US-CERT Vulnerability Summary for the Week of November 27, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — dolphinscheduler | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can’t upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file “` management: endpoints: web: exposure: include: health,metrics,prometheus “` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. | 2023-11-24 | 7.5 | CVE-2023-48796 |
apache — dolphinscheduler | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the meantime, we recommend you make sure the logs are only available to trusted operators. | 2023-11-27 | 7.5 | CVE-2023-49068 |
apache — superset | Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset’s metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data. | 2023-11-27 | 8.8 | CVE-2023-40610 |
arcserve — udp | Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files. | 2023-11-27 | 9.8 | CVE-2023-41998 |
arslansoft — education_portal | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1. | 2023-12-01 | 9.8 | CVE-2023-5634 |
arslansoft — education_portal | Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1. | 2023-12-01 | 9.8 | CVE-2023-5636 |
arslansoft — education_portal | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting. This issue affects Education Portal: before v1.1. | 2023-12-01 | 7.5 | CVE-2023-5635 |
arslansoft — education_portal | Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable. This issue affects Education Portal: before v1.1. | 2023-12-01 | 7.5 | CVE-2023-5637 |
chamilo — chamilo_lms | Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. | 2023-11-28 | 8.8 | CVE-2023-4221
|
chamilo — chamilo_lms | Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. | 2023-11-28 | 8.8 | CVE-2023-4222
|
chamilo — chamilo_lms | Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 2023-11-28 | 8.8 | CVE-2023-4223
|
chamilo — chamilo_lms | Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 2023-11-28 | 8.8 | CVE-2023-4224
|
chamilo — chamilo_lms | Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 2023-11-28 | 8.8 | CVE-2023-4225
|
chamilo — chamilo_lms | Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 2023-11-28 | 8.8 | CVE-2023-4226
|
clastix — capsule-proxy | capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you’re relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade. | 2023-11-24 | 9.8 | CVE-2023-48312 |
controlid — idsecure | An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a “passwordCustom” option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. | 2023-11-27 | 9.8 | CVE-2023-6329 |
cszcms — cszcms | A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-27 | 7.2 | CVE-2023-6302
|
dell — rvtools | RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users’ system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. | 2023-11-24 | 7.5 | CVE-2023-44303 |
eskom_computer — e-municipality_module | Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105. | 2023-11-28 | 7.2 | CVE-2023-6150 |
eskom_computer — e-municipality_module | Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105. | 2023-11-28 | 7.2 | CVE-2023-6151 |
f-secure — linux_protection | Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. | 2023-11-27 | 7.5 | CVE-2023-49322 |
foxit_software — foxit_reader | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2023-11-27 | 8.8 | CVE-2023-32616 |
foxit_software — foxit_reader | An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted malicious site if the browser plugin extension is enabled. | 2023-11-27 | 8.8 | CVE-2023-35985 |
foxit_software — foxit_reader | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2023-11-27 | 8.8 | CVE-2023-38573 |
foxit_software — foxit_reader | A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2023-11-27 | 8.8 | CVE-2023-39542 |
foxit_software — foxit_reader | An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2023-11-27 | 8.8 | CVE-2023-40194 |
foxit_software — foxit_reader | A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2023-11-27 | 8.8 | CVE-2023-41257 |
frhed — frhed | Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers. | 2023-11-27 | 9.8 | CVE-2023-4590 |
google — chrome | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | 2023-11-29 | 9.6 | CVE-2023-6345
|
google — chrome | Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-11-29 | 8.8 | CVE-2023-6346
|
google — chrome | Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-11-29 | 8.8 | CVE-2023-6347
|
google — chrome | Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) | 2023-11-29 | 8.8 | CVE-2023-6350
|
ibm — qradar_wincollect | IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. | 2023-11-24 | 7.8 | CVE-2023-26279 |
jeecg — jimureport | A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-27 | 9.8 | CVE-2023-6307
|
jfinal_cms — jfinal_cms | An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. | 2023-11-28 | 9.8 | CVE-2023-47503 |
kingsoft — wps_office | An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-11-27 | 7.8 | CVE-2023-31275 |
klive — klive | SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. | 2023-11-27 | 7.5 | CVE-2023-49030
|
layer5 — meshery | A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter. | 2023-11-24 | 9.8 | CVE-2023-46575
|
mattermost — mattermost | Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. | 2023-11-27 | 7.5 | CVE-2023-40703 |
mattermost — mattermost | Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb). | 2023-11-27 | 7.5 | CVE-2023-48268 |
moses-smt — mosesdecoder | A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135. | 2023-11-27 | 9.8 | CVE-2023-6309
|
nodejs — node.js | A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the “msiexec.exe” process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user’s registry. The issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the “msiexec.exe” process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations. The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or “non-privileged”) users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged “msiexec.exe” process. This manipulation can result in the creation of folders in unintended and potentially malicious locations. It is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. Users who opt for other installation methods are not affected by this particular issue. | 2023-11-28 | 7.5 | CVE-2023-30585 |
openlink_software — virtuoso | An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 2023-11-29 | 7.5 | CVE-2023-48946 |
openlink_software — virtuoso | An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 2023-11-29 | 7.5 | CVE-2023-48947 |
openlink_software — virtuoso | An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 2023-11-29 | 7.5 | CVE-2023-48948 |
openlink_software — virtuoso | An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 2023-11-29 | 7.5 | CVE-2023-48949 |
openlink_software — virtuoso | An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 2023-11-29 | 7.5 | CVE-2023-48950 |
openlink_software — virtuoso | An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 2023-11-29 | 7.5 | CVE-2023-48951 |
openlink_software — virtuoso | An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 2023-11-29 | 7.5 | CVE-2023-48952 |
openzfs — openzfs | OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. | 2023-11-24 | 7.5 | CVE-2023-49298
|
otrs — otrs | A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37. | 2023-11-27 | 7.5 | CVE-2023-6254 |
owncast — owncast | An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. | 2023-11-27 | 9.8 | CVE-2023-46480 |
phpseclib — phpseclib | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service. | 2023-11-27 | 7.5 | CVE-2023-49316 |
plesk — plesk | Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. | 2023-11-27 | 7.8 | CVE-2023-4931 |
precision_bridge — precision_bridge | Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. | 2023-11-26 | 9.1 | CVE-2023-49312 |
prestashop — prestashop | In the module “Product Catalog (CSV, Excel) Export/Update” (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-11-27 | 9.8 | CVE-2023-46349 |
prestashop — prestashop | SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. | 2023-11-27 | 9.8 | CVE-2023-48188 |
redhat — enterprise_linux | A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. | 2023-11-27 | 7.5 | CVE-2023-5871
|
sapplica — sentrifugo | In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. | 2023-11-28 | 8.8 | CVE-2023-29770 |
sequelize-typescript — sequelize-typescript | Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. | 2023-11-24 | 7.1 | CVE-2023-6293 |
solarwinds_ — solarwinds_platform | SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. | 2023-11-28 | 8 | CVE-2023-40056 |
sourcecodester — free_and_open_source_inventory_management_system | A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246132. | 2023-11-27 | 9.8 | CVE-2023-6306
|
sourcecodester — loan_management_system | A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function delete_borrower of the file deleteBorrower.php. The manipulation of the argument borrower_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246136. | 2023-11-27 | 7.2 | CVE-2023-6310
|
sourcecodester — loan_management_system | A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical. This issue affects the function delete_ltype of the file delete_ltype.php of the component Loan Type Page. The manipulation of the argument ltype_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246137 was assigned to this vulnerability. | 2023-11-27 | 7.2 | CVE-2023-6311
|
sourcecodester– loan_management_system | A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246138 is the identifier assigned to this vulnerability. | 2023-11-27 | 7.2 | CVE-2023-6312
|
sourcecodester — free_and_open_source_inventory_management_system | A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246131. | 2023-11-27 | 9.8 | CVE-2023-6305
|
tecno-mobile — tr118_firmware | A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-27 | 8 | CVE-2023-6304
|
tenda — ac10_firmware | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098. | 2023-11-29 | 9.8 | CVE-2023-45479 |
tenda — ac10_firmware | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878. | 2023-11-29 | 9.8 | CVE-2023-45480 |
tenda — ac10_firmware | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. | 2023-11-29 | 9.8 | CVE-2023-45481 |
tenda — ac10_firmware | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. | 2023-11-29 | 9.8 | CVE-2023-45482 |
tenda — ac10_firmware | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. | 2023-11-29 | 9.8 | CVE-2023-45483 |
tenda — ac10_firmware | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic. | 2023-11-29 | 9.8 | CVE-2023-45484 |
tenda — ax1803_firmware | An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. | 2023-11-27 | 9.8 | CVE-2023-49040 |
tenda — ax1803_firmware | Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. | 2023-11-27 | 9.8 | CVE-2023-49042 |
tenda — ax1803_firmware | Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. | 2023-11-27 | 9.8 | CVE-2023-49043 |
tenda — ax1803_firmware | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. | 2023-11-27 | 9.8 | CVE-2023-49044 |
tenda — ax1803_firmware | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. | 2023-11-27 | 9.8 | CVE-2023-49046 |
tenda — ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. | 2023-11-27 | 7.5 | CVE-2023-49047 |
tongda2000 — tongda_oa | A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability. | 2023-11-24 | 7.5 | CVE-2023-6276
|
trellix — application_and_change_control | An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. | 2023-11-27 | 7.2 | CVE-2023-5607 |
univera_computer_system — panorama | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Univera Computer System Panorama allows Command Injection. This issue affects Panorama: before 8.0. | 2023-11-28 | 9.9 | CVE-2023-6201 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6410 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6411 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6412 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6413 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6414 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6415 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6416 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6417 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. | 2023-11-30 | 7.5 | CVE-2023-6418 |
warp-tech — warpgate | Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user’s account. Limited users can impersonate another user’s account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-24 | 8.8 | CVE-2023-48712 |
wordpress — wordpress | The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. | 2023-11-27 | 9.8 | CVE-2023-4922 |
wordpress — wordpress | The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. | 2023-11-27 | 9.8 | CVE-2023-5604 |
wordpress — wordpress | The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. | 2023-11-27 | 9.8 | CVE-2023-5974 |
wordpress — wordpress | The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. | 2023-11-27 | 9.1 | CVE-2023-5559 |
wordpress — wordpress | The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. | 2023-11-27 | 7.5 | CVE-2023-5239 |
wordpress — wordpress | The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission. | 2023-11-27 | 7.5 | CVE-2023-5906 |
wordpress — wordpress | The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the ‘bookingpress_process_upload’ function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2023-11-28 | 7.2 | CVE-2023-6219
|
xiamen_four-faith — video_surveillance_management_system | A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-27 | 8.8 | CVE-2023-6308
|
zyxel — nas326/nas542 | A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | 2023-11-30 | 9.8 | CVE-2023-35138 |
zyxel — nas326/nas542 | A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | 2023-11-30 | 9.8 | CVE-2023-4473 |
zyxel — nas326/nas542 | The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | 2023-11-30 | 9.8 | CVE-2023-4474 |
zyxel — nas326/nas542 | The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | 2023-11-30 | 8.8 | CVE-2023-37927 |
zyxel — nas326/nas542 | A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | 2023-11-30 | 8.8 | CVE-2023-37928 |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — nifi | Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation. | 2023-11-27 | 5.4 | CVE-2023-49145
|
apache — superset | Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart’s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. Users are recommended to upgrade to version 2.1.2, which fixes this issue. | 2023-11-27 | 5.4 | CVE-2023-43701 |
apache — superset | Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. | 2023-11-27 | 4.3 | CVE-2023-42501 |
bigprof — online_clinic_management_system | A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6422 |
bigprof — online_clinic_management_system | A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6423 |
bigprof — online_clinic_management_system | A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6424 |
bigprof — online_clinic_management_system | A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6425 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6426 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6427 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6428 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6429 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6430 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6431 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6432 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6433 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6434 |
bigprof — online_invoicing_system | A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | 2023-11-30 | 5.4 | CVE-2023-6435 |
bluetooth — bluetooth_core_specification | Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS. | 2023-11-28 | 6.8 | CVE-2023-24023 |
busybox — busybox | A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. | 2023-11-27 | 5.5 | CVE-2023-42363 |
busybox — busybox | A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. | 2023-11-27 | 5.5 | CVE-2023-42364 |
busybox — busybox | A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. | 2023-11-27 | 5.5 | CVE-2023-42365 |
busybox — busybox | A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. | 2023-11-27 | 5.5 | CVE-2023-42366 |
codeigniter — shield | CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-24 | 6.5 | CVE-2023-48707 |
codeigniter — shield | CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user’s authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files. | 2023-11-24 | 6.5 | CVE-2023-48708
|
cszcms — cszcms | A vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/ of the component Site Settings Page. The manipulation of the argument Additional Meta Tag with the input <svg><animate onbegin=alert(1) attributeName=x dur=1s> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-27 | 4.8 | CVE-2023-6303
|
f-secure — linux_protection | Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. | 2023-11-27 | 5.3 | CVE-2023-49321 |
franklin_electric_fueling_systems — colibri_firmware | The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | 2023-11-27 | 6.5 | CVE-2023-5885
|
grupo_alumne — alumne_lms | A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the ‘localidad’ parameter to inject a custom JavaScript payload and partially take over another user’s browser session, due to the lack of proper sanitization of the ‘localidad’ field on the /users/editmy page. | 2023-11-28 | 6.1 | CVE-2023-6359 |
itext — itext | A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-26 | 6.5 | CVE-2023-6298
|
itext — itext | A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25, 2023 prior to the disclosure. | 2023-11-26 | 6.5 | CVE-2023-6299
|
knative — serving | Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0. | 2023-11-28 | 5.3 | CVE-2023-48713
|
libtiff — libtiff | An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. | 2023-11-24 | 6.5 | CVE-2023-6277
|
mattermost — mattermost | Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked “Back to Mattermost” after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to= | 2023-11-27 | 6.1 | CVE-2023-47168 |
mattermost — mattermost | Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim’s page by create a channel name that is valid HTML. No XSS is possible though. | 2023-11-27 | 5.4 | CVE-2023-35075 |
mattermost — mattermost | Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log. | 2023-11-27 | 5.3 | CVE-2023-48369 |
mattermost — mattermost | Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled. | 2023-11-27 | 4.3 | CVE-2023-43754 |
mattermost — mattermost | Mattermost fails to properly validate the “Show Full Name” option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled. | 2023-11-27 | 4.3 | CVE-2023-45223 |
mattermost — mattermost | Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | 2023-11-27 | 4.3 | CVE-2023-47865 |
mattermost — mattermost | Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards. | 2023-11-27 | 4.3 | CVE-2023-6202 |
naver — whale_browser | The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via ‘Open in Whale’ feature. | 2023-11-27 | 5.5 | CVE-2023-25632 |
oro_inc — client_relationship_management | OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1. | 2023-11-28 | 5 | CVE-2023-32063
|
oro_inc — orocommerce | OroCommerce package with customer portal and non-authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1. | 2023-11-28 | 4.3 | CVE-2023-32064 |
oro_inc — orocommerce | OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1. | 2023-11-28 | 5.8 | CVE-2023-32065 |
oro_inc — oroplatform | OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1. | 2023-11-27 | 4.3 | CVE-2023-32062
|
oscommerce — oscommerce | A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq”><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-26 | 6.1 | CVE-2023-6296
|
pachno — pachno | A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script. | 2023-11-28 | 5.4 | CVE-2023-47437 |
phpgurukul — nipah_virus_testing_management_system | A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123. | 2023-11-26 | 6.1 | CVE-2023-6297
|
prestashop — prestashop | Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. | 2023-11-28 | 6.1 | CVE-2023-48042 |
prestashop — prestashop | In the module “CSV Feeds PRO” (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address. | 2023-11-27 | 5.3 | CVE-2023-46355 |
smpn1smg — absis | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file. | 2023-11-27 | 6.1 | CVE-2023-49029
|
smpn1smg — absis | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file. | 2023-11-27 | 5.4 | CVE-2023-49028
|
sourcecodester — url_shortener | A vulnerability was found in SourceCodester URL Shortener 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Long URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246139. | 2023-11-27 | 6.1 | CVE-2023-6313
|
sourcecodester– best_courier_management_system | A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability. | 2023-11-27 | 6.1 | CVE-2023-6300
|
sourcecodester– best_courier_management_system | A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127. | 2023-11-27 | 6.1 | CVE-2023-6301
|
sysaid — sysaid | SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | 2023-11-24 | 6.5 | CVE-2023-33706 |
tribe29 — checkmk_appliance | Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | 2023-11-27 | 5.5 | CVE-2023-6287 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. | 2023-11-30 | 6.1 | CVE-2023-6419 |
voovi — voovi | A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. | 2023-11-30 | 6.1 | CVE-2023-6420 |
wordpress — wordpress | The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS | 2023-11-27 | 6.1 | CVE-2023-5325 |
wordpress — wordpress | The WP-UserOnline WordPress plugin before 2.88.3 does not sanitize and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks. | 2023-11-27 | 6.1 | CVE-2023-5560 |
wordpress — wordpress | The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-11-27 | 6.1 | CVE-2023-5641 |
wordpress — wordpress | The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. | 2023-11-27 | 6.1 | CVE-2023-5958 |
wordpress — wordpress | The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. | 2023-11-27 | 5.9 | CVE-2023-4642 |
wordpress — wordpress | The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-11-27 | 5.4 | CVE-2023-4514 |
wordpress — wordpress | The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. | 2023-11-27 | 5.4 | CVE-2023-5620 |
wordpress — wordpress | The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. | 2023-11-27 | 5.4 | CVE-2023-5738 |
wordpress — wordpress | The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-11-27 | 5.4 | CVE-2023-5942 |
wordpress — wordpress | The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. | 2023-11-27 | 5.3 | CVE-2023-4252 |
wordpress — wordpress | The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them | 2023-11-27 | 5.3 | CVE-2023-5611 |
wordpress — wordpress | The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags | 2023-11-27 | 5.3 | CVE-2023-5845 |
wordpress — wordpress | The gAppointments WordPress plugin through 1.9.5.1 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-11-27 | 4.8 | CVE-2023-2707 |
wordpress — wordpress | The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-11-27 | 4.8 | CVE-2023-5209 |
wordpress — wordpress | The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. | 2023-11-27 | 4.3 | CVE-2023-4297 |
wordpress — wordpress | The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. | 2023-11-27 | 4.3 | CVE-2023-5525 |
wordpress — wordpress | The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. | 2023-11-27 | 4.3 | CVE-2023-5737 |
zyxel — zld | An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device. | 2023-11-28 | 5.5 | CVE-2023-5960 |
zyxel — multiple_products | An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device. | 2023-11-28 | 5.5 | CVE-2023-35136 |
zyxel — multiple_products | An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device. | 2023-11-28 | 5.5 | CVE-2023-37925 |
zyxel — multiple_products | A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device. | 2023-11-28 | 5.5 | CVE-2023-37926 |
zyxel — multiple_products | An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device. | 2023-11-28 | 5.5 | CVE-2023-5650 |
zyxel — multiple_products | An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device. | 2023-11-28 | 5.5 | CVE-2023-5797 |
zyxel — multiple_products | A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs. | 2023-11-28 | 5.2 | CVE-2023-35139 |
zyxel — multiple_products | A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device. | 2023-11-28 | 4.4 | CVE-2023-4397 |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google-translate-api-browser — google_translate_api_browser | google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://[email protected]/…`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-24 | 3.7 | CVE-2023-48711 |
tribe29 — checkmk | Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | 2023-11-24 | 3.5 | CVE-2023-6251 |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acer — wireless_keyboard | An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. | 2023-11-27 | not yet calculated | CVE-2023-48034 |
aio-libs — aiohttp | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. | 2023-11-30 | not yet calculated | CVE-2023-49081 |
aio-libs — aiohttp | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0. | 2023-11-29 | not yet calculated | CVE-2023-49082 |
anyscale — ray | Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment | 2023-11-28 | not yet calculated | CVE-2023-48022 |
anyscale — ray | Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment | 2023-11-28 | not yet calculated | CVE-2023-48023 |
apache — activemq | Once a user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke through refection. And then, RCE is able to be achieved via jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. | 2023-11-28 | not yet calculated | CVE-2022-41678
|
apache — cocoon | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | 2023-11-30 | not yet calculated | CVE-2022-45135 |
apache — dolphinscheduler | Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability | 2023-11-30 | not yet calculated | CVE-2023-49620
|
apache — superset | An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. | 2023-11-28 | not yet calculated | CVE-2023-42502 |
apache — superset | An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0 | 2023-11-28 | not yet calculated | CVE-2023-42504 |
apache — superset | An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection’s username. This issue affects Apache Superset before 3.0.0. | 2023-11-28 | not yet calculated | CVE-2023-42505 |
apache — cocoon | Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | 2023-11-30 | not yet calculated | CVE-2023-49733 |
apache — tomcat | Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. | 2023-11-28 | not yet calculated | CVE-2023-46589 |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | 2023-11-30 | not yet calculated | CVE-2023-42916
|
apple — multiple_products | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | 2023-11-30 | not yet calculated | CVE-2023-42917
|
aquaforest — tiff_server | The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files. | 2023-11-30 | not yet calculated | CVE-2023-6352
|
arcserve — arcserve_udp | An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication. | 2023-11-27 | not yet calculated | CVE-2023-41999 |
arcserve — arcserve_udp | Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed. | 2023-11-27 | not yet calculated | CVE-2023-42000 |
arm_ltd — bifrost_gpu_kernel_driver | Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0. | 2023-12-01 | not yet calculated | CVE-2023-5427 |
asana,_inc. — desktop_on_macos | Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack. | 2023-11-28 | not yet calculated | CVE-2023-49314
|
asr — falcon | Memory Corruption in IMS while calling VoLTE Streamingmedia Interface | 2023-11-30 | not yet calculated | CVE-2023-49699 |
asr — falcon | Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large. | 2023-11-30 | not yet calculated | CVE-2023-49700 |
asr — falcon | Memory Corruption in SIM management while USIMPhase2init | 2023-11-30 | not yet calculated | CVE-2023-49701 |
becton,_dickinson_and_company_(bd) — facschorus | The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. | 2023-11-28 | not yet calculated | CVE-2023-29060 |
becton,_dickinson_and_company_(bd) — facschorus | There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication. | 2023-11-28 | not yet calculated | CVE-2023-29061 |
becton,_dickinson_and_company_(bd) — facschorus | The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems. | 2023-11-28 | not yet calculated | CVE-2023-29062 |
becton,_dickinson_and_company_(bd) — facschorus | The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup. | 2023-11-28 | not yet calculated | CVE-2023-29063 |
becton,_dickinson_and_company_(bd) — facschorus | The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts. | 2023-11-28 | not yet calculated | CVE-2023-29064 |
becton,_dickinson_and_company_(bd) — facschorus | The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database. | 2023-11-28 | not yet calculated | CVE-2023-29065 |
becton,_dickinson_and_company_(bd) — facschorus | The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. | 2023-11-28 | not yet calculated | CVE-2023-29066 |
bowo — debug_log_manager | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager. This issue affects Debug Log Manager: from n/a through 2.3.0. | 2023-11-30 | not yet calculated | CVE-2023-6136 |
calendarinho — calendarinho | Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. | 2023-12-01 | not yet calculated | CVE-2023-49281
|
carrierwave — carrierwave | CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5. | 2023-11-29 | not yet calculated | CVE-2023-49090
|
catalis — cms360 | Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. | 2023-11-30 | not yet calculated | CVE-2023-6341
|
chamilo — chamilo_lms | Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960. | 2023-11-28 | not yet calculated | CVE-2023-3368
|
chamilo — chamilo_lms | Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write. | 2023-11-28 | not yet calculated | CVE-2023-3533
|
chamilo — chamilo_lms | Improper sanitization in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution. | 2023-11-28 | not yet calculated | CVE-2023-3545
|
chamilo — chamilo_lms | Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. | 2023-11-28 | not yet calculated | CVE-2023-4220
|
collabora_online — collabora_online | Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-12-01 | not yet calculated | CVE-2023-48314 |
cosmos-server — cosmos-server | Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0. | 2023-11-29 | not yet calculated | CVE-2023-49091 |
d-link — go-rt-ac750 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. | 2023-12-01 | not yet calculated | CVE-2023-48842 |
dell — rugged_control_center | Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system. | 2023-12-02 | not yet calculated | CVE-2023-39256 |
dell — rugged_control_center | Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system. | 2023-12-02 | not yet calculated | CVE-2023-39257 |
dell — rugged_control_center | Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources. | 2023-12-01 | not yet calculated | CVE-2023-43089 |
delta_electronics — infrasuite_device_master | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | 2023-11-30 | not yet calculated | CVE-2023-39226 |
delta_electronics — infrasuite_device_master | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | 2023-11-30 | not yet calculated | CVE-2023-46690 |
delta_electronics — infrasuite_device_master | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. | 2023-11-30 | not yet calculated | CVE-2023-47207 |
delta_electronics — infrasuite_device_master | In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | 2023-11-30 | not yet calculated | CVE-2023-47279 |
dpaste — dpaste | dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user’s browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability. | 2023-12-01 | not yet calculated | CVE-2023-49277 |
dreamer — cms | Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. | 2023-11-29 | not yet calculated | CVE-2023-46886 |
dreamer — cms | In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. | 2023-11-29 | not yet calculated | CVE-2023-46887 |
dreamer_cms — dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. | 2023-11-30 | not yet calculated | CVE-2023-48912 |
dreamer_cms — dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. | 2023-11-30 | not yet calculated | CVE-2023-48913 |
dreamer_cms — dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. | 2023-11-30 | not yet calculated | CVE-2023-48914 |
electron — electron | Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically, this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron. | 2023-12-01 | not yet calculated | CVE-2023-44402
|
espocrm — espocrm | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | 2023-11-30 | not yet calculated | CVE-2023-5965 |
espocrm — espocrm | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | 2023-11-30 | not yet calculated | CVE-2023-5966 |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | 2023-11-29 | not yet calculated | CVE-2023-48880 |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. | 2023-11-29 | not yet calculated | CVE-2023-48881 |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | 2023-11-29 | not yet calculated | CVE-2023-48882 |
ezviz — multiple_products | An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices. | 2023-11-28 | not yet calculated | CVE-2023-48121 |
facebook — katran | Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f | 2023-11-28 | not yet calculated | CVE-2023-49062 |
gesundheit_bewegt_gmbh — zippy | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy. This issue affects Zippy: from n/a through 1.6.1. | 2023-11-30 | not yet calculated | CVE-2023-26533 |
getsentry — symbolicator | Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2. | 2023-11-30 | not yet calculated | CVE-2023-49094
|
gitkraken — gitlens | An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component. | 2023-11-28 | not yet calculated | CVE-2023-46944 |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items. | 2023-12-01 | not yet calculated | CVE-2023-3443 |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects’ release descriptions via an atom endpoint when release access on the public was set to only project members. | 2023-12-01 | not yet calculated | CVE-2023-3949 |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings. | 2023-12-01 | not yet calculated | CVE-2023-3964 |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch. | 2023-12-01 | not yet calculated | CVE-2023-4317 |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. | 2023-12-01 | not yet calculated | CVE-2023-5226 |
gitlab — gitlab_ce/ee | Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim’s browser. | 2023-12-01 | not yet calculated | CVE-2023-6033 |
gitlab — gitlab_ee | An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group. | 2023-12-01 | not yet calculated | CVE-2023-4658 |
gitlab — gitlab_ee | An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input. | 2023-12-01 | not yet calculated | CVE-2023-4912 |
gitlab — gitlab_ee | An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects. | 2023-12-01 | not yet calculated | CVE-2023-5995 |
gl.inet — ax1800 | Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. | 2023-11-29 | not yet calculated | CVE-2023-47462 |
gl.inet — ax1800 | Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function. | 2023-11-30 | not yet calculated | CVE-2023-47463 |
gl.inet — ax1800 | Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. | 2023-11-30 | not yet calculated | CVE-2023-47464 |
gnutls — gnutls | A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. | 2023-11-28 | not yet calculated | CVE-2023-5981
|
go-resty — go-resty | A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn’t had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body. | 2023-11-28 | not yet calculated | CVE-2023-45286
|
google — android | Remote code execution | 2023-11-29 | not yet calculated | CVE-2022-42536 |
google — android | Remote code execution | 2023-11-29 | not yet calculated | CVE-2022-42537 |
google — android | Elevation of privilege | 2023-11-29 | not yet calculated | CVE-2022-42538 |
google — android | Information disclosure | 2023-11-29 | not yet calculated | CVE-2022-42539 |
google — android | Elevation of privilege | 2023-11-29 | not yet calculated | CVE-2022-42540 |
google — android | Remote code execution | 2023-11-29 | not yet calculated | CVE-2022-42541 |
google — chrome | Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-11-29 | not yet calculated | CVE-2023-6348
|
google — chrome | Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) | 2023-11-29 | not yet calculated | CVE-2023-6351
|
haproxy — haproxy | HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. | 2023-11-28 | not yet calculated | CVE-2023-45539
|
henschen_&_associates — court_document_management_software | Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents. | 2023-11-30 | not yet calculated | CVE-2023-6376
|
hitachi_energy — relion670 | A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured. | 2023-12-01 | not yet calculated | CVE-2023-4518 |
huddly — huddlycameraservice | DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. | 2023-12-01 | not yet calculated | CVE-2023-45252 |
huddly — huddlycameraservice | An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. | 2023-12-01 | not yet calculated | CVE-2023-45253 |
ibm — aix | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966. | 2023-12-01 | not yet calculated | CVE-2023-45168 |
ibm — i | IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266. | 2023-12-01 | not yet calculated | CVE-2023-42006 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. | 2023-12-01 | not yet calculated | CVE-2023-38268 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. | 2023-12-01 | not yet calculated | CVE-2023-40699 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504. | 2023-12-01 | not yet calculated | CVE-2023-42009 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. | 2023-12-01 | not yet calculated | CVE-2023-42019 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938. | 2023-12-01 | not yet calculated | CVE-2023-42022 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064. | 2023-12-01 | not yet calculated | CVE-2023-43015 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. | 2023-12-01 | not yet calculated | CVE-2023-43021 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506. | 2023-12-01 | not yet calculated | CVE-2023-46174 |
ibm — planning_analytics_on_cloud_pak_for_data | IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. | 2023-12-01 | not yet calculated | CVE-2023-26024 |
ibm — security_guardium | IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262. | 2023-11-28 | not yet calculated | CVE-2023-42004 |
idemia — multiple_products | The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage | 2023-11-28 | not yet calculated | CVE-2023-4667 |
interaxon — muse_2 | InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a “false” brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal. | 2023-12-02 | not yet calculated | CVE-2023-49914 |
jenkins — jenkins | Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1. | 2023-11-29 | not yet calculated | CVE-2023-49652 |
jenkins — jenkins | Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | 2023-11-29 | not yet calculated | CVE-2023-49653 |
jenkins — jenkins | Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. | 2023-11-29 | not yet calculated | CVE-2023-49654 |
jenkins — jenkins | A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. | 2023-11-29 | not yet calculated | CVE-2023-49655 |
jenkins — jenkins | Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2023-11-29 | not yet calculated | CVE-2023-49656 |
jenkins — jenkins | A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | 2023-11-29 | not yet calculated | CVE-2023-49673 |
jenkins — jenkins | A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | 2023-11-29 | not yet calculated | CVE-2023-49674 |
joomla! — joomla!_cms | The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. | 2023-11-29 | not yet calculated | CVE-2023-40626 |
jsherp — jsherp | Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. | 2023-11-30 | not yet calculated | CVE-2023-48894 |
jumpserver — gplv3 | Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. | 2023-11-28 | not yet calculated | CVE-2023-48193
|
jupiter — jupiter | A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. | 2023-12-01 | not yet calculated | CVE-2023-48887
|
libsyn — libsyn_publisher_hub | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub. This issue affects Libsyn Publisher Hub: from n/a through 1.3.2. | 2023-11-30 | not yet calculated | CVE-2023-25057 |
logback — logback | A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. | 2023-11-29 | not yet calculated | CVE-2023-6378 |
loytec_electronics — gmbh_linx_configurator | LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. | 2023-11-30 | not yet calculated | CVE-2023-46383 |
loytec_electronics — gmbh_linx_configurator | LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device. | 2023-11-30 | not yet calculated | CVE-2023-46384 |
loytec_electronics — gmbh_linx_configurator | LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. | 2023-11-30 | not yet calculated | CVE-2023-46385 |
loytec_electronics — multiple_products | LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | 2023-11-30 | not yet calculated | CVE-2023-46386 |
loytec_electronics — multiple_products | LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. | 2023-11-30 | not yet calculated | CVE-2023-46387 |
loytec_electronics — multiple_products | LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | 2023-11-30 | not yet calculated | CVE-2023-46388 |
loytec_electronics — multiple_products | LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. | 2023-11-30 | not yet calculated | CVE-2023-46389 |
m-files — m-files_server | Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object. | 2023-11-28 | not yet calculated | CVE-2023-6239 |
mailcow — mailcow-dockerized | Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11. | 2023-11-30 | not yet calculated | CVE-2023-49077 |
microweber — microweber | File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. | 2023-11-30 | not yet calculated | CVE-2023-49052 |
minipaint — minipaint | Cross-site Scripting (XSS) – Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. | 2023-12-01 | not yet calculated | CVE-2023-6461 |
misskey — misskey | Misskey is an open source, decentralized social media platform. Misskey’s missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1. | 2023-11-29 | not yet calculated | CVE-2023-49079 |
mitsubishi_electric_corporation — gx_works2 | Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. | 2023-11-30 | not yet calculated | CVE-2023-5274
|
mitsubishi_electric_corporation — gx_works2 | Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. | 2023-11-30 | not yet calculated | CVE-2023-5275
|
mitsubishi_electric_corporation — gx_works3 | Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. | 2023-11-30 | not yet calculated | CVE-2023-5247 |
nec_platforms,_ltd — itk-6dgs-1(bk)_tel | An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allow an attacker to execute any command on the device. | 2023-11-30 | not yet calculated | CVE-2023-3741 |
netease — cloudmusic | An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. | 2023-11-30 | not yet calculated | CVE-2023-47454 |
netgear — netgear_prosafe_network_management_system | NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. | 2023-11-29 | not yet calculated | CVE-2023-49693 |
netgear — netgear_prosafe_network_management_system | A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. | 2023-11-29 | not yet calculated | CVE-2023-49694 |
nettyrpc — nettyrpc | A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. | 2023-12-01 | not yet calculated | CVE-2023-48886 |
netwrix_corporation — usercube | Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints). | 2023-11-28 | not yet calculated | CVE-2023-41264 |
nexkey — nexkey | nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2. | 2023-11-30 | not yet calculated | CVE-2023-49095 |
node.js — node.js | When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. | 2023-11-28 | not yet calculated | CVE-2023-30588 |
node.js — node.js | The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: “Generates private and public Diffie-Hellman key values”. The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. | 2023-11-28 | not yet calculated | CVE-2023-30590 |
notepad++ — notepad++ | An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | 2023-11-30 | not yet calculated | CVE-2023-47452 |
notepad++ — notepad++ | A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-30 | not yet calculated | CVE-2023-6401 |
o2oa — o2oa | Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. | 2023-11-30 | not yet calculated | CVE-2023-47418 |
october_cms — october_cms | October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15. | 2023-12-01 | not yet calculated | CVE-2023-44381 |
october_cms — october_cms | October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2. | 2023-11-29 | not yet calculated | CVE-2023-44383 |
october_cms — october_cms | October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15. | 2023-12-01 | not yet calculated | CVE-2023-44382 |
openlink_software — virtuoso | A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-11-29 | not yet calculated | CVE-2023-48945 |
oro_inc — platform | OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9. | 2023-11-27 | not yet calculated | CVE-2022-41951 |
packers_and_movers_management_system — packers_and_movers_management_system | SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. | 2023-11-30 | not yet calculated | CVE-2023-46956 |
perl — perl | In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{…} regular expression construct is mishandled. The earliest affected version is 5.30.0. | 2023-12-02 | not yet calculated | CVE-2023-47100 |
phpems — phpems | A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability. | 2023-12-02 | not yet calculated | CVE-2023-6472
|
phpgurukul — nipah_virus_testing_management_system | A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423. | 2023-11-30 | not yet calculated | CVE-2023-6402
|
phpgurukul — nipah_virus_testing_management_system | A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-6442
|
phpgurukul — nipah_virus_testing_management_system | A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615. | 2023-12-02 | not yet calculated | CVE-2023-6465
|
phpmemcachedadmin — phpmemcachedadmin | A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input. | 2023-11-30 | not yet calculated | CVE-2023-6026 |
phpmemcachedadmin — phpmemcachedadmin | A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the “/pmcadmin/configure.php” parameter. | 2023-11-30 | not yet calculated | CVE-2023-6027 |
pimcore — pimcore | The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two-factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2. | 2023-11-28 | not yet calculated | CVE-2023-49075
|
pimcore — pimcore | Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5. | 2023-11-30 | not yet calculated | CVE-2023-49076 |
posthog — posthog | PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability. | 2023-12-01 | not yet calculated | CVE-2023-46746 |
preh_gmbh — mib3_infotainment_unit | The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Å koda Superb III (3V3) – 2.0 TDI manufactured in 2022. | 2023-12-01 | not yet calculated | CVE-2023-28895 |
preh_gmbh — mib3_infotainment_unit | Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Å koda Superb III (3V3) – 2.0 TDI manufactured in 2022. | 2023-12-01 | not yet calculated | CVE-2023-28896 |
progress_software_corporation — moveit_transfer | In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser. | 2023-11-29 | not yet calculated | CVE-2023-6217 |
progress_software_corporation — moveit_transfer | In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group member’s permissions to the role of an organization administrator. | 2023-11-29 | not yet calculated | CVE-2023-6218 |
ptc — kepserverex | KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | 2023-11-30 | not yet calculated | CVE-2023-5908 |
ptc — kepserverex | KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 2023-11-30 | not yet calculated | CVE-2023-5909 |
pyca — cryptography | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. | 2023-11-29 | not yet calculated | CVE-2023-49083
|
raptor-web — raptor-web | raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user-controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of `raptor-web` on version `0.4.4`. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1. | 2023-11-28 | not yet calculated | CVE-2023-49078 |
restaurant_table_booking_system — restaurant_table_booking_system | Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. | 2023-12-01 | not yet calculated | CVE-2023-48016 |
ruoyi — ruoyi | RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | 2023-12-01 | not yet calculated | CVE-2023-49371 |
rustcrypto — rsa | RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer. | 2023-11-28 | not yet calculated | CVE-2023-49092 |
schweitzer_engineering_laboratories — sel-411l | An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-2264 |
schweitzer_engineering_laboratories — sel-411l | An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-2265 |
schweitzer_engineering_laboratories — sel-411l | An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-2266 |
schweitzer_engineering_laboratories — sel-411l | An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-2267 |
schweitzer_engineering_laboratories — sel-451 | An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-31176 |
schweitzer_engineering_laboratories — sel-451 | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim’s system. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-31177 |
schweitzer_engineering_laboratories — sel-451 | An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-34388 |
schweitzer_engineering_laboratories — sel-451 | An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-34389 |
schweitzer_engineering_laboratories — sel-451 | An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details. | 2023-11-30 | not yet calculated | CVE-2023-34390 |
senayan_library_management_systems — slims_9_bulian | Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | 2023-12-01 | not yet calculated | CVE-2023-48813 |
senayan_library_management_systems — slims_9_bulian | Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php. | 2023-12-01 | not yet calculated | CVE-2023-48893 |
shenzhen_libituo_technology_co.,_ltd — lbt-t300-t310 | Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter. | 2023-11-30 | not yet calculated | CVE-2023-47307 |
sierra_wireless_inc. — aleos | Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device. | 2023-11-29 | not yet calculated | CVE-2023-40458 |
simplesamlphp — xml-security | xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP’s canonicalization function) manages to manipulate the canonicalized version’s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13. | 2023-11-30 | not yet calculated | CVE-2023-49087 |
sohu — video_player | An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. | 2023-11-30 | not yet calculated | CVE-2023-47453 |
sophos — sophos_email_appliance | A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4. | 2023-11-30 | not yet calculated | CVE-2021-36806 |
sourcecodester — book_borrower_system | A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246443. | 2023-11-30 | not yet calculated | CVE-2023-6440
|
sourcecodester — online_quiz_system | A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639. | 2023-12-02 | not yet calculated | CVE-2023-6473
|
sourcecodester — user_registration_and_login_system | A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612. | 2023-12-01 | not yet calculated | CVE-2023-6462
|
sourcecodester — user_registration_and_login_system | A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability. | 2023-12-01 | not yet calculated | CVE-2023-6463
|
sourcecodester — user_registration_and_login_system | A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability. | 2023-12-02 | not yet calculated | CVE-2023-6464
|
spring — reactor_netty | In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled. | 2023-11-28 | not yet calculated | CVE-2023-34054 |
spring — spring_boot | In Spring Boot versions 2.7.0 – 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath | 2023-11-28 | not yet calculated | CVE-2023-34055 |
spring — spring_framework | In Spring Framework versions 6.0.0 – 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | 2023-11-28 | not yet calculated | CVE-2023-34053 |
systematica — radius | Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter “file” in URL. Also: affected components in same product – HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25) | 2023-11-30 | not yet calculated | CVE-2021-35975 |
tenda — i6 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. | 2023-11-30 | not yet calculated | CVE-2023-48963 |
tenda — i6 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. | 2023-11-30 | not yet calculated | CVE-2023-48964 |
thecosy — icecms | A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-6438
|
thecosy — icecms | A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616. | 2023-12-02 | not yet calculated | CVE-2023-6466
|
thecosy — icecms | A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability. | 2023-12-02 | not yet calculated | CVE-2023-6467
|
totolink — x6000r | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. | 2023-12-01 | not yet calculated | CVE-2023-43453 |
totolink — x6000r | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. | 2023-12-01 | not yet calculated | CVE-2023-43454 |
totolink — x6000r | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | 2023-12-01 | not yet calculated | CVE-2023-43455 |
totolink — x6000r | In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | 2023-12-01 | not yet calculated | CVE-2023-48801 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48802 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48803 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48804 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48805 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48806 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48807 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48808 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48810 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48811 |
totolink — x6000r | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | 2023-11-30 | not yet calculated | CVE-2023-48812 |
trellix — trellix_enterprise_security_manager | A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn’t parse for invalid data | 2023-11-29 | not yet calculated | CVE-2023-6070 |
trellix — trellix_enterprise_security_manager | An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn’t correctly sanitized when adding a new data source. | 2023-11-30 | not yet calculated | CVE-2023-6071 |
tyler_technologies — civil_and_criminal_electronic_filing | Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx ‘enky’ parameter. | 2023-11-30 | not yet calculated | CVE-2023-6353
|
tyler_technologies — court_case_management_plus | Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the ‘CmWebSearchPfp/Login.aspx?xyzldk=’ and ‘payforprint_CM/Redirector.ashx?userid=’ parameters. The vulnerable “pay for print” feature was removed on or around 2023-11-01. | 2023-11-30 | not yet calculated | CVE-2023-6342
|
tyler_technologies — court_case_management_plus | Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx ‘FN’ and ‘PN’ parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. | 2023-11-30 | not yet calculated | CVE-2023-6343
|
tyler_technologies — court_case_management_plus | Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx ‘ifolder’ parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. | 2023-11-30 | not yet calculated | CVE-2023-6344
|
tyler_technologies — magistrate_court_case_management_plus | Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx ‘filename’ parameter. | 2023-11-30 | not yet calculated | CVE-2023-6354
|
tyler_technologies — magistrate_court_case_management_plus | Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials. | 2023-11-30 | not yet calculated | CVE-2023-6375
|
uptime_kuma — uptime_kuma | Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-12-01 | not yet calculated | CVE-2023-49276 |
ureport — ureport | An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | 2023-11-28 | not yet calculated | CVE-2023-48848 |
windows — multiple_products | An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | 2023-11-30 | not yet calculated | CVE-2023-4770 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MonsterInsights Pro allows Stored XSS. This issue affects MonsterInsights Pro: from n/a through 8.14.1. | 2023-11-30 | not yet calculated | CVE-2023-32291 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS). This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1. | 2023-11-30 | not yet calculated | CVE-2023-33333 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS. This issue affects SoundCloud Shortcode: from n/a through 3.1.0. | 2023-11-30 | not yet calculated | CVE-2023-34018 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery. This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7. | 2023-11-30 | not yet calculated | CVE-2023-34030 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin. This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64. | 2023-11-30 | not yet calculated | CVE-2023-36507 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link. This issue affects Email download link: from n/a through 3.7. | 2023-11-30 | not yet calculated | CVE-2023-36523 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery. This issue affects Schema Pro: from n/a through 2.7.7. | 2023-11-30 | not yet calculated | CVE-2023-36682 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery. This issue affects CartFlows Pro: from n/a through 1.11.12. | 2023-11-30 | not yet calculated | CVE-2023-36685 |
wordpress — wordpress | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress. This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8. | 2023-11-30 | not yet calculated | CVE-2023-37867 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO. This issue affects Premium Addons PRO: from n/a through 2.9.0. | 2023-11-30 | not yet calculated | CVE-2023-37868 |
wordpress — wordpress | Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers. This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88. | 2023-11-30 | not yet calculated | CVE-2023-37890 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce. This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1. | 2023-11-30 | not yet calculated | CVE-2023-37972 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kriesi Enfold – Responsive Multi-Purpose Theme allows Reflected XSS. This issue affects Enfold – Responsive Multi-Purpose Theme: from n/a through 5.6.4. | 2023-11-30 | not yet calculated | CVE-2023-38400 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS. This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12. | 2023-11-30 | not yet calculated | CVE-2023-38474 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS. This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through 4.6.19. | 2023-11-30 | not yet calculated | CVE-2023-39921 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks. This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. | 2023-11-30 | not yet calculated | CVE-2023-40211 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on. This issue affects EWWW Image Optimizer: from n/a through 7.2.0. | 2023-11-30 | not yet calculated | CVE-2023-40600 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy. This issue affects Cookies and Content Security Policy: from n/a through 2.15. | 2023-11-30 | not yet calculated | CVE-2023-40662 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS. This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118. | 2023-11-30 | not yet calculated | CVE-2023-40674 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Yoast Yoast SEO allows Stored XSS. This issue affects Yoast SEO: from n/a through 21.0. | 2023-11-30 | not yet calculated | CVE-2023-40680 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS. This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1. | 2023-11-30 | not yet calculated | CVE-2023-41127 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS. This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8. | 2023-11-30 | not yet calculated | CVE-2023-41128 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS. This issue affects Simple Long Form: from n/a through 2.2.2. | 2023-11-30 | not yet calculated | CVE-2023-41136 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers. This issue affects Email posts to subscribers: from n/a through 6.2. | 2023-11-30 | not yet calculated | CVE-2023-41735 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS. This issue affects Bamboo Columns: from n/a through 1.6.1. | 2023-11-30 | not yet calculated | CVE-2023-44143 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS. This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1. | 2023-11-30 | not yet calculated | CVE-2023-45050 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS. This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0. | 2023-11-30 | not yet calculated | CVE-2023-45609 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub. This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. | 2023-11-30 | not yet calculated | CVE-2023-45834 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS. This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. | 2023-11-30 | not yet calculated | CVE-2023-46086 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop. This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0. | 2023-11-30 | not yet calculated | CVE-2023-46820 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS). This issue affects Elementor: from n/a through 3.16.4. | 2023-11-30 | not yet calculated | CVE-2023-47505 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS. This issue affects Q2W3 Post Order: from n/a through 1.2.8. | 2023-11-30 | not yet calculated | CVE-2023-47521 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery. This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6. | 2023-11-30 | not yet calculated | CVE-2023-47645 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS. This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1. | 2023-11-30 | not yet calculated | CVE-2023-47777
|
wordpress — wordpress | Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Events Addon for Elementor: from n/a through 2.1.3. | 2023-11-30 | not yet calculated | CVE-2023-47827 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS. This issue affects Grab & Save: from n/a through 1.0.4. | 2023-11-30 | not yet calculated | CVE-2023-47844 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tainacan.Org Tainacan allows Reflected XSS. This issue affects Tainacan: from n/a through 0.20.4. | 2023-11-30 | not yet calculated | CVE-2023-47848 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS. This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0. | 2023-11-30 | not yet calculated | CVE-2023-47850 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS. This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1. | 2023-11-30 | not yet calculated | CVE-2023-47851 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS. This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1. | 2023-11-30 | not yet calculated | CVE-2023-47853 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS. This issue affects Parallax Image: from n/a through 1.7.1. | 2023-11-30 | not yet calculated | CVE-2023-47854 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to force all users log out. This issue affects wpForo Forum: from n/a through 2.2.6. | 2023-11-30 | not yet calculated | CVE-2023-47870 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gVectors Team wpForo Forum allows Stored XSS. This issue affects wpForo Forum: from n/a through 2.2.3. | 2023-11-30 | not yet calculated | CVE-2023-47872 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery. This issue affects Perfmatters: from n/a through 2.1.6. | 2023-11-30 | not yet calculated | CVE-2023-47875 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Perfmatters allows Reflected XSS. This issue affects Perfmatters: from n/a through 2.1.6. | 2023-11-30 | not yet calculated | CVE-2023-47876 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Perfmatters allows Stored XSS. This issue affects Perfmatters: from n/a before 2.2.0. | 2023-11-30 | not yet calculated | CVE-2023-47877 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS. This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2. | 2023-11-30 | not yet calculated | CVE-2023-48272 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS. This issue affects WP Forms Puzzle Captcha: from n/a through 4.1. | 2023-11-30 | not yet calculated | CVE-2023-48278 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery. This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6. | 2023-11-30 | not yet calculated | CVE-2023-48279 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery. This issue affects Broken Link Checker for YouTube: from n/a through 1.3. | 2023-11-30 | not yet calculated | CVE-2023-48281 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery. This issue affects Taxonomy filter: from n/a through 2.2.9. | 2023-11-30 | not yet calculated | CVE-2023-48282 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery. This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. | 2023-11-30 | not yet calculated | CVE-2023-48283 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery. This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7. | 2023-11-30 | not yet calculated | CVE-2023-48284 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS. This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3. | 2023-11-30 | not yet calculated | CVE-2023-48289 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS. This issue affects Display Custom Post: from n/a through 2.2.1. | 2023-11-30 | not yet calculated | CVE-2023-48317 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebDorado SpiderVPlayer allows Stored XSS. This issue affects SpiderVPlayer: from n/a through 1.5.22. | 2023-11-30 | not yet calculated | CVE-2023-48320 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS. This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1. | 2023-11-30 | not yet calculated | CVE-2023-48321 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS. This issue affects eDoc Employee Job Application – Best WordPress Job Manager for Employees: from n/a through 1.13. | 2023-11-30 | not yet calculated | CVE-2023-48322 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery. This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4. | 2023-11-30 | not yet calculated | CVE-2023-48323 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pixelite Events Manager allows Reflected XSS. This issue affects Events Manager: from n/a through 6.4.5. | 2023-11-30 | not yet calculated | CVE-2023-48326 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery. This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37. | 2023-11-30 | not yet calculated | CVE-2023-48328 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeBard Fast Custom Social Share by CodeBard allows Stored XSS. This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.1. | 2023-11-30 | not yet calculated | CVE-2023-48329 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery. This issue affects Bulk Comment Remove: from n/a through 2. | 2023-11-30 | not yet calculated | CVE-2023-48330 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery. This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4. | 2023-11-30 | not yet calculated | CVE-2023-48331 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce. This issue affects Booster for WooCommerce: from n/a through 7.1.1. | 2023-11-30 | not yet calculated | CVE-2023-48333 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery. This issue affects League Table: from n/a through 1.13. | 2023-11-30 | not yet calculated | CVE-2023-48334 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cybernetikz Easy Social Icons allows Stored XSS. This issue affects Easy Social Icons: from n/a through 3.2.4. | 2023-11-30 | not yet calculated | CVE-2023-48336 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS. This issue affects TriPay Payment Gateway: from n/a through 3.2.7. | 2023-11-30 | not yet calculated | CVE-2023-48737 |
wordpress — wordpress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection. This issue affects License Manager for WooCommerce: from n/a through 2.2.10. | 2023-11-30 | not yet calculated | CVE-2023-48742 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Menard Simply Exclude allows Reflected XSS. This issue affects Simply Exclude: from n/a through 2.0.6.6. | 2023-11-30 | not yet calculated | CVE-2023-48743 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery. This issue affects Availability Calendar: from n/a through 1.2.6. | 2023-11-30 | not yet calculated | CVE-2023-48744 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS. This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0. | 2023-11-30 | not yet calculated | CVE-2023-48746 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme nectar Salient Core allows Reflected XSS. This issue affects Salient Core: from n/a through 2.0.2. | 2023-11-30 | not yet calculated | CVE-2023-48748 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments – Happyforms allows Reflected XSS. This issue affects Form builder to get in touch with visitors, grow your email list and collect payments – Happyforms: from n/a through 1.25.9. | 2023-11-30 | not yet calculated | CVE-2023-48752 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery. This issue affects Delete Post Revisions In WordPress: from n/a through 4.6. | 2023-11-30 | not yet calculated | CVE-2023-48754 |
wordpress — wordpress | The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins | 2023-11-27 | not yet calculated | CVE-2023-5653 |
wordpress — wordpress | The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-30 | not yet calculated | CVE-2023-5772
|
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery. This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10. | 2023-11-30 | not yet calculated | CVE-2023-5803 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery. This issue affects Frontier Post: from n/a through 6.1. | 2023-11-30 | not yet calculated | CVE-2023-6137 |
wordpress — wordpress | The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-28 | not yet calculated | CVE-2023-6225
|
wordpress — wordpress | The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user-controlled keys ‘key’ and ‘post_id’. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin. | 2023-11-28 | not yet calculated | CVE-2023-6226
|
wordpress — wordpress | The ‘My Calendar’ WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the ‘from’ and ‘to’ parameters in the ‘/my-calendar/v1/events’ rest route. | 2023-11-30 | not yet calculated | CVE-2023-6360 |
wordpress — wordpress | The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘validate’ function and insufficient blocklisting on the ‘wpcf7_antiscript_file_name’ function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site’s server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion. | 2023-12-01 | not yet calculated | CVE-2023-6449
|
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2. | 2023-11-30 | not yet calculated | CVE-2023-44150 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme nectar Salient Core allows Stored XSS. This issue affects Salient Core: from n/a through 2.0.2. | 2023-11-30 | not yet calculated | CVE-2023-48749 |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users. This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | 2023-11-30 | not yet calculated | CVE-2023-45066 |
xmachoviewer — xmachoviewer | A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product’s processes, potentially leading to remote control and unauthorized access to sensitive user data. | 2023-11-28 | not yet calculated | CVE-2023-49313 |
yokogawa_electric_corporation — stardom | A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31. | 2023-12-01 | not yet calculated | CVE-2023-5915
|
zentao_pms — zentao_pms | A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439. | 2023-11-30 | not yet calculated | CVE-2023-6439
|
zitadel — zitadel | ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code can be retrieved and used to reset the users password and take over his account. Accounts with MFA or Passwordless enabled can not be taken over by this attack. This issue has been patched in versions 2.41.6, 2.40.10 and 2.39.9. | 2023-11-30 | not yet calculated | CVE-2023-49097 |
zstack — cloud | ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation. | 2023-11-30 | not yet calculated | CVE-2023-46326 |
zumtobel — netlink_ccd_onboard | Zumtobel Netlink CCD Onboard 3.74 – Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. | 2023-11-29 | not yet calculated | CVE-2023-23324 |
zumtobel — netlink_ccd_onboard | Zumtobel Netlink CCD Onboard 3.74 – Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. | 2023-11-29 | not yet calculated | CVE-2023-23325 |
zumtobel — netlink_ccd_onboard | Zumtobel Netlink CCD Onboard v3.74 – Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification. | 2023-11-29 | not yet calculated | CVE-2023-24294 |
zyxel — atp_series_firmware | An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet. | 2023-11-28 | not yet calculated | CVE-2023-4398 |
zyxel — nas326/nas542 | An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. | 2023-11-30 | not yet calculated | CVE-2023-35137 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.