Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
october vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25365
Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local malicious user to execute arbitrary code via the file type .mp3
Octobercms October 3.2.0
NA
CVE-2023-40362
An issue exists in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote malicious users to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
Centralsquare Click2gov Building Permit -
1 Github repository
NA
CVE-2023-39326
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of d...
Golang Go
NA
CVE-2023-44381
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be e...
Octobercms October
NA
CVE-2023-44382
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be e...
Octobercms October
NA
CVE-2023-44383
October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files ...
Octobercms October
NA
CVE-2023-6299
A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotel...
Itextpdf Itext 8.0.1
NA
CVE-2023-46022
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows malicious users to run arbitrary SQL commands via the 'bid' parameter.
Code-projects Blood Bank 1.0
1 Github repository
NA
CVE-2023-46014
SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows malicious users to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters.
Code-projects Blood Bank 1.0
2 Github repositories
NA
CVE-2023-46018
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows malicious users to run arbitrary SQL commands via 'remail' parameter.
Code-projects Blood Bank 1.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »