NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2023-24023 - Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption... read CVE-2023-24023
Published: November 28, 2023; 2:15:41 AM -0500

V3.1: 6.8 MEDIUM
CVE-2023-30585 - A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.e... read CVE-2023-30585
Published: November 27, 2023; 9:15:42 PM -0500

V3.1: 7.5 HIGH
CVE-2023-6410 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a spe... read CVE-2023-6410
Published: November 30, 2023; 9:15:15 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6411 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially... read CVE-2023-6411
Published: November 30, 2023; 9:15:16 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6412 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially... read CVE-2023-6412
Published: November 30, 2023; 9:15:16 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6413 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a s... read CVE-2023-6413
Published: November 30, 2023; 9:15:17 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6414 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a s... read CVE-2023-6414
Published: November 30, 2023; 9:15:17 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6415 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially... read CVE-2023-6415
Published: November 30, 2023; 9:15:18 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6416 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a spec... read CVE-2023-6416
Published: November 30, 2023; 9:15:18 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6417 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially c... read CVE-2023-6417
Published: November 30, 2023; 9:15:18 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6418 - A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially c... read CVE-2023-6418
Published: November 30, 2023; 9:15:19 AM -0500

V3.1: 7.5 HIGH
CVE-2023-6420 - A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload a... read CVE-2023-6420
Published: November 30, 2023; 9:15:19 AM -0500

V3.1: 6.1 MEDIUM
CVE-2023-6419 - A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload an... read CVE-2023-6419
Published: November 30, 2023; 9:15:19 AM -0500

V3.1: 6.1 MEDIUM
CVE-2023-6422 - A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation... read CVE-2023-6422
Published: November 30, 2023; 9:15:19 AM -0500

V3.1: 5.4 MEDIUM
CVE-2023-6423 - A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation o... read CVE-2023-6423
Published: November 30, 2023; 9:15:19 AM -0500

V3.1: 5.4 MEDIUM
CVE-2023-6424 - A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Expl... read CVE-2023-6424
Published: November 30, 2023; 9:15:20 AM -0500

V3.1: 5.4 MEDIUM
CVE-2023-6425 - A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Explo... read CVE-2023-6425
Published: November 30, 2023; 9:15:20 AM -0500

V3.1: 5.4 MEDIUM
CVE-2023-6426 - A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation ... read CVE-2023-6426
Published: November 30, 2023; 9:15:20 AM -0500

V3.1: 5.4 MEDIUM
CVE-2023-6427 - A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation ... read CVE-2023-6427
Published: November 30, 2023; 9:15:20 AM -0500

V3.1: 5.4 MEDIUM
CVE-2023-6428 - A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of ... read CVE-2023-6428
Published: November 30, 2023; 9:15:20 AM -0500

V3.1: 5.4 MEDIUM

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: