Vulnerability Summary for the Week of December 25, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
awslabs -- sandbox-accounts-for-events | "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. | 2023-12-22 | 7.1 | CVE-2023-50928 security-advisories@github.com security-advisories@github.com |
awslabs -- sandbox-accounts-for-events | Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0. | 2023-12-22 | 7.8 | CVE-2023-51386 security-advisories@github.com security-advisories@github.com |
c-blosc2 -- c-blosc2 | C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. | 2023-12-25 | 7.5 | CVE-2023-37185 cve@mitre.org cve@mitre.org cve@mitre.org |
c-blosc2 -- c-blosc2 | C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. | 2023-12-25 | 7.5 | CVE-2023-37186 cve@mitre.org cve@mitre.org cve@mitre.org |
c-blosc2 -- c-blosc2 | C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function. | 2023-12-25 | 7.5 | CVE-2023-37187 cve@mitre.org cve@mitre.org cve@mitre.org |
c-blosc2 -- c-blosc2 | C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. | 2023-12-25 | 7.5 | CVE-2023-37188 cve@mitre.org cve@mitre.org cve@mitre.org |
cacti -- cacti | Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. | 2023-12-22 | 8.8 | CVE-2023-49085 security-advisories@github.com security-advisories@github.com |
cacti -- cacti | Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `'managers.php'`. An authenticated attacker with the "Settings/Utilities" permission can send a crafted HTTP GET request to the endpoint `'/cacti/managers.php'` with an SQLi payload in the `'selected_graphs_array'` HTTP GET parameter. As of time of publication, no patched versions exist. | 2023-12-22 | 8.8 | CVE-2023-51448 security-advisories@github.com security-advisories@github.com |
campcodes -- online_college_library_system | A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability. | 2023-12-29 | 7.3 | CVE-2023-7156 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
clickhouse -- clickhouse | ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20. | 2023-12-22 | 7 | CVE-2023-48704 security-advisories@github.com security-advisories@github.com |
cloudflare -- miniflare | Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. | 2023-12-29 | 7.5 | CVE-2023-7078 cna@cloudflare.com cna@cloudflare.com |
cloudflare -- wrangler | The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers. | 2023-12-29 | 8.5 | CVE-2023-7080 cna@cloudflare.com cna@cloudflare.com cna@cloudflare.com cna@cloudflare.com cna@cloudflare.com |
code-projects -- faculty_management_system | A vulnerability was found in code-projects Faculty Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/php/crud.php. The manipulation of the argument fieldname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248948. | 2023-12-25 | 9.8 | CVE-2023-7096 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- library_management_system | A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability. | 2023-12-26 | 9.8 | CVE-2023-7111 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- water_billing_system | A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability. | 2023-12-25 | 9.8 | CVE-2023-7097 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
coolkit_technology -- ewelink_-_smart_home | Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass. This issue affects eWeLink before 5.2.0. | 2023-12-30 | 7.7 | CVE-2023-6998 cvd@cert.pl cvd@cert.pl cvd@cert.pl |
d-link -- d-view_8 | A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes. | 2023-12-28 | 10 | CVE-2023-7163 vulnreport@tenable.com |
deepin_linux -- deepin_linux | Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue. | 2023-12-22 | 9.3 | CVE-2023-50254 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
deepin_linux -- deepin_linux | Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. | 2023-12-27 | 9.3 | CVE-2023-50255 security-advisories@github.com security-advisories@github.com |
dell -- client_bios | Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | 2023-12-22 | 7.2 | CVE-2023-43088 security_alert@emc.com |
dell -- supportassist_client_consumer | Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. | 2023-12-22 | 7.3 | CVE-2023-48670 security_alert@emc.com |
dromara_hertzbeat -- dromara_hertzbeat | Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization. Version 1.2.1 contains a patch for this issue. | 2023-12-22 | 7.5 | CVE-2022-39337 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
dromara_hertzbeat -- dromara_hertzbeat | Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1. | 2023-12-22 | 7.2 | CVE-2023-51387 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
dromara_hertzbeat -- dromara_hertzbeat | Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue. | 2023-12-22 | 7.5 | CVE-2023-51650 security-advisories@github.com security-advisories@github.com |
engelsystem -- engelsystem | Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1. | 2023-12-22 | 7.3 | CVE-2023-50924 security-advisories@github.com security-advisories@github.com |
gm_information_technologies -- mdo | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-29 | 9.8 | CVE-2023-4675 iletisim@usom.gov.tr |
grackle -- grackle | Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioural characteristics would be needed. Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing. | 2023-12-22 | 7.5 | CVE-2023-50730 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
honor -- com.hihonor.phoneservice | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 7 | CVE-2023-51431 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file | 2023-12-29 | 7.3 | CVE-2023-23436 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_ui | Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. | 2023-12-29 | 9.3 | CVE-2023-51434 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_ui | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 7.1 | CVE-2023-51435 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- nth-an00 | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | 2023-12-29 | 7.3 | CVE-2023-23431 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- nth-an00 | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | 2023-12-29 | 7.3 | CVE-2023-23432 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
ibm -- aspera_console | IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322. | 2023-12-25 | 7.2 | CVE-2021-38927 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- financial_transaction_manager_for_swift_services | In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183. | 2023-12-25 | 7.5 | CVE-2023-49880 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- i | Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. | 2023-12-25 | 7 | CVE-2023-43064 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- planning_analytics | IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. | 2023-12-22 | 9.8 | CVE-2023-42017 psirt@us.ibm.com psirt@us.ibm.com |
iteachyou -- dreamer_cms | A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-24 | 8.8 | CVE-2023-7091 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49688 help@fluidattacks.com help@fluidattacks.com |
kashipara -- job_portal | Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-12-22 | 9.8 | CVE-2023-49689 help@fluidattacks.com help@fluidattacks.com |
libaom -- libaom | Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). | 2023-12-27 | 9 | CVE-2023-6879 cve-coordination@google.com cve-coordination@google.com |
lychee -- lychee | Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging. | 2023-12-28 | 8.8 | CVE-2023-52082 security-advisories@github.com security-advisories@github.com |
mattermost -- mattermost | Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. | 2023-12-29 | 7.1 | CVE-2023-7114 responsibledisclosure@mattermost.com |
micropython -- micropython | A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. | 2023-12-29 | 7.3 | CVE-2023-7158 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
microsoft -- visual_studio | Visual Studio Code Python Extension Remote Code Execution Vulnerability | 2023-12-29 | 7.8 | CVE-2020-17163 secure@microsoft.com |
mindsdb -- mindsdb | MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server. | 2023-12-22 | 9.1 | CVE-2023-50731 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
misskey -- misskey | Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user's permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64). | 2023-12-29 | 9 | CVE-2023-52139 security-advisories@github.com security-advisories@github.com |
misskey -- misskey | Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5. | 2023-12-27 | 8.9 | CVE-2023-52077 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
moxa -- iologik_e1210_firmware | A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. | 2023-12-23 | 8.8 | CVE-2023-5961 psirt@moxa.com |
mp3gain -- mp3gain | A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. | 2023-12-22 | 7.5 | CVE-2023-49356 cve@mitre.org |
netentsec -- ns-asg_application_security_gateway | A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183. | 2023-12-29 | 7.3 | CVE-2023-7161 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
open_design_alliance -- oda_drawings_sdk | An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2023-12-26 | 7.8 | CVE-2023-5180 8a9629cb-c5e7-4d2a-a894-111e8039b7ea |
pandora_fms -- pandora_fms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 7.5 | CVE-2023-41815 security@pandorafms.com |
pexip -- pexip_infinity | Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. | 2023-12-25 | 7.5 | CVE-2023-31289 cve@mitre.org |
pexip -- pexip_infinity | Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. | 2023-12-25 | 7.5 | CVE-2023-31455 cve@mitre.org |
phpgurukul -- hospital_management_system | A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356. | 2023-12-30 | 7.3 | CVE-2023-7172 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- nipah_virus_testing_management_system | A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248951. | 2023-12-25 | 9.8 | CVE-2023-7099 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740. | 2023-12-22 | 8.8 | CVE-2023-7053 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- restaurant_table_booking_system | A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952. | 2023-12-25 | 9.8 | CVE-2023-7100 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly -- multiple_products | A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability. | 2023-12-29 | 7.2 | CVE-2023-4464 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
red_hat -- jboss_enterprise_application_platform | A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service. | 2023-12-27 | 7.5 | CVE-2023-3171 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
revanced -- revanced | ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching. | 2023-12-27 | 7.5 | CVE-2023-52075 security-advisories@github.com |
signalwire -- freeswitch | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check. | 2023-12-27 | 7.5 | CVE-2023-51443 security-advisories@github.com security-advisories@github.com |
sourcecodester -- simple_student_attendance_system | A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability. | 2023-12-22 | 9.8 | CVE-2023-7058 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
talent_software -- ecop | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255. | 2023-12-28 | 7.5 | CVE-2023-4671 iletisim@usom.gov.tr |
tenda -- m3_firmware | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. | 2023-12-26 | 9.8 | CVE-2023-51090 cve@mitre.org |
tenda -- m3_firmware | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. | 2023-12-26 | 9.8 | CVE-2023-51091 cve@mitre.org |
tenda -- m3_firmware | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. | 2023-12-26 | 9.8 | CVE-2023-51092 cve@mitre.org |
tenda -- m3_firmware | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. | 2023-12-26 | 9.8 | CVE-2023-51093 cve@mitre.org |
tenda -- m3_firmware | Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | 2023-12-26 | 9.8 | CVE-2023-51094 cve@mitre.org |
tenda -- m3_firmware | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. | 2023-12-26 | 9.8 | CVE-2023-51095 cve@mitre.org |
tenda -- w9_firmware | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. | 2023-12-26 | 9.8 | CVE-2023-51097 cve@mitre.org |
tenda -- w9_firmware | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | 2023-12-26 | 9.8 | CVE-2023-51098 cve@mitre.org |
tenda -- w9_firmware | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | 2023-12-26 | 9.8 | CVE-2023-51099 cve@mitre.org |
tenda -- w9_firmware | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | 2023-12-26 | 9.8 | CVE-2023-51100 cve@mitre.org |
tenda -- w9_firmware | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. | 2023-12-26 | 9.8 | CVE-2023-51101 cve@mitre.org |
tenda -- w9_firmware | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. | 2023-12-26 | 9.8 | CVE-2023-51102 cve@mitre.org |
tj-actions -- tj-actions | tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade. | 2023-12-27 | 7.3 | CVE-2023-51664 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
tj-actions -- tj-actions | The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`. This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments. | 2023-12-29 | 7.7 | CVE-2023-52137 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
totolink -- a3700r_firmware | There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | 2023-12-22 | 9.8 | CVE-2023-50147 cve@mitre.org |
totolink -- a7100ru | A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability. | 2023-12-25 | 9.8 | CVE-2023-7095 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- ex1200l_firmware | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | 2023-12-22 | 9.8 | CVE-2023-51033 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter' of the setLanConfig interface of the cstecgi .cgi | 2023-12-22 | 9.8 | CVE-2023-51011 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter' of the setLanConfig interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51012 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter' of the setLanConfig interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51013 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter' of the setLanConfig interface of the cstecgi .cgi | 2023-12-22 | 9.8 | CVE-2023-51014 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the 'enable parameter' of the setDmzCfg interface of the cstecgi .cgi | 2023-12-22 | 9.8 | CVE-2023-51015 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51016 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter' of the setLanConfig interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51017 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'opmode' parameter of the setWiFiApConfig interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51018 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'key5g' parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51019 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'langType' parameter of the setLanguageCfg interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51020 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'merge' parameter of the setRptWizardCfg interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51021 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'langFlag' parameter of the setLanguageCfg interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51022 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the 'host_time' parameter of the NTPSyncWithHost interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51023 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'tz' parameter of the setNtpCfg interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51024 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the 'admuser' parameter of the setPasswordCfg interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51025 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'hour' parameter of the setRebootScheCfg interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51026 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the 'apcliAuthMode' parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | 2023-12-22 | 9.8 | CVE-2023-51027 cve@mitre.org |
totolink -- ex1800t_firmware | TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | 2023-12-22 | 9.8 | CVE-2023-51028 cve@mitre.org |
wasmer -- wasmer | Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. | 2023-12-22 | 8.4 | CVE-2023-51661 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ween_software -- admin_panel | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-29 | 9.8 | CVE-2023-4541 iletisim@usom.gov.tr |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker. This issue affects RSVPMaker: from n/a through 10.6.6. | 2023-12-29 | 10 | CVE-2023-25054 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps. This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. | 2023-12-29 | 10 | CVE-2023-51411 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome. This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. | 2023-12-29 | 10 | CVE-2023-51419 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre - Dating Site. This issue affects Rencontre - Dating Site: from n/a through 3.10.1. | 2023-12-29 | 10 | CVE-2023-51468 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds - Simple Classifieds Plugin. This issue affects TerraClassifieds - Simple Classifieds Plugin: from n/a through 2.0.3. | 2023-12-29 | 10 | CVE-2023-51473 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN. This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0. | 2023-12-29 | 10 | CVE-2023-51475 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store. This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store: from n/a through 1.0.6. | 2023-12-29 | 10 | CVE-2023-51505 audit@patchstack.com |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dini? Rename Media Files. This issue affects Rename Media Files: from n/a through 1.0.1. | 2023-12-29 | 9.9 | CVE-2023-32095 audit@patchstack.com |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress. This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | 2023-12-29 | 9.1 | CVE-2023-40606 audit@patchstack.com |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension. This issue affects Nexter Extension: from n/a through 2.0.3. | 2023-12-29 | 9.1 | CVE-2023-45751 audit@patchstack.com |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra. This issue affects WP EXtra: from n/a through 6.2. | 2023-12-29 | 9.9 | CVE-2023-46623 audit@patchstack.com |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons. This issue affects Qode Essential Addons: from n/a through 1.5.2. | 2023-12-29 | 9.9 | CVE-2023-47840 audit@patchstack.com |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro. This issue affects Astra Pro: from n/a through 4.3.1. | 2023-12-29 | 9.9 | CVE-2023-49830 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin. This issue affects JS Help Desk - Best Help Desk & Support Plugin: from n/a through 2.8.1. | 2023-12-28 | 9.3 | CVE-2023-50839 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log. This issue affects WP Mail Log: from n/a through 1.1.2. | 2023-12-29 | 9.9 | CVE-2023-51410 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.25. | 2023-12-29 | 9 | CVE-2023-51412 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters. This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1. | 2023-12-29 | 9.6 | CVE-2023-51414 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons. This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. | 2023-12-29 | 9.9 | CVE-2023-51417 audit@patchstack.com |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | 2023-12-29 | 9.1 | CVE-2023-51420 audit@patchstack.com |
wordpress -- wordpress | Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | 2023-12-29 | 9.9 | CVE-2023-51421 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. | 2023-12-29 | 9.9 | CVE-2023-51422 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre - Dating Site. This issue affects Rencontre - Dating Site: from n/a through 3.11.1. | 2023-12-29 | 9.9 | CVE-2023-51470 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career - Manage job board listings, and recruitments. This issue affects Job Manager & Career - Manage job board listings, and recruitments: from n/a through 1.4.4. | 2023-12-29 | 9.6 | CVE-2023-51545 audit@patchstack.com |
wordpress -- wordpress | The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP. | 2023-12-23 | 9.8 | CVE-2023-6971 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | 2023-12-23 | 9.8 | CVE-2023-6972 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator - WordPress Two Factor Authentication - 2FA, Two Factor, OTP SMS and Email | Passwordless login. This issue affects miniOrange's Google Authenticator - WordPress Two Factor Authentication - 2FA, Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. | 2023-12-29 | 8.1 | CVE-2022-44589 audit@patchstack.com |
wordpress -- wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet. This issue affects WP Booklet: from n/a through 2.1.8. | 2023-12-29 | 8.5 | CVE-2023-22677 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons. This issue affects Product Add-Ons: from n/a through 6.1.3. | 2023-12-28 | 8.2 | CVE-2023-32795 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager. This issue affects Booking Manager: from n/a through 2.1.5. | 2023-12-28 | 8.5 | CVE-2023-50840 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin. This issue affects BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.72. | 2023-12-28 | 8.5 | CVE-2023-50841 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar. This issue affects MF Gig Calendar: from n/a through 1.2.1. | 2023-12-28 | 8.5 | CVE-2023-50842 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform. This issue affects GiveWP - Donation Plugin and Fundraising Platform: from n/a through 2.25.3. | 2023-12-28 | 7.5 | CVE-2023-32513 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown - Protect Login Form. This issue affects Login Lockdown - Protect Login Form: from n/a through 2.06. | 2023-12-29 | 7.6 | CVE-2023-50837 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms - Ultimate Form Builder - Contact forms and much more. This issue affects NEX-Forms - Ultimate Form Builder - Contact forms and much more: from n/a through 8.5.5. | 2023-12-28 | 7.6 | CVE-2023-50838 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notifications. This issue affects Clockwork SMS Notifications: from n/a through 3.0.4. | 2023-12-28 | 7.6 | CVE-2023-50843 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging - WP Mail Catcher. This issue affects Mail logging - WP Mail Catcher: from n/a through 2.1.3. | 2023-12-28 | 7.6 | CVE-2023-50844 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory - WordPress Business Directory Plugin, or Classified Directory. This issue affects GeoDirectory - WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28. | 2023-12-28 | 7.6 | CVE-2023-50845 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login. This issue affects RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. | 2023-12-28 | 7.6 | CVE-2023-50846 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce. This issue affects Welcart e-Commerce: from n/a through 2.9.3. | 2023-12-28 | 7.6 | CVE-2023-50847 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution. This issue affects 404 Solution: from n/a through 2.34.0. | 2023-12-28 | 7.6 | CVE-2023-50848 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress. This issue affects E2Pdf - Export To Pdf Tool for WordPress: from n/a through 1.20.23. | 2023-12-28 | 7.6 | CVE-2023-50849 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin. This issue affects Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin: from n/a before 1.6.6.1. | 2023-12-28 | 7.6 | CVE-2023-50851 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt. This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. | 2023-12-28 | 7.6 | CVE-2023-50852 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration - Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms. This issue affects Advanced Form Integration - Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0. | 2023-12-28 | 7.6 | CVE-2023-50853 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack. This issue affects Squirrly SEO - Advanced Pack: from n/a through 2.3.8. | 2023-12-28 | 7.6 | CVE-2023-50854 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints. This issue affects Pre* Party Resource Hints: from n/a through 1.8.18. | 2023-12-28 | 7.6 | CVE-2023-50855 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit - Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits. This issue affects Funnel Builder for WordPress by FunnelKit - Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3. | 2023-12-28 | 7.6 | CVE-2023-50856 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit. This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit: from n/a through 2.6.1. | 2023-12-28 | 7.6 | CVE-2023-50857 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS. This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1. | 2023-12-29 | 7.1 | CVE-2023-50892 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza - WordPress Website and WooCommerce Builder allows Reflected XSS. This issue affects Impreza - WordPress Website and WooCommerce Builder: from n/a through 8.17.4. | 2023-12-29 | 7.1 | CVE-2023-50893 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega - Absolute Addons For Elementor allows Reflected XSS. This issue affects HT Mega - Absolute Addons For Elementor: from n/a through 2.3.8. | 2023-12-29 | 7.1 | CVE-2023-50901 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS. This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2. | 2023-12-29 | 7.1 | CVE-2023-51373 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS. This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6. | 2023-12-28 | 7.1 | CVE-2023-51501 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE - Drag & Drop Contact Form Builder for WordPress. This issue affects WS Form LITE - Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170. | 2023-12-29 | 7.6 | CVE-2023-52135 audit@patchstack.com |
wordpress -- wordpress | The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. | 2023-12-23 | 7.2 | CVE-2023-7002 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
yaztek_software_technologies_and_computer_systems -- e-commerce_software | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-29 | 9.8 | CVE-2023-4674 iletisim@usom.gov.tr |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
advplyr -- audiobookshelf | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | 2023-12-27 | 4.3 | CVE-2023-51665 security-advisories@github.com security-advisories@github.com |
advplyr -- audiobookshelf | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | 2023-12-27 | 4.3 | CVE-2023-51697 security-advisories@github.com security-advisories@github.com |
aws -- aws-sdk-php | AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1. | 2023-12-22 | 6 | CVE-2023-51651 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available. | 2023-12-22 | 6.1 | CVE-2023-50250 security-advisories@github.com security-advisories@github.com |
cacti -- cacti | Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. | 2023-12-22 | 6.1 | CVE-2023-50569 cve@mitre.org cve@mitre.org |
cacti -- cacti | Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26. | 2023-12-22 | 5.4 | CVE-2023-49086 security-advisories@github.com |
cacti -- cacti | Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti. | 2023-12-22 | 4.8 | CVE-2023-49088 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
campcodes -- chic_beauty_salon | A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability. | 2023-12-29 | 4.7 | CVE-2023-7150 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes -- online_college_library_system | A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability. | 2023-12-30 | 4.7 | CVE-2023-7175 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes -- online_college_library_system | A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249363. | 2023-12-30 | 4.7 | CVE-2023-7176 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes -- online_college_library_system | A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249364. | 2023-12-30 | 4.7 | CVE-2023-7177 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes -- online_college_library_system | A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability. | 2023-12-30 | 4.7 | CVE-2023-7178 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes -- online_college_library_system | A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability. | 2023-12-30 | 4.7 | CVE-2023-7179 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes -- online_college_library_system | A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-30 | 4.7 | CVE-2023-7181 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
cloudflare -- wrangler | Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. | 2023-12-29 | 6.4 | CVE-2023-7079 cna@cloudflare.com cna@cloudflare.com cna@cloudflare.com |
code-projects -- automated_voting_system | A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability. | 2023-12-28 | 6.3 | CVE-2023-7126 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- automated_voting_system | A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability. | 2023-12-28 | 6.3 | CVE-2023-7127 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- automated_voting_system | A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131. | 2023-12-28 | 6.3 | CVE-2023-7128 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- client_details_system | A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140. | 2023-12-28 | 6.3 | CVE-2023-7137 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- client_details_system | A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability. | 2023-12-28 | 6.3 | CVE-2023-7138 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- client_details_system | A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249142 is the identifier assigned to this vulnerability. | 2023-12-28 | 4.3 | CVE-2023-7139 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- client_details_system | A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249143. | 2023-12-28 | 4.3 | CVE-2023-7140 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- client_details_system | A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144. | 2023-12-29 | 4.3 | CVE-2023-7141 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- client_details_system | A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability. | 2023-12-29 | 4.3 | CVE-2023-7142 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- e-commerce_site | A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument keyword with the input <video/src=x onerror=alert(document.cookie)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249096. | 2023-12-28 | 4.3 | CVE-2023-7124 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- faculty_management_system | A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744. | 2023-12-22 | 6.1 | CVE-2023-7057 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- faculty_management_system | A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743. | 2023-12-22 | 5.4 | CVE-2023-7056 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- intern_membership_management_system | A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability. | 2023-12-28 | 6.3 | CVE-2023-7131 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- point_of_sales_and_inventory_management_system | A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248846 is the identifier assigned to this vulnerability. | 2023-12-22 | 6.1 | CVE-2023-7075 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- voting_system | A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249132. | 2023-12-28 | 5.5 | CVE-2023-7129 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
concrete_cms -- concrete_cms | Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated. | 2023-12-25 | 4.3 | CVE-2023-48652 cve@mitre.org cve@mitre.org |
dell -- cpg_bios | Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. | 2023-12-22 | 6.7 | CVE-2023-39251 security_alert@emc.com |
dfir-iris -- iris-web | Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available. | 2023-12-22 | 4.6 | CVE-2023-50712 security-advisories@github.com security-advisories@github.com |
ffcss -- ffcss | ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex `[-_ .]`. The `lookupPreprocess()` can be easily bypassed with equivalent Unicode characters like U+FE4D (?), which would result in the omitted U+005F (_), for instance. The `lookupPreprocess()` function is only ever used to search for themes loosely (case insensitively, while ignoring dashes, underscores and dots), so the actual security impact is classified as low. This vulnerability is fixed in 0.2.0. There are no known workarounds. | 2023-12-28 | 5.3 | CVE-2023-52081 security-advisories@github.com security-advisories@github.com |
gopeak -- masterlab | A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147. | 2023-12-29 | 6.3 | CVE-2023-7144 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gopeak -- masterlab | A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148. | 2023-12-29 | 6.3 | CVE-2023-7145 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gopeak -- masterlab | A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. | 2023-12-29 | 6.3 | CVE-2023-7146 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gopeak -- masterlab | A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability. | 2023-12-29 | 6.3 | CVE-2023-7147 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gopeak -- masterlab | A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability. | 2023-12-29 | 4.7 | CVE-2023-7159 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gradio -- gradio | Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0. | 2023-12-22 | 5.6 | CVE-2023-51449 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
hail -- hail | Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `test@example.org`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access. | 2023-12-29 | 5.3 | CVE-2023-51663 security-advisories@github.com |
hcl_software -- hcl_launch | An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. | 2023-12-28 | 6.2 | CVE-2023-45702 psirt@hcl.com |
hcl_software -- hcl_launch | HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2023-12-28 | 4.3 | CVE-2023-45701 psirt@hcl.com |
honor -- fri-an00 | Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. | 2023-12-29 | 6.6 | CVE-2023-23426 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- honorboardapp | Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak. | 2023-12-29 | 4 | CVE-2023-23434 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- lge-an00 | Some Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause device service exceptions. | 2023-12-29 | 4 | CVE-2023-23438 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- lge-an00 | Some Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak. | 2023-12-29 | 4 | CVE-2023-23439 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 6 | CVE-2023-51429 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 4 | CVE-2023-23427 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 4 | CVE-2023-23429 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak. | 2023-12-29 | 4.6 | CVE-2023-23442 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak. | 2023-12-29 | 4.6 | CVE-2023-23443 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 4.6 | CVE-2023-51426 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 4.6 | CVE-2023-51427 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 4.6 | CVE-2023-51428 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file to overwrite the correct system file. | 2023-12-29 | 4 | CVE-2023-23435 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_ui | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 6 | CVE-2023-23441 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_ui | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 4.4 | CVE-2023-51430 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_ui | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service. | 2023-12-29 | 4 | CVE-2023-6939 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- nth-an00 | Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution | 2023-12-29 | 6.5 | CVE-2023-23424 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- nth-an00 | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file to overwrite the correct system file. | 2023-12-29 | 4 | CVE-2023-23433 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
ibm -- aix | IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963. | 2023-12-22 | 5.5 | CVE-2023-45165 psirt@us.ibm.com psirt@us.ibm.com |
instipod -- duouniversalkeycloakauthenticator | An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability. | 2023-12-23 | 4.5 | CVE-2023-49594 talos-cna@cisco.com talos-cna@cisco.com |
kylinsoft -- kylin-system-updater | A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-25 | 5.3 | CVE-2023-7093 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. | 2023-12-22 | 6.1 | CVE-2023-51704 cve@mitre.org |
metersphere -- metersphere | MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds. | 2023-12-28 | 4.3 | CVE-2023-50267 security-advisories@github.com |
micropython -- micropython | A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. | 2023-12-29 | 5.5 | CVE-2023-7152 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
moxa -- iologik_e1200 | A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. | 2023-12-23 | 6.5 | CVE-2023-5962 psirt@moxa.com |
msgpackr -- msgpackr | msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue. | 2023-12-28 | 6.8 | CVE-2023-52079 security-advisories@github.com security-advisories@github.com |
netentsec -- ns-asg_application_security_gateway | A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-25 | 5.3 | CVE-2023-7094 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nextcloud -- nextcloud | The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4-digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. | 2023-12-22 | 4.3 | CVE-2023-49790 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
nextcloud -- server/enterprise_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | 2023-12-22 | 5.4 | CVE-2023-49791 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
nextcloud -- server/enterprise_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | 2023-12-22 | 5.3 | CVE-2023-49792 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
own_health_record -- own_health_record | A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191. | 2023-12-30 | 4.3 | CVE-2018-25096 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
pandora_fms -- pandora_fms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 6.1 | CVE-2023-44089 security@pandorafms.com |
pandora_fms -- pandora_fms | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 5.9 | CVE-2023-44088 security@pandorafms.com |
pexip -- pexip_infinity | Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. | 2023-12-25 | 6.1 | CVE-2023-37225 cve@mitre.org |
pexip -- virtual_meeting_rooms | In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | 2023-12-25 | 5.3 | CVE-2023-40236 cve@mitre.org |
phpgurukul -- hospital_management_system | A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability. | 2023-12-30 | 4.3 | CVE-2023-7173 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability. | 2023-12-22 | 5.4 | CVE-2023-7054 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability. | 2023-12-22 | 5.4 | CVE-2023-7055 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- online_notes_sharing_system | A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739. | 2023-12-22 | 4.3 | CVE-2023-7052 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly -- multiple_products | A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256. | 2023-12-29 | 5.3 | CVE-2023-4463 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly -- trio_8800 | A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260. | 2023-12-29 | 6.2 | CVE-2023-4467 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly -- trio_8800/trio_c60 | A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability. | 2023-12-29 | 4.3 | CVE-2023-4468 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
pymedusa -- medusa | Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. | 2023-12-22 | 5.3 | CVE-2023-50258 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
pymedusa -- medusa | Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. | 2023-12-22 | 5.3 | CVE-2023-50259 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
red_hat -- multiple_products | A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. | 2023-12-27 | 4.7 | CVE-2023-4641 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- multiple_products | A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | 2023-12-23 | 5.9 | CVE-2023-7008 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
resque -- resque | Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=<script>alert(document.cookie)</script>" and "/queues/><img src=a onerror=alert(document.cookie)>". This issue has been patched in version 2.2.1. | 2023-12-22 | 6.3 | CVE-2023-50725 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
resque -- resque | Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /"><svg%20onload=alert(domain)>. This issue has been patched in version 2.6.0. | 2023-12-22 | 6.3 | CVE-2023-50727 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
sentry -- symbolicator | Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`. | 2023-12-22 | 4.3 | CVE-2023-51451 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
shifuml -- shifu | A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151. | 2023-12-29 | 5 | CVE-2023-7148 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
snowflakedb -- snowflake-connector-net | The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. | 2023-12-22 | 6 | CVE-2023-51662 security-advisories@github.com security-advisories@github.com |
sourcecodester -- free_and_open_source_inventory_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability. | 2023-12-29 | 6.3 | CVE-2023-7155 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- free_and_open_source_inventory_management_system | A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179. | 2023-12-29 | 6.3 | CVE-2023-7157 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- medicine_tracking_system | A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_medicine. The manipulation of the argument id/name/description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249095. | 2023-12-28 | 6.3 | CVE-2023-7123 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- medicine_tracking_system | A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249137 was assigned to this vulnerability. | 2023-12-28 | 6.3 | CVE-2023-7134 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- school_visitor_log_e-book | A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability. | 2023-12-22 | 5.4 | CVE-2023-7059 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sqlite -- sqlite3 | A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. | 2023-12-29 | 5.5 | CVE-2023-7104 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sudo -- sudo | A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. | 2023-12-23 | 6.6 | CVE-2023-7090 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
talent_software -- ecop | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS. This issue affects ECOP: before 32255. | 2023-12-28 | 6.1 | CVE-2023-4672 iletisim@usom.gov.tr |
tongda -- office_anywhere | A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-30 | 5.5 | CVE-2023-7180 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
uniway -- uw-302vp | A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlan_basic_set.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-12-24 | 4.3 | CVE-2023-7092 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
weiye-jing -- datax-web | A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249086 is the identifier assigned to this vulnerability. | 2023-12-27 | 6.3 | CVE-2023-7116 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wordpress -- wordpress | The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-12-23 | 5.4 | CVE-2020-36769 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy. This issue affects Zippy: from n/a through 1.6.5. | 2023-12-28 | 6.6 | CVE-2023-36381 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.6. | 2023-12-28 | 6.5 | CVE-2023-50859 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar - Amelia allows Stored XSS. This issue affects Booking for Appointments and Events Calendar - Amelia: from n/a through 1.0.85. | 2023-12-28 | 6.5 | CVE-2023-50860 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll - Ajax Load More allows Stored XSS. This issue affects WordPress Infinite Scroll - Ajax Load More: from n/a through 6.1.0.1. | 2023-12-28 | 6.5 | CVE-2023-50874 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS. This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. | 2023-12-29 | 6.5 | CVE-2023-50879 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS. This issue affects BuddyPress: from n/a through 11.3.1. | 2023-12-29 | 6.5 | CVE-2023-50880 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS. This issue affects Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15. | 2023-12-29 | 6.5 | CVE-2023-50881 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder - WordPress Page Builder allows Stored XSS. This issue affects Beaver Builder - WordPress Page Builder: from n/a through 2.7.2. | 2023-12-29 | 6.5 | CVE-2023-50889 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress - Zoho Forms allows Stored XSS. This issue affects Form plugin for WordPress - Zoho Forms: from n/a through 3.0.1. | 2023-12-29 | 6.5 | CVE-2023-50891 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy - Page Builder allows Stored XSS. This issue affects Brizy - Page Builder: from n/a through 2.4.29. | 2023-12-29 | 6.5 | CVE-2023-51396 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS. This issue affects WP Remote Site Search: from n/a through 1.0.4. | 2023-12-29 | 6.5 | CVE-2023-51397 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.3. | 2023-12-29 | 6.5 | CVE-2023-51399 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševi? Stock Ticker allows Stored XSS. This issue affects Stock Ticker: from n/a through 3.23.4. | 2023-12-29 | 6.5 | CVE-2023-51541 audit@patchstack.com |
wordpress -- wordpress | Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts. | 2023-12-27 | 6.4 | CVE-2023-51700 security-advisories@github.com security-advisories@github.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars. This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. | 2023-12-28 | 5.3 | CVE-2022-36399 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc. This issue affects WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4. | 2023-12-28 | 5.3 | CVE-2023-27447 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.3.28. | 2023-12-28 | 5.9 | CVE-2023-50836 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan. This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34. | 2023-12-28 | 5.4 | CVE-2023-50858 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API. This issue affects MStore API: from n/a through 4.10.1. | 2023-12-29 | 5.4 | CVE-2023-50878 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms - Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS. This issue affects weForms - Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17. | 2023-12-29 | 5.9 | CVE-2023-50896 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms. This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1. | 2023-12-29 | 5.4 | CVE-2023-51358 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS. This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: from n/a through 1.1.8. | 2023-12-29 | 5.9 | CVE-2023-51361 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS. This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9. | 2023-12-29 | 5.9 | CVE-2023-51371 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar - WordPress Notification Bar allows Stored XSS. This issue affects HashBar - WordPress Notification Bar: from n/a through 1.4.1. | 2023-12-29 | 5.9 | CVE-2023-51372 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS. This issue affects ZeroBounce Email Verification & Validation: from n/a through 1.0.11. | 2023-12-29 | 5.9 | CVE-2023-51374 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks - A Complete Gutenberg Page Builder. This issue affects Rise Blocks - A Complete Gutenberg Page Builder: from n/a through 3.1. | 2023-12-29 | 5.4 | CVE-2023-51378 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack - Powered by GPT-4. This issue affects AI Power: Complete AI Pack - Powered by GPT-4: from n/a through 1.8.2. | 2023-12-29 | 5.3 | CVE-2023-51527 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple. This issue affects Product Catalog Simple: from n/a through 1.7.6. | 2023-12-29 | 5.3 | CVE-2023-51687 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress. This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26. | 2023-12-29 | 5.3 | CVE-2023-51688 audit@patchstack.com |
wordpress -- wordpress | The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-12-23 | 5.4 | CVE-2023-6744 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955. | 2023-12-26 | 4.3 | CVE-2012-10017 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms. This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | 2023-12-29 | 4.7 | CVE-2023-31095 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit. This issue affects WP Directory Kit: from n/a through 1.1.9. | 2023-12-29 | 4.7 | CVE-2023-31229 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager. This issue affects Zephyr Project Manager: from n/a through 3.3.9. | 2023-12-29 | 4.7 | CVE-2023-31237 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer. This issue affects Library Viewer: from n/a through 2.0.6. | 2023-12-29 | 4.7 | CVE-2023-32101 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder. This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | 2023-12-29 | 4.7 | CVE-2023-32517 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages. This issue affects Add Any Extension to Pages: from n/a through 1.4. | 2023-12-28 | 4.3 | CVE-2023-50873 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve. This issue affects New User Approve: from n/a through 2.5.1. | 2023-12-29 | 4.3 | CVE-2023-50902 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin - Webba Booking. This issue affects Appointment & Event Booking Calendar Plugin - Webba Booking: from n/a through 4.5.33. | 2023-12-29 | 4.3 | CVE-2023-51354 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder. This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17. | 2023-12-29 | 4.3 | CVE-2023-51402 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form. This issue affects Calculated Fields Form: from n/a through 1.2.28. | 2023-12-29 | 4.1 | CVE-2023-51517 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. This issue affects Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. | 2023-12-29 | 4.7 | CVE-2023-51675 audit@patchstack.com |
wordpress -- wordpress | Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor. This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. | 2023-12-29 | 4.9 | CVE-2023-51676 audit@patchstack.com |
y_project -- ruoyi | A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0m<script>alert(1)</script>p86o0 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249136. | 2023-12-28 | 4.3 | CVE-2023-7133 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
yiisoft -- yii2-authclient | yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. | 2023-12-22 | 6.1 | CVE-2023-50708 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
yiisoft -- yii2-authclient | yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the `authCodeVerifier` should be removed after usage (similar to `authState`). Second, there is a risk for a `downgrade attack` if PKCE is being relied on for CSRF protection. Version 2.2.15 contains a patch for the issue. No known workarounds are available. | 2023-12-22 | 6.8 | CVE-2023-50714 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ìzmir_katip_çelebi_university -- university_information_management_system | Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal. This issue affects University Information Management System: before 30.11.2023. | 2023-12-27 | 6.5 | CVE-2023-6190 iletisim@usom.gov.tr |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
bestwebsoft -- portfolio_plugin | A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956. | 2023-12-26 | 3.5 | CVE-2014-125109 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- client_details_system | A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability. | 2023-12-29 | 2.4 | CVE-2023-7143 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- intern_membership_management_system | A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument userName/firstName/lastName/userEmail with the input "><ScRiPt>confirm(document.domain)</ScRiPt>h0la leads to cross site scripting. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249135. | 2023-12-28 | 3.5 | CVE-2023-7132 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- qr_code_generator | A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input "><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability. | 2023-12-29 | 3.5 | CVE-2023-7149 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- record_management_system | A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument officename with the input "><script src="https://js.rip/b23tmbxf49"></script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249138 is the identifier assigned to this vulnerability. | 2023-12-28 | 2.4 | CVE-2023-7135 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- record_management_system | A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the component Document Type Handler. The manipulation of the argument docname with the input "><script src="https://js.rip/b23tmbxf49"></script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249139. | 2023-12-28 | 2.4 | CVE-2023-7136 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
honor -- com.hihonor.magichome | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 3.3 | CVE-2023-23430 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- com.hihonor.vmall | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | 2023-12-29 | 3.3 | CVE-2023-23437 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- lge-an00 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2023-12-29 | 3.3 | CVE-2023-23440 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_os | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2023-12-29 | 3.3 | CVE-2023-23428 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_ui | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 3.2 | CVE-2023-51432 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
honor -- magic_ui | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 2023-12-29 | 2.9 | CVE-2023-51433 3836d913-7555-4dd0-a509-f5667fdf5fe4 |
mattermost -- mattermost | Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client. | 2023-12-29 | 3.7 | CVE-2023-7113 responsibledisclosure@mattermost.com |
myaac -- myaac | A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2]['subject']/bug[2]['text']/report['subject'] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848. | 2023-12-22 | 3.5 | CVE-2023-7076 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
nautobot -- nautobot | Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 | 2023-12-22 | 3.5 | CVE-2023-51649 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
nextcloud -- nextcloud/cloud | Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3 | 2023-12-22 | 3.5 | CVE-2023-48308 security-advisories@github.com security-advisories@github.com |
novel-plus -- novel-plus | A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability. | 2023-12-29 | 3.5 | CVE-2023-7166 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
novel-plus -- novel-plus | A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307. | 2023-12-29 | 2.4 | CVE-2023-7171 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
pandora_fms -- pandora_fms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 3 | CVE-2023-41813 security@pandorafms.com |
pandora_fms -- pandora_fms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. | 2023-12-29 | 3.7 | CVE-2023-41814 security@pandorafms.com |
poly -- multiple_products | A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255. | 2023-12-29 | 3.7 | CVE-2023-4462 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly -- multiple_products | A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability. | 2023-12-29 | 2.7 | CVE-2023-4465 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
poly -- multiple_products | A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259. | 2023-12-29 | 2.7 | CVE-2023-4466 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability. | 2023-12-29 | 2.4 | CVE-2023-7160 cna@vuldb.com cna@vuldb.com |
w3c -- online-spellchecker-py | A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability. | 2023-12-23 | 3.1 | CVE-2014-125108 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
winter_cms -- winter_cms | Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4. | 2023-12-29 | 3.3 | CVE-2023-52085 security-advisories@github.com security-advisories@github.com |
winter_cms -- winter_cms | Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a stored XSS attack. This issue has been patched in v1.2.4. | 2023-12-28 | 2 | CVE-2023-52083 security-advisories@github.com security-advisories@github.com |
winter_cms -- winter_cms | Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patched in v1.2.4. | 2023-12-28 | 2 | CVE-2023-52084 security-advisories@github.com security-advisories@github.com |
wordpress -- wordpress | A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability. | 2023-12-26 | 3.5 | CVE-2015-10127 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wordpress -- wordpress | Missing Authorization vulnerability in Anders Thorborg. This issue affects Anders Thorborg: from n/a through 1.4.12. | 2023-12-29 | 3.1 | CVE-2023-22676 audit@patchstack.com |
wordpress -- wordpress | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security - Password, Two Factor Authentication, and Brute Force Protection. This issue affects Solid Security - Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. | 2023-12-29 | 3.7 | CVE-2023-28786 audit@patchstack.com |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3cx -- 3cx | The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. | 2023-12-25 | not yet calculated | CVE-2023-49954 cve@mitre.org |
alfasado_inc. -- powercms | PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. | 2023-12-26 | not yet calculated | CVE-2023-49117 vultures@jpcert.or.jp vultures@jpcert.or.jp |
alfasado_inc. -- powercms | Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. | 2023-12-26 | not yet calculated | CVE-2023-50297 vultures@jpcert.or.jp vultures@jpcert.or.jp |
apache -- dolphinscheduler | Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue. | 2023-12-30 | not yet calculated | CVE-2023-49299 security@apache.org security@apache.org |
apache -- ofbiz | Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue. | 2023-12-26 | not yet calculated | CVE-2023-50968 security@apache.org security@apache.org security@apache.org security@apache.org security@apache.org security@apache.org |
apache -- ofbiz | The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) | 2023-12-26 | not yet calculated | CVE-2023-51467 security@apache.org security@apache.org security@apache.org security@apache.org security@apache.org security@apache.org security@apache.org |
apache -- openoffice | Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502. | 2023-12-29 | not yet calculated | CVE-2023-47804 security@apache.org security@apache.org |
array -- arrayos_ag | MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected. | 2023-12-22 | not yet calculated | CVE-2023-51707 cve@mitre.org |
arris_solutions,_inc. -- dg860a/dg1670a | Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.) | 2023-12-27 | not yet calculated | CVE-2023-40038 cve@mitre.org cve@mitre.org |
artistscope -- artisbrowser | An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. | 2023-12-27 | not yet calculated | CVE-2023-49000 cve@mitre.org cve@mitre.org |
asp.net_zero -- asp.net_zero | An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages. | 2023-12-26 | not yet calculated | CVE-2023-48003 cve@mitre.org cve@mitre.org |
barracuda_networks_inc. -- barracuda_esg_appliance | Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection. This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. | 2023-12-24 | not yet calculated | CVE-2023-7102 mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com |
bees_blog -- bees_blog | The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. | 2023-12-30 | not yet calculated | CVE-2023-52264 cve@mitre.org cve@mitre.org cve@mitre.org |
bentley_systems -- assetwise_integrity_information_server | Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25. | 2023-12-22 | not yet calculated | CVE-2023-51708 cve@mitre.org |
beyondtrust_corporation -- privilege_management_for_windows | The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. | 2023-12-25 | not yet calculated | CVE-2023-49944 cve@mitre.org cve@mitre.org |
brave_browser -- brave_browser | Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. | 2023-12-30 | not yet calculated | CVE-2023-52263 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
brother_industries,_ltd. -- iprint&scan_desktop_for_windows | Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC. | 2023-12-26 | not yet calculated | CVE-2023-51654 vultures@jpcert.or.jp |
buffalo_inc. -- vr-s1000 | VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. | 2023-12-26 | not yet calculated | CVE-2023-45741 vultures@jpcert.or.jp vultures@jpcert.or.jp |
buffalo_inc. -- vr-s1000 | Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command. | 2023-12-26 | not yet calculated | CVE-2023-46681 vultures@jpcert.or.jp vultures@jpcert.or.jp |
buffalo_inc. -- vr-s1000 | VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | 2023-12-26 | not yet calculated | CVE-2023-46711 vultures@jpcert.or.jp vultures@jpcert.or.jp |
buffalo_inc. -- vr-s1000 | VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information. | 2023-12-26 | not yet calculated | CVE-2023-51363 vultures@jpcert.or.jp vultures@jpcert.or.jp |
buildkite -- elastic_ci_for_aws | A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | 2023-12-22 | not yet calculated | CVE-2023-43116 cve@mitre.org |
buildkite -- elastic_ci_for_aws | A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | 2023-12-22 | not yet calculated | CVE-2023-43741 cve@mitre.org |
com.sdjictec.qdmetro -- com.sdjictec.qdmetro | An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. | 2023-12-28 | not yet calculated | CVE-2023-51010 cve@mitre.org |
documize_inc. -- documize | SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | 2023-12-29 | not yet calculated | CVE-2023-23634 cve@mitre.org |
easy-rules-mvel -- easy-rules-mvel | easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. | 2023-12-29 | not yet calculated | CVE-2023-50571 cve@mitre.org |
exim -- exim | Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. | 2023-12-24 | not yet calculated | CVE-2023-51766 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
filerun -- filerun | FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | 2023-12-22 | not yet calculated | CVE-2022-47532 cve@mitre.org |
flask-security-too -- flask-security-too | An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | 2023-12-26 | not yet calculated | CVE-2023-49438 cve@mitre.org cve@mitre.org |
follet_learning_solutions -- destiny_suite | A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString. | 2023-12-25 | not yet calculated | CVE-2023-38826 cve@mitre.org cve@mitre.org |
fortanix -- enclaveos_confidential_computing_manager | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer. | 2023-12-30 | not yet calculated | CVE-2023-38021 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
fortanix -- enclaveos_confidential_computing_manager | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user. | 2023-12-30 | not yet calculated | CVE-2023-38022 cve@mitre.org cve@mitre.org |
free5gc -- free5gc | An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. | 2023-12-22 | not yet calculated | CVE-2023-49391 cve@mitre.org |
gl.inet -- multiple_products | Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. | 2023-12-28 | not yet calculated | CVE-2023-50445 cve@mitre.org |
grupo_embras -- geosiap_erp | Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. | 2023-12-30 | not yet calculated | CVE-2023-50589 cve@mitre.org cve@mitre.org cve@mitre.org |
hutool-core -- hutool-core | hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters. | 2023-12-27 | not yet calculated | CVE-2023-51075 cve@mitre.org |
hutool-core -- hutool-core | The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. | 2023-12-27 | not yet calculated | CVE-2023-51080 cve@mitre.org |
hyavijava -- hyavijava | hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. | 2023-12-27 | not yet calculated | CVE-2023-51084 cve@mitre.org |
idurar-erp-crm -- idurar-erp-crm | IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. | 2023-12-30 | not yet calculated | CVE-2023-52265 cve@mitre.org cve@mitre.org |
ilias_e-learning -- ilias_e-learning | The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 2023-12-25 | not yet calculated | CVE-2023-36485 cve@mitre.org cve@mitre.org cve@mitre.org |
ilias_e-learning -- ilias_e-learning | The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 2023-12-25 | not yet calculated | CVE-2023-36486 cve@mitre.org cve@mitre.org cve@mitre.org |
indi_browser/kvbrowser -- indi_browser/kvbrowser | An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. | 2023-12-27 | not yet calculated | CVE-2023-49001 cve@mitre.org cve@mitre.org |
ipaddressbitsdivision -- ipaddressbitsdivision | An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. | 2023-12-29 | not yet calculated | CVE-2023-50570 cve@mitre.org |
jamf_pro_server -- jamf_pro_server | There is broken access control during authentication in Jamf Pro Server before 10.46.1. | 2023-12-25 | not yet calculated | CVE-2023-31224 cve@mitre.org |
jeecgboot -- jeecgboot | SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. | 2023-12-30 | not yet calculated | CVE-2023-41542 cve@mitre.org |
jeecgboot -- jeecgboot | SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. | 2023-12-30 | not yet calculated | CVE-2023-41543 cve@mitre.org cve@mitre.org |
jeecgboot -- jeecgboot | SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. | 2023-12-30 | not yet calculated | CVE-2023-41544 cve@mitre.org |
jizhicms -- jizhicms | File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | 2023-12-28 | not yet calculated | CVE-2023-50692 cve@mitre.org |
jline-groovy -- jline-groovy | An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | 2023-12-29 | not yet calculated | CVE-2023-50572 cve@mitre.org |
json-path -- json-path | json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. | 2023-12-27 | not yet calculated | CVE-2023-51074 cve@mitre.org |
kami_vision -- yi_iot | The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. | 2023-12-27 | not yet calculated | CVE-2023-47882 cve@mitre.org cve@mitre.org |
kantega_sso -- kantega_saml | The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.) | 2023-12-29 | not yet calculated | CVE-2023-52240 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
layui -- layui | layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. | 2023-12-30 | not yet calculated | CVE-2023-50550 cve@mitre.org |
little_backup_box -- little_backup_box | outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. | 2023-12-30 | not yet calculated | CVE-2023-52262 cve@mitre.org cve@mitre.org |
logobee -- logobee | LogoBee 0.2 allows updates.php?id= XSS. | 2023-12-30 | not yet calculated | CVE-2023-52257 cve@mitre.org |
microhttpserver -- microhttpserver | In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI. | 2023-12-25 | not yet calculated | CVE-2023-51771 cve@mitre.org cve@mitre.org |
mingsoft -- mcms | Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. | 2023-12-30 | not yet calculated | CVE-2023-50578 cve@mitre.org |
multiple_vendors -- multiple_products | Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate. | 2023-12-22 | not yet calculated | CVE-2023-24609 cve@mitre.org cve@mitre.org |
mupdf -- mupdf | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c. | 2023-12-26 | not yet calculated | CVE-2023-51103 cve@mitre.org |
mupdf -- mupdf | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c line 527. | 2023-12-26 | not yet calculated | CVE-2023-51104 cve@mitre.org |
mupdf -- mupdf | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c. | 2023-12-26 | not yet calculated | CVE-2023-51105 cve@mitre.org |
mupdf -- mupdf | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c. | 2023-12-26 | not yet calculated | CVE-2023-51106 cve@mitre.org |
mupdf -- mupdf | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c. | 2023-12-26 | not yet calculated | CVE-2023-51107 cve@mitre.org |
mupnp_for_c -- mupnp_for_c | mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. | 2023-12-28 | not yet calculated | CVE-2023-52152 cve@mitre.org |
mvel2 -- mvel2 | A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final. | 2023-12-27 | not yet calculated | CVE-2023-51079 cve@mitre.org |
ncp_engineering_inc. -- secure_enterprise_client | Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | 2023-12-25 | not yet calculated | CVE-2023-28872 cve@mitre.org |
nokia -- nfm-t_r19.9 | In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system. | 2023-12-25 | not yet calculated | CVE-2022-39818 cve@mitre.org |
nokia -- nfm-t_r19.9 | In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. | 2023-12-25 | not yet calculated | CVE-2022-39820 cve@mitre.org |
nokia -- nfm-t_r19.9 | In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. | 2023-12-25 | not yet calculated | CVE-2022-39822 cve@mitre.org |
nokia -- nfm-t_r19.9 | An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files. | 2023-12-25 | not yet calculated | CVE-2022-41760 cve@mitre.org |
nokia -- nfm-t_r19.9 | An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files. | 2023-12-25 | not yet calculated | CVE-2022-41761 cve@mitre.org |
nokia -- nfm-t_r19.9 | An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. | 2023-12-25 | not yet calculated | CVE-2022-41762 cve@mitre.org |
nokia -- nfm-t_r19.9 | An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters. | 2023-12-25 | not yet calculated | CVE-2022-43675 cve@mitre.org |
ocpp-jaxb -- ocpp-jaxb | SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications and may undermine the integrity of transaction records. | 2023-12-26 | not yet calculated | CVE-2023-52096 cve@mitre.org cve@mitre.org cve@mitre.org |
one_identity -- password_manager | One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. | 2023-12-25 | not yet calculated | CVE-2023-48654 cve@mitre.org cve@mitre.org |
one_identity -- password_manager | One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. | 2023-12-25 | not yet calculated | CVE-2023-51772 cve@mitre.org cve@mitre.org |
opencrx -- opencrx | openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. | 2023-12-26 | not yet calculated | CVE-2023-27150 cve@mitre.org cve@mitre.org |
opennds -- opennds | OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. | 2023-12-25 | not yet calculated | CVE-2023-38321 cve@mitre.org cve@mitre.org cve@mitre.org |
openssh -- openssh | OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. | 2023-12-24 | not yet calculated | CVE-2023-51767 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
passwork -- passwork | Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. | 2023-12-26 | not yet calculated | CVE-2023-49949 cve@mitre.org cve@mitre.org |
peplink -- balance_two | An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root. | 2023-12-25 | not yet calculated | CVE-2023-49226 cve@mitre.org cve@mitre.org |
peplink -- balance_two | An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. | 2023-12-28 | not yet calculated | CVE-2023-49228 cve@mitre.org cve@mitre.org |
peplink -- balance_two | An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only unprivileged users to obtain sensitive information about the device configuration. | 2023-12-28 | not yet calculated | CVE-2023-49229 cve@mitre.org cve@mitre.org |
peplink -- balance_two | An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. | 2023-12-28 | not yet calculated | CVE-2023-49230 cve@mitre.org cve@mitre.org |
perl_spreadsheet::parseexcel -- perl_spreadsheet::parseexcel | Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. | 2023-12-24 | not yet calculated | CVE-2023-7101 mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com mandiant-cve@google.com |
phpgurukul -- small_crm | PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. | 2023-12-29 | not yet calculated | CVE-2023-50035 cve@mitre.org |
postfix -- postfix | Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required: the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9. | 2023-12-24 | not yet calculated | CVE-2023-51764 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
prestashop -- prestashop | SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file. | 2023-12-28 | not yet calculated | CVE-2023-46989 cve@mitre.org |
proftpd -- proftpd | make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. | 2023-12-22 | not yet calculated | CVE-2023-51713 cve@mitre.org cve@mitre.org cve@mitre.org |
qt -- qt | An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. | 2023-12-24 | not yet calculated | CVE-2023-51714 cve@mitre.org cve@mitre.org |
resumable_js -- resumable_js | resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.) | 2023-12-26 | not yet calculated | CVE-2023-52086 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
ruby_on_rails -- ruby_on_rails | In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | 2023-12-28 | not yet calculated | CVE-2023-50448 cve@mitre.org cve@mitre.org |
ruby_on_rails -- ruby_on_rails | csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. | 2023-12-24 | not yet calculated | CVE-2023-51763 cve@mitre.org cve@mitre.org cve@mitre.org |
rws -- worldserver | An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. | 2023-12-25 | not yet calculated | CVE-2022-34267 cve@mitre.org cve@mitre.org |
rws -- worldserver | An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. | 2023-12-25 | not yet calculated | CVE-2022-34268 cve@mitre.org cve@mitre.org |
scone -- scone | A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information. | 2023-12-30 | not yet calculated | CVE-2022-46486 cve@mitre.org cve@mitre.org cve@mitre.org |
scone -- scone | Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. | 2023-12-30 | not yet calculated | CVE-2022-46487 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
scone -- scone | An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak." | 2023-12-30 | not yet calculated | CVE-2023-38023 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
seacms -- seacms | SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | 2023-12-28 | not yet calculated | CVE-2023-46987 cve@mitre.org cve@mitre.org cve@mitre.org |
seacms -- seacms | A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-12-28 | not yet calculated | CVE-2023-50470 cve@mitre.org cve@mitre.org cve@mitre.org |
sendmail -- sendmail | sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. | 2023-12-24 | not yet calculated | CVE-2023-51765 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
sesami_io -- sesami_io | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | 2023-12-29 | not yet calculated | CVE-2023-31292 cve@mitre.org |
sesami_io -- sesami_io | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. | 2023-12-29 | not yet calculated | CVE-2023-31293 cve@mitre.org |
sesami_io -- sesami_io | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | 2023-12-29 | not yet calculated | CVE-2023-31294 cve@mitre.org |
sesami_io -- sesami_io | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | 2023-12-29 | not yet calculated | CVE-2023-31295 cve@mitre.org |
sesami_io -- sesami_io | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | 2023-12-29 | not yet calculated | CVE-2023-31296 cve@mitre.org |
sesami_io -- sesami_io | An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client. | 2023-12-25 | not yet calculated | CVE-2023-31297 cve@mitre.org cve@mitre.org |
sesami_io -- sesami_io | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. | 2023-12-29 | not yet calculated | CVE-2023-31298 cve@mitre.org |
sesami_io -- sesami_io | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. | 2023-12-29 | not yet calculated | CVE-2023-31299 cve@mitre.org |
sesami_io -- sesami_io | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. | 2023-12-29 | not yet calculated | CVE-2023-31300 cve@mitre.org |
sesami_io -- sesami_io | Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. | 2023-12-29 | not yet calculated | CVE-2023-31301 cve@mitre.org |
sesami_io -- sesami_io | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. | 2023-12-29 | not yet calculated | CVE-2023-31302 cve@mitre.org |
shaarli -- shaarli | Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function. | 2023-12-28 | not yet calculated | CVE-2023-49469 cve@mitre.org cve@mitre.org |
shenzhen_tcl_new_technology_co.,_limited -- tv_web_browser | An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. | 2023-12-27 | not yet calculated | CVE-2023-43481 cve@mitre.org |
simple_http_server/simple_http_server_plus -- simple_http_server/simple_http_server_plus | Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission. | 2023-12-27 | not yet calculated | CVE-2023-46919 cve@mitre.org |
simple_http_server_plus -- simple_http_server_plus | Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device. | 2023-12-27 | not yet calculated | CVE-2023-46918 cve@mitre.org |
simplemobiletools -- simple_dialer | An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. | 2023-12-27 | not yet calculated | CVE-2023-49003 cve@mitre.org cve@mitre.org |
sourcecodester -- customer_support_system | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. | 2023-12-29 | not yet calculated | CVE-2023-50070 cve@mitre.org cve@mitre.org |
sourcecodester -- customer_support_system | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. | 2023-12-29 | not yet calculated | CVE-2023-50071 cve@mitre.org cve@mitre.org |
stormshield_network_security -- stormshield_network_security | An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. | 2023-12-26 | not yet calculated | CVE-2023-28616 cve@mitre.org |
stormshield_network_security -- stormshield_network_security | An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible. | 2023-12-25 | not yet calculated | CVE-2023-47091 cve@mitre.org cve@mitre.org |
sudo -- sudo | Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | 2023-12-22 | not yet calculated | CVE-2023-42465 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
sysaid_on-premise -- sysaid_on-premise | In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. | 2023-12-25 | not yet calculated | CVE-2023-47247 cve@mitre.org |
testlink -- testlink | TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. | 2023-12-30 | not yet calculated | CVE-2023-50110 cve@mitre.org |
textpattern_cms -- textpattern_cms | There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. | 2023-12-28 | not yet calculated | CVE-2023-50038 cve@mitre.org cve@mitre.org |
thirty_bees -- thirty_bees | A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling. | 2023-12-22 | not yet calculated | CVE-2023-45957 cve@mitre.org cve@mitre.org cve@mitre.org |
totolink -- ex1200l | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | 2023-12-22 | not yet calculated | CVE-2023-51034 cve@mitre.org |
totolink -- ex1200l | TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | 2023-12-22 | not yet calculated | CVE-2023-51035 cve@mitre.org |
totolink -- x2000r_gh | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | 2023-12-30 | not yet calculated | CVE-2023-51133 cve@mitre.org cve@mitre.org |
totolink -- x2000r_gh | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | 2023-12-30 | not yet calculated | CVE-2023-51135 cve@mitre.org cve@mitre.org |
totolink -- x2000r_gh | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | 2023-12-30 | not yet calculated | CVE-2023-51136 cve@mitre.org cve@mitre.org |
totolink -- x6000r | TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | 2023-12-30 | not yet calculated | CVE-2023-50651 cve@mitre.org cve@mitre.org |
tp-link -- tapo | Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | 2023-12-28 | not yet calculated | CVE-2023-34829 cve@mitre.org |
tv_bro_application -- tv_bro_application | The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. | 2023-12-27 | not yet calculated | CVE-2023-43955 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
tv_browser_application_for_android -- tv_browser_application_for_android | The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. | 2023-12-27 | not yet calculated | CVE-2023-47883 cve@mitre.org cve@mitre.org cve@mitre.org |
typo3 -- typo3 | In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. | 2023-12-25 | not yet calculated | CVE-2023-30451 cve@mitre.org |
unified_remote -- unified_remote | Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. | 2023-12-30 | not yet calculated | CVE-2023-52252 cve@mitre.org cve@mitre.org |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-42436 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-45737 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-45740 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention. | 2023-12-26 | not yet calculated | CVE-2023-46699 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-47215 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-49119 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-49598 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-49779 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-49807 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-50175 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page. | 2023-12-26 | not yet calculated | CVE-2023-50294 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention. | 2023-12-26 | not yet calculated | CVE-2023-50332 vultures@jpcert.or.jp vultures@jpcert.or.jp |
weseek,_inc. -- growi | Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | 2023-12-26 | not yet calculated | CVE-2023-50339 vultures@jpcert.or.jp vultures@jpcert.or.jp |
wiremock -- wiremock | WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized. | 2023-12-29 | not yet calculated | CVE-2023-50069 cve@mitre.org |
wolters_kluwer -- b.point | On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module. | 2023-12-25 | not yet calculated | CVE-2023-49328 cve@mitre.org |
wordpress -- wordpress | The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. | 2023-12-26 | not yet calculated | CVE-2023-5203 contact@wpscan.com |
wordpress -- wordpress | The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. | 2023-12-26 | not yet calculated | CVE-2023-5644 contact@wpscan.com |
wordpress -- wordpress | The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | 2023-12-26 | not yet calculated | CVE-2023-5645 contact@wpscan.com |
wordpress -- wordpress | The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. | 2023-12-26 | not yet calculated | CVE-2023-5672 contact@wpscan.com |
wordpress -- wordpress | The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. | 2023-12-26 | not yet calculated | CVE-2023-5673 contact@wpscan.com |
wordpress -- wordpress | The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | 2023-12-26 | not yet calculated | CVE-2023-5674 contact@wpscan.com |
wordpress -- wordpress | The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server. | 2023-12-26 | not yet calculated | CVE-2023-5931 contact@wpscan.com |
wordpress -- wordpress | The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. | 2023-12-26 | not yet calculated | CVE-2023-5939 contact@wpscan.com |
wordpress -- wordpress | The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-12-26 | not yet calculated | CVE-2023-5980 contact@wpscan.com |
wordpress -- wordpress | The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorization checks, allowing unauthenticated users to download and delete arbitrary files on the server. | 2023-12-26 | not yet calculated | CVE-2023-5991 contact@wpscan.com |
wordpress -- wordpress | The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. | 2023-12-26 | not yet calculated | CVE-2023-6114 contact@wpscan.com contact@wpscan.com |
wordpress -- wordpress | The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. | 2023-12-26 | not yet calculated | CVE-2023-6155 contact@wpscan.com |
wordpress -- wordpress | The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 2023-12-26 | not yet calculated | CVE-2023-6166 contact@wpscan.com |
wordpress -- wordpress | The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | 2023-12-26 | not yet calculated | CVE-2023-6250 contact@wpscan.com |
wordpress -- wordpress | The JSON Content Importer WordPress plugin before 1.5.4 does not sanitize and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-12-26 | not yet calculated | CVE-2023-6268 contact@wpscan.com |
xenom_technologies -- phone_dialer-voice_call_dialer | An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity. | 2023-12-27 | not yet calculated | CVE-2023-49002 cve@mitre.org cve@mitre.org |
xiangshan -- xiangshan | An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | 2023-12-30 | not yet calculated | CVE-2023-50559 cve@mitre.org cve@mitre.org |
xnview -- classic_for_windows | XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. | 2023-12-29 | not yet calculated | CVE-2023-52173 cve@mitre.org cve@mitre.org |
xnview -- classic_for_windows | XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. | 2023-12-29 | not yet calculated | CVE-2023-52174 cve@mitre.org cve@mitre.org |
youloft_holding_group_co. -- perpetual_calendar | An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors. | 2023-12-28 | not yet calculated | CVE-2023-51006 cve@mitre.org |
zzcms -- zzcms | ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. | 2023-12-29 | not yet calculated | CVE-2023-50104 cve@mitre.org |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.