Vulnerability Summary for the Week of November 20, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 7.8 | CVE-2023-47066 |
adobe -- after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 7.8 | CVE-2023-47067 |
adobe -- after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 7.8 | CVE-2023-47068 |
adobe -- after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 7.8 | CVE-2023-47069 |
adobe -- after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 7.8 | CVE-2023-47070 |
adobe -- after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 7.8 | CVE-2023-47073 |
code-projects -- simple_crud_functionality | SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. | 2023-11-17 | 9.8 | CVE-2023-48078 |
concrete_cms -- concrete_cms | Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. | 2023-11-17 | 9.8 | CVE-2023-48648
|
corebos -- corebos | Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. | 2023-11-17 | 8 | CVE-2023-48029 |
cubecart -- cubecart | Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | 2023-11-17 | 8.1 | CVE-2023-38130 |
cubecart -- cubecart | CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 2023-11-17 | 7.2 | CVE-2023-47675 |
dreamer_cms -- dreamer_cms | Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | 2023-11-18 | 8.8 | CVE-2023-48017 |
getsimplecms -- getsimplecms | A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735. | 2023-11-17 | 9.8 | CVE-2023-6188
|
git-urls -- git-urls | git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package. | 2023-11-18 | 7.5 | CVE-2023-46402 |
honeywell -- prowatch | Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | 2023-11-17 | 7.8 | CVE-2023-6179 |
kodcloud -- kodbox | kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | 2023-11-18 | 9.8 | CVE-2023-48028 |
liblisp -- liblisp | Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c | 2023-11-17 | 8.1 | CVE-2023-48025 |
librenms -- librenms | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-17 | 7.5 | CVE-2023-46745 |
luxsoft -- luxcal_web_calendar | SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request and obtain or alter information stored in the database. | 2023-11-20 | 9.8 | CVE-2023-46700
|
medart_health_services -- medart_notification_panel | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection. This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-23 | 9.8 | CVE-2023-3631 |
misp -- malware_information_sharing_platform | An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. | 2023-11-17 | 9.8 | CVE-2023-48655 |
misp -- malware_information_sharing_platform | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. | 2023-11-17 | 9.8 | CVE-2023-48656 |
misp -- malware_information_sharing_platform | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. | 2023-11-17 | 9.8 | CVE-2023-48657 |
misp -- malware_information_sharing_platform | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. | 2023-11-17 | 9.8 | CVE-2023-48658 |
misp -- malware_information_sharing_platform | An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. | 2023-11-17 | 9.8 | CVE-2023-48659 |
nec -- clusterpro_x/expresscluster_x | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | 8.8 | CVE-2023-39544 |
nec -- clusterpro_x/expresscluster_x | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | 8.8 | CVE-2023-39545 |
nec -- clusterpro_x/expresscluster_x | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | 8.8 | CVE-2023-39546 |
nec -- clusterpro_x/expresscluster_x | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | 8.8 | CVE-2023-39547 |
nec -- clusterpro_x/expresscluster_x | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | 8.8 | CVE-2023-39548 |
neutron -- ip_camera | Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1. | 2023-11-23 | 7.5 | CVE-2023-6118 |
openharmony -- openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. | 2023-11-20 | 7.8 | CVE-2023-43612 |
openharmony -- openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. | 2023-11-20 | 7.8 | CVE-2023-6045 |
openharmony -- openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker to get confidential information or rewrite sensitive file through incorrect default permissions. | 2023-11-20 | 7.1 | CVE-2023-3116 |
opennds -- captive_portal | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. | 2023-11-17 | 9.8 | CVE-2023-38316 |
opennds -- captive_portal | An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated and can be triggered only when the BinAuth option is set. | 2023-11-17 | 7.5 | CVE-2023-38313 |
opennds -- captive_portal | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). | 2023-11-17 | 7.5 | CVE-2023-38315 |
opennds -- captive_portal | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). | 2023-11-17 | 7.5 | CVE-2023-38320 |
opennds -- captive_portal | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated and can be triggered only when the BinAuth option is set. | 2023-11-17 | 7.5 | CVE-2023-38322 |
opennds -- opennds | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution). | 2023-11-17 | 9.8 | CVE-2023-41101 |
opennds -- opennds | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. | 2023-11-17 | 7.5 | CVE-2023-41102 |
opensupports -- opensupports | OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation. | 2023-11-17 | 9.8 | CVE-2023-48031 |
prestashop -- prestashop | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` | 2023-11-17 | 9.8 | CVE-2023-45387 |
prestashop -- prestashop | In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | 2023-11-17 | 7.5 | CVE-2023-45382 |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) attack | 2023-11-20 | 7.5 | CVE-2023-48109 |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) attack | 2023-11-20 | 7.5 | CVE-2023-48110 |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) attack | 2023-11-20 | 7.5 | CVE-2023-48111 |
veribilim_software_computer -- veribase | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection. This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-23 | 9.8 | CVE-2023-3377 |
wordpress -- wordpress | The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. | 2023-11-18 | 9.8 | CVE-2023-4214
|
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions. | 2023-11-22 | 8.8 | CVE-2023-26535 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? - MSHOP MY SITE. This issue affects ???? ????? - MSHOP MY SITE: from n/a through 1.1.6. | 2023-11-18 | 8.8 | CVE-2023-47243 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite. This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2. | 2023-11-18 | 8.8 | CVE-2023-47519 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode. This issue affects Droit Dark Mode: from n/a through 1.1.2. | 2023-11-18 | 8.8 | CVE-2023-47531 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy - Smart Donations. This issue affects Donations Made Easy - Smart Donations: from n/a through 4.0.12. | 2023-11-18 | 8.8 | CVE-2023-47551 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects - WordPress Plugin. This issue affects Image Hover Effects - WordPress Plugin: from n/a through 5.5. | 2023-11-18 | 8.8 | CVE-2023-47552 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin. This issue affects UserHeat Plugin: from n/a through 1.1.6. | 2023-11-18 | 8.8 | CVE-2023-47553 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher. This issue affects Device Theme Switcher: from n/a through 3.0.2. | 2023-11-18 | 8.8 | CVE-2023-47556 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid - User Profiles, Memberships, Groups and Communities. This issue affects ProfileGrid - User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. | 2023-11-18 | 8.8 | CVE-2023-47644 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo. This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1. | 2023-11-18 | 8.8 | CVE-2023-47649 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords. This issue affects Plainview Protect Passwords: from n/a through 1.4. | 2023-11-18 | 8.8 | CVE-2023-47664 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets. This issue affects Code Snippets: from n/a through 3.5.0. | 2023-11-18 | 8.8 | CVE-2023-47666 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free. This issue affects WP Full Stripe Free: from n/a through 1.6.1. | 2023-11-18 | 8.8 | CVE-2023-47667 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS. This issue affects Korea SNS: from n/a through 1.6.3. | 2023-11-18 | 8.8 | CVE-2023-47670 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent. This issue affects Vertical scroll recent post: from n/a through 14.0. | 2023-11-18 | 8.8 | CVE-2023-47671 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget. This issue affects WP Category Post List Widget: from n/a through 2.0.3. | 2023-11-18 | 8.8 | CVE-2023-47672 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix. This issue affects Preloader Matrix: from n/a through 2.0.1. | 2023-11-18 | 8.8 | CVE-2023-47685 |
wordpress -- wordpress | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber - Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery. This issue affects AWeber - Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9. | 2023-11-17 | 8.8 | CVE-2023-47757 |
wordpress -- wordpress | The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2023-11-20 | 8.8 | CVE-2023-4824 |
wordpress -- wordpress | The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings. | 2023-11-18 | 8.8 | CVE-2023-6187
|
wordpress -- wordpress | The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-20 | 8.8 | CVE-2023-6196 |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 5.5 | CVE-2023-47071 |
adobe -- animate | Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 5.5 | CVE-2023-44325 |
adobe -- coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-11-17 | 6.1 | CVE-2023-44352 |
adobe -- dimension | Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 5.5 | CVE-2023-44326 |
bell -- home_hub_3000_firmware | An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page. | 2023-11-17 | 6.1 | CVE-2020-11448 |
bell -- home_hub_3000_firmware | An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device. | 2023-11-17 | 4.3 | CVE-2020-11447 |
color -- demoiccmax | In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read. | 2023-11-18 | 6.5 | CVE-2023-48736 |
concrete_cms -- concrete_cms | Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name. | 2023-11-17 | 5.4 | CVE-2023-48649
|
cubecart -- cubecart | Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. | 2023-11-17 | 6.5 | CVE-2023-42428 |
cubecart -- cubecart | Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | 2023-11-17 | 4.9 | CVE-2023-47283 |
dassault -- 3dswymer_3dexperience_2022 | Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code. | 2023-11-21 | 5.4 | CVE-2023-5598 |
dassault -- 3dswymer_3dexperience_2022 | A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code. | 2023-11-21 | 5.4 | CVE-2023-5599 |
eyoucms -- eyoucms | eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. | 2023-11-21 | 5.4 | CVE-2023-46935 |
howerj -- liblisp | Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c | 2023-11-17 | 6.5 | CVE-2023-48024 |
kc_group -- e-commerce_software | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KC Group E-Commerce Software allows Reflected XSS. This issue affects E-Commerce Software: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-23 | 6.1 | CVE-2023-4406 |
librenms -- librenms | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-17 | 5.4 | CVE-2023-48295
|
liferay -- liferay_portal | Reflected cross-site scripting (XSS) vulnerability on a content page's edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter. | 2023-11-17 | 6.1 | CVE-2023-47797 |
limesurvey -- limesurvey | Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | 2023-11-18 | 5.4 | CVE-2023-44796
|
luxsoft -- luxcal_web_calendar | Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product. | 2023-11-20 | 6.1 | CVE-2023-47175
|
next-auth -- next-auth | NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does not give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). `next-auth` `v4.24.5` contains a patch for the vulnerability. As a workaround, using a custom authorization callback for Middleware, developers can manually do a basic authentication. | 2023-11-20 | 5.3 | CVE-2023-48309
|
opencrx -- opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. | 2023-11-18 | 6.1 | CVE-2023-40809 |
opencrx -- opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. | 2023-11-18 | 6.1 | CVE-2023-40810 |
opencrx -- opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. | 2023-11-18 | 6.1 | CVE-2023-40812 |
opencrx -- opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. | 2023-11-18 | 6.1 | CVE-2023-40813 |
opencrx -- opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. | 2023-11-18 | 6.1 | CVE-2023-40814 |
opencrx -- opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. | 2023-11-18 | 6.1 | CVE-2023-40815 |
opencrx -- opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. | 2023-11-18 | 6.1 | CVE-2023-40816 |
opencrx -- opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. | 2023-11-18 | 6.1 | CVE-2023-40817 |
openharmony -- openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. | 2023-11-20 | 5.5 | CVE-2023-42774 |
openharmony -- openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. | 2023-11-20 | 5.5 | CVE-2023-46100 |
openharmony -- openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. | 2023-11-20 | 5.5 | CVE-2023-46705 |
openharmony -- openharmony | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow. | 2023-11-20 | 5.5 | CVE-2023-47217 |
opennds -- captive_portal | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). | 2023-11-17 | 6.5 | CVE-2023-38314 |
opennds -- captive_portal | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default). | 2023-11-17 | 5.3 | CVE-2023-38324 |
wordpress -- wordpress | The Bonus for Woo WordPress plugin before 5.8.3 does not sanitize and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-11-20 | 6.1 | CVE-2023-5140 |
wordpress -- wordpress | The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-11-20 | 5.4 | CVE-2023-4799 |
wordpress -- wordpress | The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue. | 2023-11-20 | 5.4 | CVE-2023-48300
|
wordpress -- wordpress | The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audio_merchant_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-20 | 5.4 | CVE-2023-6197 |
wordpress -- wordpress | The PubyDoc WordPress plugin through 2.0.6 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2023-11-20 | 4.8 | CVE-2023-4970 |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | 3.3 | CVE-2023-47072 |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
admidio -- admidio | Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). | 2023-11-22 | not yet calculated | CVE-2023-47380
|
adobe -- coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-26347 |
adobe -- coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44350 |
adobe -- coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44351 |
adobe -- coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44353 |
adobe -- coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44355 |
adobe -- css-tools | @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges. | 2023-11-17 | not yet calculated | CVE-2023-26364 |
adobe -- framemaker | Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44324 |
adobe -- robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by a low-privileged authenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22268 |
adobe -- robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22272 |
adobe -- robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22273 |
adobe -- robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22274 |
adobe -- robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22275 |
angular -- dom-sanitizer | DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions. | 2023-11-22 | not yet calculated | CVE-2023-49146 |
apache -- apache_dolphinscheduler | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. | 2023-11-24 | not yet calculated | CVE-2023-48796 |
apache -- apache_storm | On unix-like systems, the temporary directory is shared between all users. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information. File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. This affects the class https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 and was introduced by https://issues.apache.org/jira/browse/STORM-3123 In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring is set to false, but its value is true by default. Moreover, the temporary file gets deleted soon after its creation. The solution is to use Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) instead. We recommend that all users upgrade to the latest version of Apache Storm. | 2023-11-23 | not yet calculated | CVE-2023-43123 |
apache -- apache_submarine | Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests (using application/yaml content-type), it defines a YamlEntityProvider entity provider that will process all incoming YAML requests. In order to unmarshal the request, the readFrom method is invoked, passing the entityStream containing the user-supplied data in `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`. We have now fixed this issue in the new version by replacing to `jackson-dataformat-yaml`. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. Users are recommended to upgrade to version 0.8.0, which fixes this issue. If using the version smaller than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1054 and rebuild the submart-server image to fix this. | 2023-11-20 | not yet calculated | CVE-2023-46302
|
apache -- apache_derby | A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8. | 2023-11-20 | not yet calculated | CVE-2022-46337 |
apache -- apache_submarine | Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this. | 2023-11-22 | not yet calculated | CVE-2023-37924
|
atlassian -- bamboo_data_center | This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121+ should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html) Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program | 2023-11-21 | not yet calculated | CVE-2023-22516 |
atlassian -- crowd_data_center | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crowd Data Center and Server 3.4: Upgrade to a release greater than or equal to 5.1.6 Crowd Data Center and Server 5.2: Upgrade to a release greater than or equal to 5.2.1 See the release notes ([https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]). You can download the latest version of Crowd Data Center and Server from the download center ([https://www.atlassian.com/software/crowd/download-archive]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program | 2023-11-21 | not yet calculated | CVE-2023-22521 |
authentik -- authentik | authentik is an open-source identity provider. When initializing an oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (authentik) must check if there is a matching and existing `code_verifier` during the token step. Prior to versions 2023.10.4 and 2023.8.5, authentik checks if the contents of `code_verifier` is matching only when it is provided. When it is left out completely, authentik simply accepts the token request without it; even when the flow was started with a `code_challenge`. authentik 2023.8.5 and 2023.10.4 fix this issue. | 2023-11-21 | not yet calculated | CVE-2023-48228
|
autodesk -- autocad,_advance_steel_and_civil_3d | A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2023-11-23 | not yet calculated | CVE-2023-29073 |
autodesk -- autocad,_advance_steel_and_civil_3d | A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2023-11-23 | not yet calculated | CVE-2023-29074 |
autodesk -- autocad,_advance_steel_and_civil_3d | A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2023-11-23 | not yet calculated | CVE-2023-29075 |
autodesk -- autocad,_advance_steel_and_civil_3d | A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | 2023-11-23 | not yet calculated | CVE-2023-29076 |
autodesk -- autocad,_advance_steel_and_civil_3d | A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | 2023-11-23 | not yet calculated | CVE-2023-41139 |
autodesk -- autocad,_advance_steel_and_civil_3d | A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2023-11-23 | not yet calculated | CVE-2023-41140 |
autodesk -- customer_portal | Autodesk users who no longer have an active license for an account can still access cases for that account. | 2023-11-22 | not yet calculated | CVE-2023-41145 |
autodesk -- customer_portal | Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account. | 2023-11-22 | not yet calculated | CVE-2023-41146 |
autodesk -- desktop_connector | A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability. | 2023-11-22 | not yet calculated | CVE-2023-29069 |
axis_communications_ab -- axis_os | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2023-11-21 | not yet calculated | CVE-2023-21416 |
axis_communications_ab -- axis_os | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2023-11-21 | not yet calculated | CVE-2023-21417 |
axis_communications_ab -- axis_os | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2023-11-21 | not yet calculated | CVE-2023-21418 |
axis_communications_ab -- axis_os | During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2023-11-21 | not yet calculated | CVE-2023-5553 |
bookstack -- bookstack | Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF. | 2023-11-20 | not yet calculated | CVE-2023-6199 |
botanik_software -- pharmacy_automation | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data. This issue affects Pharmacy Automation: before 2.1.133.0. | 2023-11-22 | not yet calculated | CVE-2023-5983 |
bouncy_castle -- bouncy_castle | Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial-of-service attack. | 2023-11-23 | not yet calculated | CVE-2023-33202 |
bvrp_software -- slmail | Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file. | 2023-11-23 | not yet calculated | CVE-2023-4593 |
bvrp_software -- slmail | Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file. | 2023-11-23 | not yet calculated | CVE-2023-4594 |
bvrp_software -- slmail | An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca. | 2023-11-23 | not yet calculated | CVE-2023-4595 |
bytecode_alliance -- wasm-micro-runtime | A heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. | 2023-11-22 | not yet calculated | CVE-2023-48105
|
byzoro -- smart_s80_firmware | A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-24 | not yet calculated | CVE-2023-6274
|
capnproto -- capnproto | Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled, likely resulting in a crash, enabling a remote denial-of-service attack. Most Cap'n Proto and KJ users are unlikely to have this functionality enabled and so unlikely to be affected. Maintainers suspect only the Cloudflare Workers Runtime is affected. If KJ HTTP is used with WebSocket compression enabled, a malicious peer may be able to cause a buffer underrun on a heap-allocated buffer. KJ HTTP is an optional library bundled with Cap'n Proto but is not directly used by Cap'n Proto. WebSocket compression is disabled by default. It must be enabled via a setting passed to the KJ HTTP library via `HttpClientSettings` or `HttpServerSettings`. The bytes written out-of-bounds are always a specific constant 4-byte string `{ 0x00, 0x00, 0xFF, 0xFF }`. Because this string is not controlled by the attacker, maintainers believe it is unlikely that remote code execution is possible. However, it cannot be ruled out. This functionality first appeared in Cap'n Proto 1.0. Previous versions are not affected. This issue is fixed in Cap'n Proto 1.0.1.1. | 2023-11-21 | not yet calculated | CVE-2023-48230
|
capsule-proxy -- capsule-proxy | capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade. | 2023-11-24 | not yet calculated | CVE-2023-48312 |
chameleon_power -- chameleon_power | Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files. | 2023-11-22 | not yet calculated | CVE-2023-6252 |
checkmk -- checkmk | Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | 2023-11-22 | not yet calculated | CVE-2023-6156 |
checkmk -- checkmk | Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | 2023-11-22 | not yet calculated | CVE-2023-6157 |
checkmk -- checkmk | Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | 2023-11-24 | not yet calculated | CVE-2023-6251 |
cisco -- cisco_appdynamics | A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device. | 2023-11-21 | not yet calculated | CVE-2023-20274 |
cisco -- cisco_identity_services_engine_software | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device. | 2023-11-21 | not yet calculated | CVE-2023-20208 |
cisco -- cisco_identity_services_engine_software | A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information. | 2023-11-21 | not yet calculated | CVE-2023-20272 |
cisco -- cisco_secure_client | Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system. | 2023-11-22 | not yet calculated | CVE-2023-20240 |
cisco -- cisco_secure_client | Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system. | 2023-11-22 | not yet calculated | CVE-2023-20241 |
cisco -- cisco_secure_endpoint | A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled. | 2023-11-22 | not yet calculated | CVE-2023-20084 |
clickhouse -- clickhouse | An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. | 2023-11-23 | not yet calculated | CVE-2022-44010 |
clickhouse -- clickhouse | An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. | 2023-11-23 | not yet calculated | CVE-2022-44011 |
codeigniter4 -- shield | CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-24 | not yet calculated | CVE-2023-48707 |
codeigniter4 -- shield | CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table, they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files. | 2023-11-24 | not yet calculated | CVE-2023-48708
|
dece_software -- geodi | Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396. | 2023-11-22 | not yet calculated | CVE-2023-5921 |
dece_software -- geodi | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS. This issue affects Geodi: before 8.0.0.27396. | 2023-11-22 | not yet calculated | CVE-2023-6011 |
dell -- dell_command_configure | Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation. | 2023-11-23 | not yet calculated | CVE-2023-43086 |
dell -- dell_command_configure | Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | 2023-11-23 | not yet calculated | CVE-2023-44289 |
dell -- dell_command_monitor | Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | 2023-11-23 | not yet calculated | CVE-2023-44290 |
dell -- dell_os_recovery_tool | Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | 2023-11-23 | not yet calculated | CVE-2023-39253 |
dell -- powerprotect_agent_for_file_system | PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files. | 2023-11-22 | not yet calculated | CVE-2023-43081 |
dell -- rvtools | RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. | 2023-11-24 | not yet calculated | CVE-2023-44303 |
dell -- unity | Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate. | 2023-11-22 | not yet calculated | CVE-2023-43082 |
dev_blog -- dev_blog | Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim. | 2023-11-21 | not yet calculated | CVE-2023-6142 |
dev_blog -- dev_blog | Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username. | 2023-11-21 | not yet calculated | CVE-2023-6144 |
devolutions -- server | Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints. | 2023-11-22 | not yet calculated | CVE-2023-6264 |
digital_communications_technologies -- syrus4_iot_telematics_gateway | The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts ) | 2023-11-21 | not yet calculated | CVE-2023-6248 |
draytek -- vigor2960 | Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported. | 2023-11-22 | not yet calculated | CVE-2023-6265 |
drd_fleet_leasing -- drdrive | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006. | 2023-11-22 | not yet calculated | CVE-2023-5047 |
duet_display -- duet_display_for_windows | An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code. | 2023-11-21 | not yet calculated | CVE-2023-6235 |
dzslides -- dzslides | Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload. | 2023-11-20 | not yet calculated | CVE-2023-47417 |
elastic -- elastic_apm_.net_agent | The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent. | 2023-11-22 | not yet calculated | CVE-2021-22143 |
elastic -- elastic_apm_java_agent | A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to. | 2023-11-22 | not yet calculated | CVE-2021-37942 |
elastic -- elasticsearch | An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user. | 2023-11-22 | not yet calculated | CVE-2021-37937 |
elastic -- elasticsearch | It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. | 2023-11-22 | not yet calculated | CVE-2023-46673 |
elastic -- kibana | It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server. | 2023-11-22 | not yet calculated | CVE-2021-22150 |
elastic -- kibana | It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. | 2023-11-22 | not yet calculated | CVE-2021-22151 |
elastic -- kibana | Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content. | 2023-11-22 | not yet calculated | CVE-2021-22142 |
fastbots -- fastbots | fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it is executed, and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above. | 2023-11-21 | not yet calculated | CVE-2023-48699
|
fortra -- digital_guardian_agent | A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. | 2023-11-22 | not yet calculated | CVE-2023-6253 |
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. -- tellus_lite | Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially crafted input file. | 2023-11-22 | not yet calculated | CVE-2023-35127 |
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. -- tellus_lite | When Fuji Electric Tellus Lite V-Simulator parses a specially crafted input file an out of bounds write may occur. | 2023-11-22 | not yet calculated | CVE-2023-40152 |
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. -- tellus_lite | A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. | 2023-11-22 | not yet calculated | CVE-2023-5299 |
giflib -- giflib | Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c | 2023-11-22 | not yet calculated | CVE-2023-48161 |
glewlwyd_sso_server -- glewlwyd_sso_server | scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration. | 2023-11-23 | not yet calculated | CVE-2023-49208 |
gpac -- gpac | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. | 2023-11-20 | not yet calculated | CVE-2023-48039 |
gpac -- gpac | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. | 2023-11-20 | not yet calculated | CVE-2023-48090 |
headwind_mdm -- headwind_mdm | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries. | 2023-11-22 | not yet calculated | CVE-2023-47312 |
headwind_mdm -- headwind_mdm | Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. | 2023-11-22 | not yet calculated | CVE-2023-47313 |
headwind_mdm -- headwind_mdm | Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (XSS) via Uncontrolled File Upload. | 2023-11-22 | not yet calculated | CVE-2023-47314 |
headwind_mdm -- headwind_mdm | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. | 2023-11-22 | not yet calculated | CVE-2023-47315 |
headwind_mdm -- headwind_mdm | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls. | 2023-11-22 | not yet calculated | CVE-2023-47316 |
hikvision -- ids-exxhuh | There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. | 2023-11-23 | not yet calculated | CVE-2023-28811 |
hikvision -- localservicecomponents | There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. | 2023-11-23 | not yet calculated | CVE-2023-28812 |
hikvision -- localservicecomponents | An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. | 2023-11-23 | not yet calculated | CVE-2023-28813 |
ibm -- cics_tx_advanced | IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. | 2023-11-18 | not yet calculated | CVE-2023-38361 |
ibm -- cloud_pak_for_security | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665. | 2023-11-22 | not yet calculated | CVE-2022-36777 |
ibm -- qradar_wincollect_agent | IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551. | 2023-11-23 | not yet calculated | CVE-2021-39008 |
ibm -- qradar_wincollect_agent | IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. | 2023-11-24 | not yet calculated | CVE-2023-26279 |
ibm -- sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824. | 2023-11-22 | not yet calculated | CVE-2022-35638 |
ibm -- sterling_b2b_integrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034. | 2023-11-22 | not yet calculated | CVE-2023-25682 |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332. | 2023-11-18 | not yet calculated | CVE-2023-40363 |
imagemagick -- imagemagick | A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | 2023-11-19 | not yet calculated | CVE-2023-5341
|
inea -- me_rtu | Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system. | 2023-11-20 | not yet calculated | CVE-2023-29155 |
inea -- me_rtu | Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. | 2023-11-20 | not yet calculated | CVE-2023-35762 |
ip_infusion -- zebos | The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute. | 2023-11-21 | not yet calculated | CVE-2023-45886
|
ironman_software -- powershell_universal | The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1. | 2023-11-23 | not yet calculated | CVE-2023-49213 |
jeecg-boot -- jeecg-boot | Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | 2023-11-22 | not yet calculated | CVE-2023-47467 |
libde265 -- libde265 | Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. | 2023-11-22 | not yet calculated | CVE-2023-43887 |
libtiff -- libtiff | An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. | 2023-11-24 | not yet calculated | CVE-2023-6277
|
linux -- kernel | A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system. | 2023-11-23 | not yet calculated | CVE-2023-5972
|
linux -- kernel | A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption. | 2023-11-21 | not yet calculated | CVE-2023-6238 |
m-files -- m-files_server | A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks. | 2023-11-22 | not yet calculated | CVE-2023-6117 |
m-files -- m-files_server | Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods. | 2023-11-22 | not yet calculated | CVE-2023-6189 |
mercedes-benz -- mercedes_me_app_for_ios | An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request. | 2023-11-22 | not yet calculated | CVE-2023-47392 |
mercedes-benz -- mercedes_me_app_for_ios | An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors. | 2023-11-22 | not yet calculated | CVE-2023-47393 |
meshery -- meshery | A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter. | 2023-11-24 | not yet calculated | CVE-2023-46575
|
microsoft -- powershell | PowerShell Information Disclosure Vulnerability | 2023-11-20 | not yet calculated | CVE-2023-36013 |
mondula_gmbh -- multi_step_form | Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions. | 2023-11-22 | not yet calculated | CVE-2023-47758 |
mozilla -- firefox | When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. | 2023-11-21 | not yet calculated | CVE-2023-6210 |
mozilla -- firefox | If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120. | 2023-11-21 | not yet calculated | CVE-2023-6211 |
mozilla -- firefox | Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. | 2023-11-21 | not yet calculated | CVE-2023-6213 |
mozilla -- firefox_for_ios | An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. | 2023-11-21 | not yet calculated | CVE-2023-49060 |
mozilla -- firefox_for_ios | An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. | 2023-11-21 | not yet calculated | CVE-2023-49061 |
mozilla -- multiple_products | On some systems-depending on the graphics settings and drivers-it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | 2023-11-21 | not yet calculated | CVE-2023-6204
|
mozilla -- multiple_products | It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | 2023-11-21 | not yet calculated | CVE-2023-6205
|
mozilla -- multiple_products | The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | 2023-11-21 | not yet calculated | CVE-2023-6206
|
mozilla -- multiple_products | Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | 2023-11-21 | not yet calculated | CVE-2023-6207
|
mozilla -- multiple_products | When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected. * This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | 2023-11-21 | not yet calculated | CVE-2023-6208
|
mozilla -- multiple_products | Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | 2023-11-21 | not yet calculated | CVE-2023-6209
|
mozilla -- multiple_products | Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | 2023-11-21 | not yet calculated | CVE-2023-6212
|
mprivacy-tools -- mprivacy-tools | In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack. | 2023-11-22 | not yet calculated | CVE-2023-47250
|
mprivacy-tools -- mprivacy-tools | In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. | 2023-11-22 | not yet calculated | CVE-2023-47251
|
nautobot -- nautobot | The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials. | 2023-11-21 | not yet calculated | CVE-2023-48700 |
nautobot -- nautobot | Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available. | 2023-11-22 | not yet calculated | CVE-2023-48705
|
nc3-lu -- testingplatform | TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue. | 2023-11-20 | not yet calculated | CVE-2023-48310
|
nearform -- fast-jwt | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header. Applications using the RS256 algorithm, a public key with a `BEGIN RSA PUBLIC KEY` header, and calling the verify function without explicitly providing an algorithm, are vulnerable to this algorithm confusion attack which allows attackers to sign arbitrary payloads which will be accepted by the verifier. Version 3.3.2 contains a patch for this issue. As a workaround, change line 29 of `blob/master/src/crypto.js` to include a regular expression. | 2023-11-20 | not yet calculated | CVE-2023-48223
|
network_optix -- nxcloud | An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server. | 2023-11-22 | not yet calculated | CVE-2023-6263 |
nextcloud -- nextcloud_mail | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app. | 2023-11-21 | not yet calculated | CVE-2023-48307
|
nextcloud -- nextcloud_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. | 2023-11-21 | not yet calculated | CVE-2023-48239
|
nextcloud -- nextcloud_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles. | 2023-11-21 | not yet calculated | CVE-2023-48301
|
nextcloud -- nextcloud_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text. | 2023-11-21 | not yet calculated | CVE-2023-48302
|
nextcloud -- nextcloud_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available. | 2023-11-21 | not yet calculated | CVE-2023-48303
|
nextcloud -- nextcloud_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available. | 2023-11-21 | not yet calculated | CVE-2023-48304
|
nextcloud -- nextcloud_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in plaintext into the log file. If the log file was then leaked or shared in any way the users' passwords would be leaked. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. As a workaround, change config setting `loglevel` to `1` or higher (should always be higher than 1 in production environments). | 2023-11-21 | not yet calculated | CVE-2023-48305
|
nextcloud -- nextcloud_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available. | 2023-11-21 | not yet calculated | CVE-2023-48306
|
node -- node | The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js | 2023-11-23 | not yet calculated | CVE-2023-30581 |
nzbget -- nzbget | NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2023-11-22 | not yet calculated | CVE-2023-49102 |
openreplay -- openreplay | OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really sent from OpenReplay, but bad actors can add their HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - cannot type there but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available. | 2023-11-21 | not yet calculated | CVE-2023-48226
|
openssl -- openssl | The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2023-11-23 | not yet calculated | CVE-2023-49210
|
openzfs -- openzfs | OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. | 2023-11-24 | not yet calculated | CVE-2023-49298
|
os4ed -- opensis_classic_community_edition | The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'. | 2023-11-20 | not yet calculated | CVE-2023-38879
|
os4ed -- opensis_classic_community_edition | The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sq|" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes. | 2023-11-20 | not yet calculated | CVE-2023-38880
|
os4ed -- opensis_classic_community_edition | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'. | 2023-11-20 | not yet calculated | CVE-2023-38881
|
os4ed -- opensis_classic_community_edition | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php' | 2023-11-20 | not yet calculated | CVE-2023-38882
|
os4ed -- opensis_classic_community_edition | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'. | 2023-11-20 | not yet calculated | CVE-2023-38883
|
os4ed -- opensis_classic_community_edition | An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' | 2023-11-20 | not yet calculated | CVE-2023-38884
|
os4ed -- opensis_classic_community_edition | OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request. | 2023-11-20 | not yet calculated | CVE-2023-38885
|
owncloud -- owncloud | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure. | 2023-11-21 | not yet calculated | CVE-2023-49103 |
owncloud -- owncloud | An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. | 2023-11-21 | not yet calculated | CVE-2023-49104 |
owncloud -- owncloud | An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0. | 2023-11-21 | not yet calculated | CVE-2023-49105 |
pandora_fms -- pandora_fms | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772. | 2023-11-23 | not yet calculated | CVE-2023-41786 |
pandora_fms -- pandora_fms | Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. | 2023-11-23 | not yet calculated | CVE-2023-41787 |
pandora_fms -- pandora_fms | Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41788 |
pandora_fms -- pandora_fms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41789 |
pandora_fms -- pandora_fms | Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41790 |
pandora_fms -- pandora_fms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41791 |
pandora_fms -- pandora_fms | Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41792 |
pandora_fms -- pandora_fms | Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41806 |
pandora_fms -- pandora_fms | Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41807 |
pandora_fms -- pandora_fms | Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorized user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41808 |
pandora_fms -- pandora_fms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41810 |
pandora_fms -- pandora_fms | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41811 |
pandora_fms -- pandora_fms | Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773. | 2023-11-23 | not yet calculated | CVE-2023-41812 |
pandora_fms -- pandora_fms | Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772. | 2023-11-23 | not yet calculated | CVE-2023-4677 |
prestashop -- prestashop | In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-11-22 | not yet calculated | CVE-2023-45377 |
prestashop -- prestashop | In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-11-22 | not yet calculated | CVE-2023-46357 |
publiccms -- publiccms | Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. | 2023-11-20 | not yet calculated | CVE-2023-46990 |
pytorch -- serve | TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them. TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability. | 2023-11-21 | not yet calculated | CVE-2023-48299
|
radare2 -- radare2 | radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h. | 2023-11-22 | not yet calculated | CVE-2023-47016
|
red_lion_controls -- st-ipm-8460 | When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge. | 2023-11-21 | not yet calculated | CVE-2023-40151 |
red_lion_controls -- st-ipm-8460 | Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge. | 2023-11-21 | not yet calculated | CVE-2023-42770 |
salesagility -- suitecrm-core | SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds. | 2023-11-21 | not yet calculated | CVE-2023-47643
|
sequelize-typescript -- sequelize-typescript | Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. | 2023-11-24 | not yet calculated | CVE-2023-6293 |
siemens -- jt2go | The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2023-11-21 | not yet calculated | CVE-2021-38405 |
sourcecodester -- sticky_notes_app | A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php. | 2023-11-22 | not yet calculated | CVE-2023-47014 |
sourcecodester -- sup_online_shopping | Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component. | 2023-11-21 | not yet calculated | CVE-2023-48124 |
statamic_cms -- statamic_cms | Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 and 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0. | 2023-11-21 | not yet calculated | CVE-2023-48701
|
strapi -- strapi | The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has been patched in version 1.3.4. There are no known workarounds. | 2023-11-20 | not yet calculated | CVE-2023-48218
|
swiftyedit -- swiftyedit | SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to Cross Site Request Forgery (CSRF). | 2023-11-22 | not yet calculated | CVE-2023-47350 |
sysaid -- sysaid | SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | 2023-11-24 | not yet calculated | CVE-2023-33706 |
tenable -- nessus | An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial-of-service condition. | 2023-11-20 | not yet calculated | CVE-2023-6062 |
tenable -- nessus_agent | An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial-of-service condition. | 2023-11-20 | not yet calculated | CVE-2023-6178 |
tenda -- multiple_products | Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. | 2023-11-20 | not yet calculated | CVE-2023-38823 |
texas_instruments -- cc32xx | Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution. | 2023-11-20 | not yet calculated | CVE-2021-22636 |
texas_instruments -- cc32xx | Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution. | 2023-11-20 | not yet calculated | CVE-2021-27429 |
texas_instruments -- cc32xx | Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution. | 2023-11-21 | not yet calculated | CVE-2021-27502 |
texas_instruments -- cc32xx | Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution. | 2023-11-21 | not yet calculated | CVE-2021-27504 |
tongda -- tongda_oa | A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability. | 2023-11-24 | not yet calculated | CVE-2023-6276
|
totolink -- a3700r | An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. | 2023-11-20 | not yet calculated | CVE-2023-48192
|
totvs_s.a. -- fluig_platform | A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246104. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-24 | not yet calculated | CVE-2023-6275 |
unitree_robotics -- a1 | Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition. | 2023-11-22 | not yet calculated | CVE-2023-3103 |
unitree_robotics -- a1 | Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication. | 2023-11-22 | not yet calculated | CVE-2023-3104 |
upydev -- upydev | An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. | 2023-11-20 | not yet calculated | CVE-2023-48051 |
usedesk -- usedesk | Usedesk before 1.7.57 allows chat template injection. | 2023-11-23 | not yet calculated | CVE-2023-49214 |
usedesk -- usedesk | Usedesk before 1.7.57 allows filter reflected XSS. | 2023-11-23 | not yet calculated | CVE-2023-49215 |
usedesk -- usedesk | Usedesk before 1.7.57 allows profile stored XSS. | 2023-11-23 | not yet calculated | CVE-2023-49216 |
veon_computer -- service_tracking_software | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection. This issue affects Service Tracking Software: through 20231122. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-22 | not yet calculated | CVE-2023-2889 |
videolan -- vlc_media_player | A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | 2023-11-22 | not yet calculated | CVE-2023-46814 |
vim -- vim | Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. | 2023-11-22 | not yet calculated | CVE-2023-48706
|
wago -- compact_controller_100 | Wago web-based management of multiple products has a vulnerability which allows a local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. | 2023-11-20 | not yet calculated | CVE-2023-3379 |
wago -- industrial_managed_switch | A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management. | 2023-11-21 | not yet calculated | CVE-2023-4149 |
warp-tech -- warpgate | Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-24 | not yet calculated | CVE-2023-48712 |
websiteguide -- websiteguide | An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). | 2023-11-20 | not yet calculated | CVE-2023-48176 |
wireapp -- wire-avs | wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available. | 2023-11-20 | not yet calculated | CVE-2023-48221 |
withsecure -- multiple_products | Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later. | 2023-11-20 | not yet calculated | CVE-2023-47172 |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions. | 2023-11-23 | not yet calculated | CVE-2023-23978 |
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability. | 2023-11-22 | not yet calculated | CVE-2023-2437
|
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-22 | not yet calculated | CVE-2023-2438 |
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-22 | not yet calculated | CVE-2023-2440 |
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. | 2023-11-22 | not yet calculated | CVE-2023-2446
|
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-22 | not yet calculated | CVE-2023-2447 |
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode. | 2023-11-22 | not yet calculated | CVE-2023-2448
|
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability. | 2023-11-22 | not yet calculated | CVE-2023-2449
|
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-22 | not yet calculated | CVE-2023-2497 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips. This issue affects WordPress Tooltips: from n/a through 8.2.5. | 2023-11-18 | not yet calculated | CVE-2023-25985 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen - Ancienne version plugin <= 4.10.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-25986 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uroševi My YouTube Channel plugin <= 3.23.3 versions. | 2023-11-22 | not yet calculated | CVE-2023-25987 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions. | 2023-11-22 | not yet calculated | CVE-2023-26532 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions. | 2023-11-22 | not yet calculated | CVE-2023-26542 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-27442 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions. | 2023-11-22 | not yet calculated | CVE-2023-27444 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions. | 2023-11-22 | not yet calculated | CVE-2023-27446 |
wordpress -- wordpress | Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-27451 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions. | 2023-11-22 | not yet calculated | CVE-2023-27453 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions. | 2023-11-22 | not yet calculated | CVE-2023-27457 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions. | 2023-11-22 | not yet calculated | CVE-2023-27458 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions. | 2023-11-22 | not yet calculated | CVE-2023-27461 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify - Intuitive Website Styling plugin <= 2.10.4 versions. | 2023-11-22 | not yet calculated | CVE-2023-27633 |
wordpress -- wordpress | The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-11-22 | not yet calculated | CVE-2023-2841
|
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions. | 2023-11-22 | not yet calculated | CVE-2023-28747 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | 2023-11-22 | not yet calculated | CVE-2023-28749 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium. This issue affects Yoast Local Premium: from n/a through 14.8. | 2023-11-18 | not yet calculated | CVE-2023-28780 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions. | 2023-11-22 | not yet calculated | CVE-2023-30496 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login. This issue affects Easy Hide Login: from n/a through 1.0.8. | 2023-11-18 | not yet calculated | CVE-2023-31075 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator. This issue affects Video XML Sitemap Generator: from n/a through 1.0.0. | 2023-11-18 | not yet calculated | CVE-2023-31089 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro. This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8. | 2023-11-18 | not yet calculated | CVE-2023-32245 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat. This issue affects Wise Chat: from n/a through 3.1.3. | 2023-11-18 | not yet calculated | CVE-2023-32504 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag. This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2. | 2023-11-18 | not yet calculated | CVE-2023-32514 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions. | 2023-11-22 | not yet calculated | CVE-2023-39925 |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions. | 2023-11-23 | not yet calculated | CVE-2023-40002 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Patreon WordPress. This issue affects Patreon WordPress: from n/a through 1.8.6. | 2023-11-18 | not yet calculated | CVE-2023-41129 |
wordpress -- wordpress | The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries. | 2023-11-22 | not yet calculated | CVE-2023-4686
|
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend. This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8. | 2023-11-23 | not yet calculated | CVE-2023-47244 |
wordpress -- wordpress | The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-11-22 | not yet calculated | CVE-2023-4726 |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection. This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2. | 2023-11-23 | not yet calculated | CVE-2023-47529 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar. This issue affects Add Local Avatar: from n/a through 12.1. | 2023-11-18 | not yet calculated | CVE-2023-47650 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page. This issue affects WP Links Page: from n/a through 4.9.4. | 2023-11-18 | not yet calculated | CVE-2023-47651 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara. This issue affects ANAC XML Bandi di Gara: from n/a through 7.5. | 2023-11-18 | not yet calculated | CVE-2023-47655 |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin - Restrict Content plugin <= 3.2.7 versions. | 2023-11-23 | not yet calculated | CVE-2023-47668 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions. | 2023-11-22 | not yet calculated | CVE-2023-47755 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty plugin <= 3.1.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-47759 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. | 2023-11-22 | not yet calculated | CVE-2023-47765 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions. | 2023-11-22 | not yet calculated | CVE-2023-47766 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions. | 2023-11-22 | not yet calculated | CVE-2023-47767 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions. | 2023-11-22 | not yet calculated | CVE-2023-47768 |
wordpress -- wordpress | Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14. | 2023-11-20 | not yet calculated | CVE-2023-47772 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-47773 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments - wpDiscuz plugin <= 7.6.11 versions. | 2023-11-22 | not yet calculated | CVE-2023-47775 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder <= 3.24.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-47781 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions. | 2023-11-22 | not yet calculated | CVE-2023-47785 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LayerSlider plugin <= 7.7.9 versions. | 2023-11-22 | not yet calculated | CVE-2023-47786 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions. | 2023-11-23 | not yet calculated | CVE-2023-47790 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-47791 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads - Increase Maximum File Upload Size plugin <= 2.1.1 versions. | 2023-11-22 | not yet calculated | CVE-2023-47792 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christina Uechi Add Widgets to Page plugin <= 1.3.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-47808 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <= 2.6 versions. | 2023-11-22 | not yet calculated | CVE-2023-47809 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asdqwe Dev Ajax Domain Checker plugin <= 1.3.0 versions. | 2023-11-22 | not yet calculated | CVE-2023-47810 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <= 1.0.5 versions. | 2023-11-22 | not yet calculated | CVE-2023-47811 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns plugin <= 1.6.1 versions. | 2023-11-22 | not yet calculated | CVE-2023-47812 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Better RSS Widget plugin <= 2.8.1 versions. | 2023-11-22 | not yet calculated | CVE-2023-47813 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Waterloo Plugins BMI Calculator Plugin plugin <= 1.0.3 versions. | 2023-11-22 | not yet calculated | CVE-2023-47814 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra plugin <= 2.5.2 versions. | 2023-11-22 | not yet calculated | CVE-2023-47815 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions. | 2023-11-22 | not yet calculated | CVE-2023-47816 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.10.13 versions. | 2023-11-22 | not yet calculated | CVE-2023-47817 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin <= 1.1.0 versions. | 2023-11-22 | not yet calculated | CVE-2023-47819 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jannis Thuemmig Email Encoder plugin <= 2.1.8 versions. | 2023-11-22 | not yet calculated | CVE-2023-47821 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages - Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions. | 2023-11-22 | not yet calculated | CVE-2023-47824 |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions. | 2023-11-22 | not yet calculated | CVE-2023-47825 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codez Quick Call Button plugin <= 1.2.9 versions. | 2023-11-22 | not yet calculated | CVE-2023-47829 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in assorted[chips] DrawIt (draw.Io) plugin <= 1.1.3 versions. | 2023-11-22 | not yet calculated | CVE-2023-47831 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <= 0.18.3 versions. | 2023-11-23 | not yet calculated | CVE-2023-47833 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions. | 2023-11-23 | not yet calculated | CVE-2023-47834 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz - WordPress Quizzes Builder plugin <= 1.2.32 versions. | 2023-11-23 | not yet calculated | CVE-2023-47835 |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. | 2023-11-23 | not yet calculated | CVE-2023-47839 |
wordpress -- wordpress | The WP Post Popup WordPress plugin through 3.7.3 does not sanitize and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-11-20 | not yet calculated | CVE-2023-4808 |
wordpress -- wordpress | The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5096 |
wordpress -- wordpress | The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5128
|
wordpress -- wordpress | The Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'woo-related' shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5234
|
wordpress -- wordpress | The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5338 |
wordpress -- wordpress | The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. | 2023-11-20 | not yet calculated | CVE-2023-5340 |
wordpress -- wordpress | The Popup box WordPress plugin before 3.7.9 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2023-11-20 | not yet calculated | CVE-2023-5343 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-22 | not yet calculated | CVE-2023-5382 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-22 | not yet calculated | CVE-2023-5383 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts. | 2023-11-22 | not yet calculated | CVE-2023-5385 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin. | 2023-11-22 | not yet calculated | CVE-2023-5386 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable the dark mode plugin setting. | 2023-11-22 | not yet calculated | CVE-2023-5387 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function. | 2023-11-22 | not yet calculated | CVE-2023-5411 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories. | 2023-11-22 | not yet calculated | CVE-2023-5415 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories. | 2023-11-22 | not yet calculated | CVE-2023-5416 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID. | 2023-11-22 | not yet calculated | CVE-2023-5417 |
wordpress -- wordpress | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to send test emails to an arbitrary email address. | 2023-11-22 | not yet calculated | CVE-2023-5419 |
wordpress -- wordpress | The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-11-22 | not yet calculated | CVE-2023-5465
|
wordpress -- wordpress | The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-11-22 | not yet calculated | CVE-2023-5466
|
wordpress -- wordpress | The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5469
|
wordpress -- wordpress | The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. | 2023-11-20 | not yet calculated | CVE-2023-5509 |
wordpress -- wordpress | The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-22 | not yet calculated | CVE-2023-5537
|
wordpress -- wordpress | The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-11-20 | not yet calculated | CVE-2023-5609 |
wordpress -- wordpress | The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | 2023-11-20 | not yet calculated | CVE-2023-5610 |
wordpress -- wordpress | The Article Analytics WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. | 2023-11-20 | not yet calculated | CVE-2023-5640 |
wordpress -- wordpress | The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorization and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts | 2023-11-20 | not yet calculated | CVE-2023-5651 |
wordpress -- wordpress | The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorization and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections | 2023-11-20 | not yet calculated | CVE-2023-5652 |
wordpress -- wordpress | The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5662 |
wordpress -- wordpress | The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 2.2.7 and fully patched in version 2.2.9. | 2023-11-22 | not yet calculated | CVE-2023-5664
|
wordpress -- wordpress | The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5667
|
wordpress -- wordpress | The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5704 |
wordpress -- wordpress | The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5706
|
wordpress -- wordpress | The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5708 |
wordpress -- wordpress | The Website Optimization - Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-11-22 | not yet calculated | CVE-2023-5715
|
wordpress -- wordpress | The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5742 |
wordpress -- wordpress | The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This makes it possible for unauthenticated attackers to delete arbitrary user, term, and post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-21 | not yet calculated | CVE-2023-5776
|
wordpress -- wordpress | The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do not belong to them. | 2023-11-20 | not yet calculated | CVE-2023-5799 |
wordpress -- wordpress | The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE. | 2023-11-22 | not yet calculated | CVE-2023-5815
|
wordpress -- wordpress | The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types. | 2023-11-22 | not yet calculated | CVE-2023-5822
|
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options. | 2023-11-22 | not yet calculated | CVE-2023-6007 |
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options. | 2023-11-22 | not yet calculated | CVE-2023-6008 |
wordpress -- wordpress | The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update. | 2023-11-22 | not yet calculated | CVE-2023-6009
|
wordpress -- wordpress | The LifterLMS - WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read the contents of arbitrary CSV files on the server, which can contain sensitive information as well as removing those files from the server. | 2023-11-22 | not yet calculated | CVE-2023-6160 |
wordpress -- wordpress | The MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the 'newColor' parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags. | 2023-11-22 | not yet calculated | CVE-2023-6164 |
wordpress -- wordpress | The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5048 |
wordpress -- wordpress | The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | 2023-11-20 | not yet calculated | CVE-2023-5119 |
wordpress -- wordpress | The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-22 | not yet calculated | CVE-2023-5163
|
wordpress -- wordpress | The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server. | 2023-11-22 | not yet calculated | CVE-2023-5314 |
xwiki -- xwiki | XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that were sent in the original request to ensure that images with restricted view right can be compared. Starting in version 11.10.1 and prior to versions 14.10.15, 15.5.1, and 15.6, this allows an attacker to steal login and session cookies that allow impersonating the current user who views the diff. The attack can be triggered with an image that references the rendered diff, thus making it easy to trigger. Apart from stealing login cookies, this also allows server-side request forgery (the result of any successful request is returned in the image's source) and viewing protected content as once a resource is cached, it is returned for all users. As only successful requests are cached, the cache will be filled by the first user who is allowed to access the resource. This has been patched in XWiki 14.10.15, 15.5.1 and 15.6. The rendered diff now only downloads images from trusted domains. Further, cookies are only sent when the image's domain is the same the requested domain. The cache has been changed to be specific for each user. As a workaround, the image embedding feature can be disabled by deleting `xwiki-platform-diff-xml-<version>.jar` in `WEB-INF/lib/`. | 2023-11-20 | not yet calculated | CVE-2023-48240
|
xwiki -- xwiki | XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available. | 2023-11-20 | not yet calculated | CVE-2023-48241
|
xwiki -- xwiki | The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack is "comments". When the attacker can leave a comment on any page in the wiki, it is sufficient to include an image with an URL like `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` in the comment. When an admin views the comment, the file `/tmp/attacked` will be created on the server. The output of the command is also vulnerable to XWiki syntax injection which offers a simple way to execute Groovy in the context of the XWiki installation and thus an even easier way to compromise the integrity and confidentiality of the whole XWiki installation. This has been patched by adding a form token check in version 4.5.1 of the admin tools. Some workarounds are available. The patch can be applied manually to the affected wiki pages. Alternatively, the document `Admin.RunShellCommand` can also be deleted if the possibility to run shell commands isn't needed. | 2023-11-20 | not yet calculated | CVE-2023-48292
|
xwiki -- xwiki | The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with elevated privileges for the attacker, thus impacting the confidentiality, integrity and availability of the whole XWiki instance. A possible attack vector are comments on the wiki, by embedding an image with wiki syntax like `[[image:path:/xwiki/bin/view/Admin/QueryOnXWiki?query=DELETE%20FROM%20xwikidoc]]`, all documents would be deleted from the database when an admin user views this comment. This has been patched in Admin Tools Application 4.5.1 by adding form token checks. Some workarounds are available. The patch can also be applied manually to the affected pages. Alternatively, if the query tool is not needed, by deleting the document `Admin.SQLToolsGroovy`, all database query tools can be deactivated. | 2023-11-20 | not yet calculated | CVE-2023-48293
|
yamcs -- yamcs | Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser. | 2023-11-20 | not yet calculated | CVE-2023-46470 |
yamcs -- yamcs | Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer. | 2023-11-20 | not yet calculated | CVE-2023-46471 |
yamcs -- yamcs | An issue in Yamcs 5.8.6 allows attackers to send arbitrary telecommands in a Command Stack via Clickjacking. | 2023-11-20 | not yet calculated | CVE-2023-47311 |
zephyr -- zephyr | A malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device. | 2023-11-21 | not yet calculated | CVE-2023-4424 |
zephyr -- zephyr | Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. | 2023-11-21 | not yet calculated | CVE-2023-5055 |
zlib-ng -- zlib-ng | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file. | 2023-11-22 | not yet calculated | CVE-2023-48106 |
zlib-ng -- zlib-ng | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file. | 2023-11-22 | not yet calculated | CVE-2023-48107 |
zohocorp -- manageengine_recoverymanager_plus | Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings. | 2023-11-22 | not yet calculated | CVE-2023-48646 |
zscaler -- client_connector | An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149. | 2023-11-21 | not yet calculated | CVE-2023-28802 |
zyxel -- secuextender_ssl_vpn_client | The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message. | 2023-11-20 | not yet calculated | CVE-2023-5593 |
cisco -- cisco_ip_phones_with_multiplatform_firmware | A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device. | 2023-11-21 | not yet calculated | CVE-2023-20265 |
google-translate-api-browser -- google-translate-api-browser | google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://translate.google.@127.0.0.1/...`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-24 | not yet calculated | CVE-2023-48711 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.