can lead to unauthorized access to user data.

CVE-2023-33183
Low

The Calendar app for Nextcloud discloses some internal paths of the website when the SMTP server is unavailable. It is recommended to update the Calendar app to version 3.5.5 or 4.2.3.

CVE-2023-33184
Low

Nextcloud Mail is a mail app in Nextcloud that is vulnerable to a blind SSRF attack. This attack allows sending GET requests to services running on the same web server.

CVE-2023-33194
Low

Craft is a CMS for creating custom digital experiences on the web. The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload.

CVE-2023-33947
Low

The Object module in Liferay Portal versions 7.4.3.4 to 7.4.3.60 and Liferay DXP 7.4 before update 61 does not segment object definitions by virtual instance in searches. This allows remote authenticated users in one virtual instance to view object definitions from a second virtual instance.

CVE-2023-33946
Low

The Object module in Liferay Portal versions 7.4.3.4 to 7.4.3.48 and Liferay DXP 7.4 before update 49 does not properly isolate objects in different virtual instances. This allows remote authenticated users in one virtual instance to view objects in a different virtual instance via the OAuth 2 scope administration page.

CVE-2023-32994
Low

Jenkins SAML Single Sign On (SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata.

CVE-2022-21535
Low

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: General/Core Client) affects versions 8.0.28 and prior. It allows an unauthenticated attacker with access to the infrastructure where MySQL Shell runs to compromise it, requiring interaction from a person other than the attacker.

PreviousPage 34 of 61Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS