Weekly Vulnerabilities Reports > June 26 to July 2, 2023

The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6.

The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0.

The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5.

The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0.

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1.

The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11.

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67.

Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).

An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges.

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services.

A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons.

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527.

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530.

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529.

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function.

Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Gradle is a build tool with a focus on build automation and support for multi-language development.

Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack

A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends.

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.

Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN.

com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution.

A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability.

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver.

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).

In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack.

In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code.

In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check.

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass.

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass.

In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass.

In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto.

In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code.

In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code.

In multiple functions of WifiNetworkFactory.java, there is a missing permission check.

In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code.

In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code.

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation.

there is a possible way to bypass the protected confirmation screen due to Failure to lock display power.

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM.

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability.

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability.

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges.

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities.

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities.

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145.

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144.

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.

nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.

Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab.

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system.

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model.

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

MISP 2.4.172 mishandles different certificate file extensions in server sync.

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

An issue was discovered in Weblib Ucopia before 6.0.13.

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.

Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.

A vulnerability was found in libX11.

In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow.

In LogResponse of Dns.cpp, there is a possible out of bounds read due to a missing bounds check.

In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow.

In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check.

In on_create_record_event of btif_sdp_server.cc, there is a possible out of bounds read due to a missing null check.

there is a possible use of unencrypted transport over cellular networks due to an insecure default value.

there is a possible use of unencrypted transport over cellular networks due to an insecure default value.

In LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c, there is a possible out of bounds read due to a missing bounds check.

In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow.

In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check.

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware.

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input.

D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.

A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account.

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Apereo CAS is an open source multilingual single sign-on solution for the web.

Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files.

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3.

A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.

H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById.

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions.

OPenFGA is an open source authorization/permission engine built for developers.

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.

MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.

Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.

Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.

In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code.

A vulnerability classified as critical was found in IBOS OA 4.5.5.

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.

Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration.

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.

Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical.

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical.

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network

Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character.

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution.

A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root.

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555.

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554.

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks.

Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.

Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.

An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information.

A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files.

there is a possible way to corrupt memory due to a use after free.

In the Google BMS kernel module, there is a possible out of bounds write due to a heap buffer overflow.

In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check.

In encode of wlandata.cpp, there is a possible out of bounds write due to a heap buffer overflow.

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check.

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check.

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure.

In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation.

In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check.

In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization.

In load_dt_data of storage.c, there is a possible out of bounds write due to a missing bounds check.

In aoc_service_set_read_blocked of aoc.c, there is a possible out of bounds write due to a missing bounds check.

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device.

The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4.

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol.

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files.

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files.

Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.

Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.

Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.

A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system. This vulnerability is due to incorrect handling of password change requests.

A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges.

IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains.

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information.

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends.

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends.

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn.

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first.

pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3.

angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.

Joplin before 2.11.5 allows XSS via a USE element in an SVG document.

Joplin before 2.11.5 allows XSS via an AREA element of an image map.

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist.

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.

A vulnerability was found in RocketSoft Rocket LMS 1.7.

A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic.

A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic.

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2.

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8.

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8.

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3.

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3.

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3.

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS).

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.

Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

Interactsh is an open-source tool for detecting out-of-band interactions.

PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).

PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.

Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation.

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44

Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers.

IBM Business Automation Workflow is vulnerable to cross-site scripting.

A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.

The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.

The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535.

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534.

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI.

Unauth.

Unauth.

Unauth.

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4.

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack.

A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal.

A null pointer dereference issue was found in Libtiff's tif_dir.c file.

In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.

Gradle is a build tool with a focus on build automation and support for multi-language development.

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.

libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499.

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux.

A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver.

A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver.

An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c.

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc().

In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check.

In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check.

In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a heap buffer overflow.

In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check.

In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check.

In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check.

In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check.

In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check.

In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation.

In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization.

In multiple files, there is a possible out of bounds read due to a heap buffer overflow.

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI.

A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file.

This issue was addressed with improved data protection.

pypdf is an open source, pure-python PDF library.

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster.

Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions.

An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring.

A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3.

In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.

Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.

A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.

Xwiki commons is the common modules used by other XWiki top level projects.

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'.

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).

The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks.

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product.

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.

i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0.

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.

Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.

Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.

A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments.

Auth.

Auth.

Auth.

The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page.

The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11.

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3.

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3.

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3.

The affected TBox RTUs are missing authorization for running some API commands.

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby.

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.

An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization

Shopware is an open source e-commerce software.

Shopware is an open source e-commerce software.

Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.

Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause.

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.

Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) .

Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment.

The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4.

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input.

Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1.

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to  execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

An issue was discovered in espcms version P8.18101601.

Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset.

A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges.

Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code.

The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.

Auth.

Auth.

Auth.

Auth.

Auth.

Auth.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions.

Microsoft Edge (Chromium-based) Spoofing Vulnerability

A flaw was found in the MCTP protocol in the Linux kernel.

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects.

In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check.

In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check.

In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check.

In handle_set_parameters_ctrl of hal_socket.c, there is a possible out of bounds read due to an incorrect bounds check.

In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check.

In BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible out of bounds read due to improper input validation.

In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow.

In inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check.

In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check.

In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion.

In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow.

In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check.

In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow.

In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check.

In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check.

In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check.

In multiple files, there is a possible out of bounds read due to a missing bounds check.

In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization.

In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation.

In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation.

In multiple files, there is a possible out of bounds read due to a missing bounds check.

In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check.

In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe deserialization.

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2.

The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4.

The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8.

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1.

The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4.

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.

The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2.

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1.

The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11.

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3.

The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7.

The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1.

The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13.

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2.

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6.

The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1.

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43.

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17.

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15.

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3.

The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2.

The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6.

The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6.

The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.

The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3.

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

A security defect was identified in Foundry Issues.

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40.

The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40.

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.

The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6.

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation.

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions.

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups.

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them.

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0.

The Contour Service was not checking that users had permission to create an analysis for a given dataset.

User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.

In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition.

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request.

Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.

Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.

Microsoft Edge (Chromium-based) Spoofing Vulnerability