Weekly Vulnerabilities Reports > October 2 to 8, 2023
Overview
476 new vulnerabilities reported during this period, including 68 critical vulnerabilities and 208 high severity vulnerabilities. This weekly summary report vulnerabilities in 960 products from 243 vendors including Google, Qualcomm, Redhat, Fedoraproject, and Dlink. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Missing Authorization", "SQL Injection", and "Out-of-bounds Write".
- 353 reported vulnerabilities are remotely exploitables.
- 156 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 255 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 41 reported vulnerabilities.
- Themevolty has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
68 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-10-07 | CVE-2023-45199 | ARM | Classic Buffer Overflow vulnerability in ARM Mbed TLS 3.2.0/3.3.0 Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. | 9.8 |
2023-10-06 | CVE-2023-3725 | Zephyrproject | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem | 9.8 |
2023-10-06 | CVE-2023-45311 | Fsevents Project | Code Injection vulnerability in Fsevents Project Fsevents fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. | 9.8 |
2023-10-06 | CVE-2023-45239 | Facebook Fedoraproject | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | 9.8 |
2023-10-06 | CVE-2023-5214 | Puppet | Improper Privilege Management vulnerability in Puppet Bolt In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | 9.8 |
2023-10-06 | CVE-2023-44807 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-820L Firmware 1.05B03 D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. | 9.8 |
2023-10-06 | CVE-2023-38703 | Teluu | Use After Free vulnerability in Teluu Pjsip PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. | 9.8 |
2023-10-06 | CVE-2023-43058 | IBM | Unspecified vulnerability in IBM products IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. | 9.8 |
2023-10-06 | CVE-2023-4530 | Turnatasarim | SQL Injection vulnerability in Turnatasarim Advertising Administration Panel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1. | 9.8 |
2023-10-06 | CVE-2015-10126 | Steven Ellis | SQL Injection vulnerability in Steven Ellis Easy2Map Photos A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. | 9.8 |
2023-10-06 | CVE-2023-26153 | Geokit | Deserialization of Untrusted Data vulnerability in Geokit Geokit-Rails Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. | 9.8 |
2023-10-05 | CVE-2023-43269 | Pigcms | Unrestricted Upload of File with Dangerous Type vulnerability in Pigcms 7.0 pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. | 9.8 |
2023-10-05 | CVE-2023-40920 | Prixan | SQL Injection vulnerability in Prixan Prixanconnect 1.61 Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). | 9.8 |
2023-10-05 | CVE-2023-43981 | Presto Changeo | Deserialization of Untrusted Data vulnerability in Presto-Changeo Test Site Creator 1.1.1 Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. | 9.8 |
2023-10-05 | CVE-2023-43983 | Presto Changeo | SQL Injection vulnerability in Presto-Changeo Attribute Grid 2.0.3 Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | 9.8 |
2023-10-05 | CVE-2023-44024 | Knowband | SQL Injection vulnerability in Knowband ONE Page Checkout, Social Login & Mailchimp 8.0.3 SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component. | 9.8 |
2023-10-05 | CVE-2023-32485 | Dell | Improper Input Validation vulnerability in Dell Smartfabric Storage Software 1.0.0 Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. | 9.8 |
2023-10-05 | CVE-2023-5423 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Pizza Ordering System 1.0 A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. | 9.8 |
2023-10-04 | CVE-2023-35803 | Extremenetworks | Classic Buffer Overflow vulnerability in Extremenetworks IQ Engine 10.6R1 IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. | 9.8 |
2023-10-04 | CVE-2023-36619 | Unify | Improper Input Validation vulnerability in Unify Session Border Controller 10R3.01.03 Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users. | 9.8 |
2023-10-04 | CVE-2023-41094 | Silabs | Missing Release of Resource after Effective Lifetime vulnerability in Silabs Emberznet TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected | 9.8 |
2023-10-04 | CVE-2023-5391 | Schneider Electric | Deserialization of Untrusted Data vulnerability in Schneider-Electric products A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | 9.8 |
2023-10-04 | CVE-2023-5399 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Spacelogic C-Bus Toolkit A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command. | 9.8 |
2023-10-04 | CVE-2023-5402 | Schneider Electric | Improper Privilege Management vulnerability in Schneider-Electric C-Bus Toolkit A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | 9.8 |
2023-10-04 | CVE-2023-20101 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco Emergency Responder 12.5(1)Su4 A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. | 9.8 |
2023-10-04 | CVE-2022-36276 | Tcman | SQL Injection vulnerability in Tcman GIM 8.0.1 TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. | 9.8 |
2023-10-04 | CVE-2023-22515 | Atlassian | Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. | 9.8 |
2023-10-04 | CVE-2023-5374 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0 A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. | 9.8 |
2023-10-04 | CVE-2023-4491 | Easy Address Book WEB Server Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Easy Address Book web Server Project Easy Address Book web Server 1.6 Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. | 9.8 |
2023-10-04 | CVE-2023-4494 | Easy Chat Server Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Easy Chat Server Project Easy Chat Server 3.1 Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. | 9.8 |
2023-10-04 | CVE-2023-5373 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0 A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. | 9.8 |
2023-10-04 | CVE-2023-2809 | Sage | Cleartext Storage of Sensitive Information vulnerability in Sage 200 Spain 2023.38.001 Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. | 9.8 |
2023-10-04 | CVE-2023-37404 | IBM | Unspecified vulnerability in IBM Observability With Instana IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. | 9.8 |
2023-10-03 | CVE-2023-39647 | Themevolty | SQL Injection vulnerability in Themevolty Theme Volty CMS Category Product 4.0.1 Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. | 9.8 |
2023-10-03 | CVE-2023-39646 | Themevolty | SQL Injection vulnerability in Themevolty Theme Volty CMS Category Chain Slider 4.0.1 Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. | 9.8 |
2023-10-03 | CVE-2023-39648 | Themevolty | SQL Injection vulnerability in Themevolty Theme Volty CMS Testimonial 4.0.1 Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. | 9.8 |
2023-10-03 | CVE-2023-39649 | Themevolty | SQL Injection vulnerability in Themevolty Theme Volty CMS Category Slider 4.0.1 Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. | 9.8 |
2023-10-03 | CVE-2023-39651 | Themevolty | SQL Injection vulnerability in Themevolty Theme Volty CMS Brandlist 4.0.1 Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 |
2023-10-03 | CVE-2023-33268 | DTS | OS Command Injection vulnerability in DTS Monitoring 3.57.0 An issue was discovered in DTS Monitoring 3.57.0. | 9.8 |
2023-10-03 | CVE-2023-33269 | DTS | OS Command Injection vulnerability in DTS Monitoring 3.57.0 An issue was discovered in DTS Monitoring 3.57.0. | 9.8 |
2023-10-03 | CVE-2023-33270 | DTS | OS Command Injection vulnerability in DTS Monitoring 3.57.0 An issue was discovered in DTS Monitoring 3.57.0. | 9.8 |
2023-10-03 | CVE-2023-33271 | DTS | OS Command Injection vulnerability in DTS Monitoring 3.57.0 An issue was discovered in DTS Monitoring 3.57.0. | 9.8 |
2023-10-03 | CVE-2023-33272 | DTS | OS Command Injection vulnerability in DTS Monitoring 3.57.0 An issue was discovered in DTS Monitoring 3.57.0. | 9.8 |
2023-10-03 | CVE-2023-33273 | DTS | OS Command Injection vulnerability in DTS Monitoring 3.57.0 An issue was discovered in DTS Monitoring 3.57.0. | 9.8 |
2023-10-03 | CVE-2023-39645 | Themevolty | SQL Injection vulnerability in Themevolty CMS Payment Icon 4.0.1 Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. | 9.8 |
2023-10-03 | CVE-2023-44973 | Emlog | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0 An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
2023-10-03 | CVE-2023-44974 | Emlog | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0 An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
2023-10-03 | CVE-2023-40830 | Tenda | Classic Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.05.19 Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | 9.8 |
2023-10-03 | CVE-2022-47893 | Riello UPS | Unrestricted Upload of File with Dangerous Type vulnerability in Riello-Ups Netman 204 Firmware There is a remote code execution vulnerability that affects all versions of NetMan 204. | 9.8 |
2023-10-03 | CVE-2023-3654 | Cashit | Origin Validation Error vulnerability in Cashit Cashit! 03.A06Rks2023.02.37 cashIT! - serving solutions. | 9.8 |
2023-10-03 | CVE-2023-3656 | Cashit | Code Injection vulnerability in Cashit Cashit! 03.A06Rks2023.02.37 cashIT! - serving solutions. | 9.8 |
2023-10-03 | CVE-2023-22385 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | 9.8 |
2023-10-03 | CVE-2023-24855 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in Modem while processing security related configuration before AS Security Exchange. | 9.8 |
2023-10-03 | CVE-2023-33028 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | 9.8 |
2023-10-02 | CVE-2023-43980 | Presto Changeo | SQL Injection vulnerability in Presto-Changeo Testsitecreator Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | 9.8 |
2023-10-02 | CVE-2023-43891 | Netis Systems | Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. | 9.8 |
2023-10-02 | CVE-2023-43892 | Netis Systems | OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. | 9.8 |
2023-10-02 | CVE-2023-43893 | Netis Systems | OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. | 9.8 |
2023-10-02 | CVE-2023-44011 | Mojoportal | Unspecified vulnerability in Mojoportal 2.7.0.0 An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. | 9.8 |
2023-10-02 | CVE-2023-44008 | Mojoportal | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoportal 2.7.0.0 File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. | 9.8 |
2023-10-02 | CVE-2023-44009 | Mojoportal | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoportal 2.7.0.0 File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. | 9.8 |
2023-10-02 | CVE-2023-4659 | Free5Gc | Cross-Site Request Forgery (CSRF) vulnerability in Free5Gc 1.1.1 Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". | 9.8 |
2023-10-02 | CVE-2015-10124 | Smartfan | SQL Injection vulnerability in Smartfan Most Popular Posts Widget 0.8 A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. | 9.8 |
2023-10-02 | CVE-2023-20819 | Mediatek | Out-of-bounds Write vulnerability in Mediatek products In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. | 9.8 |
2023-10-05 | CVE-2023-2306 | Qognify | Use of Hard-coded Credentials vulnerability in Qognify Nicevision Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. | 9.1 |
2023-10-04 | CVE-2023-38701 | Iohk | Unspecified vulnerability in Iohk Hydra Hydra is the layer-two scalability solution for Cardano. | 9.1 |
2023-10-04 | CVE-2023-44208 | Acronis | Missing Authorization vulnerability in Acronis Cyber Protect Home Office Sensitive information disclosure and manipulation due to missing authorization. | 9.1 |
2023-10-03 | CVE-2023-5350 | Salesagility | SQL Injection vulnerability in Salesagility Suitecrm SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. | 9.1 |
208 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-10-06 | CVE-2023-44061 | Simple AND Nice Shopping Cart Script Project | Unrestricted Upload of File with Dangerous Type vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script 1.0 File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. | 8.8 |
2023-10-06 | CVE-2023-45303 | Thingsboard | Injection vulnerability in Thingsboard ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | 8.8 |
2023-10-06 | CVE-2023-39928 | Webkitgtk Debian Fedoraproject | Use After Free vulnerability in multiple products A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. | 8.8 |
2023-10-06 | CVE-2023-44233 | Fooplugins | Cross-Site Request Forgery (CSRF) vulnerability in Fooplugins Foogallery Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions. | 8.8 |
2023-10-06 | CVE-2023-44243 | Dylanblokhuis | Cross-Site Request Forgery (CSRF) vulnerability in Dylanblokhuis Instant CSS Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions. | 8.8 |
2023-10-06 | CVE-2023-40607 | Cluevo | Cross-Site Request Forgery (CSRF) vulnerability in Cluevo Learning Management System Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. | 8.8 |
2023-10-06 | CVE-2023-41650 | Remove Hide Author Date Category Like Entry Meta Project | Cross-Site Request Forgery (CSRF) vulnerability in Remove/Hide Author, Date, Category Like Entry-Meta Project Remove/Hide Author, Date, Category Like Entry-Meta Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions. | 8.8 |
2023-10-06 | CVE-2023-41654 | Heigl | Cross-Site Request Forgery (CSRF) vulnerability in Heigl Authldap Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions. | 8.8 |
2023-10-06 | CVE-2023-41659 | Bdwm | Cross-Site Request Forgery (CSRF) vulnerability in Bdwm Responsive Gallery Grid Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions. | 8.8 |
2023-10-06 | CVE-2023-41732 | Dwbooster | Cross-Site Request Forgery (CSRF) vulnerability in Dwbooster CP Blocks Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions. | 8.8 |
2023-10-06 | CVE-2023-41801 | Strategy11 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 AWP Classifieds Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions. | 8.8 |
2023-10-06 | CVE-2023-41950 | Laposta | Cross-Site Request Forgery (CSRF) vulnerability in Laposta Signup Basic Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions. | 8.8 |
2023-10-06 | CVE-2023-44146 | Checkfront | Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Online Booking System Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. | 8.8 |
2023-10-06 | CVE-2023-28791 | Webtechforce | Cross-Site Request Forgery (CSRF) vulnerability in Webtechforce Simple ORG Chart 2.3.4 Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | 8.8 |
2023-10-06 | CVE-2023-29235 | Fugu | Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | 8.8 |
2023-10-06 | CVE-2022-47175 | Royal Elementor Addons | Cross-Site Request Forgery (CSRF) vulnerability in Royal-Elementor-Addons Royal Elementor Addons Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions. | 8.8 |
2023-10-06 | CVE-2023-25033 | Sumo | Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions. | 8.8 |
2023-10-06 | CVE-2023-25480 | Boldgrid | Cross-Site Request Forgery (CSRF) vulnerability in Boldgrid Post and Page Builder BY Boldgrid - Visual Drag and Drop Editor Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions. | 8.8 |
2023-10-06 | CVE-2023-27448 | Makestories | Cross-Site Request Forgery (CSRF) vulnerability in Makestories (For Google web Stories) Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions. | 8.8 |
2023-10-06 | CVE-2023-27615 | Dipakgajjar | Cross-Site Request Forgery (CSRF) vulnerability in Dipakgajjar WP Super Minify Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. | 8.8 |
2023-10-06 | CVE-2023-40008 | Webtechforce | Cross-Site Request Forgery (CSRF) vulnerability in Webtechforce Simple ORG Chart 2.3.4 Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | 8.8 |
2023-10-06 | CVE-2023-40671 | Daxiawp | Cross-Site Request Forgery (CSRF) vulnerability in Daxiawp Dx-Auto-Save-Images Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <= 1.4.0 versions. | 8.8 |
2023-10-06 | CVE-2023-40556 | Toolstack | Cross-Site Request Forgery (CSRF) vulnerability in Toolstack Schedule Posts Calendar Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions. | 8.8 |
2023-10-05 | CVE-2015-10125 | Smackcoders | Cross-Site Request Forgery (CSRF) vulnerability in Smackcoders Import ALL Pages, Post Types, Products, Orders, and Users AS XML & CSV A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. | 8.8 |
2023-10-05 | CVE-2023-43284 | Dlink | Unspecified vulnerability in Dlink Dir-846 Firmware 100A53Dbr D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. | 8.8 |
2023-10-05 | CVE-2023-43068 | Dell | OS Command Injection vulnerability in Dell Smartfabric Storage Software 1.0.0 Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. | 8.8 |
2023-10-05 | CVE-2023-4401 | Dell | OS Command Injection vulnerability in Dell Smartfabric Storage Software 1.0.0 Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. | 8.8 |
2023-10-05 | CVE-2023-5346 | Google Fedoraproject | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-10-05 | CVE-2023-45160 | 1E | Files or Directories Accessible to External Parties vulnerability in 1E Client In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. | 8.8 |
2023-10-05 | CVE-2023-4570 | NI | Unspecified vulnerability in NI Measurementlink 1.0.0/1.0.1/1.1.0 An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. | 8.8 |
2023-10-04 | CVE-2023-43321 | Dcnetworks | Unrestricted Upload of File with Dangerous Type vulnerability in Dcnetworks Dcfw-1800-Sdc Firmware 3.0 File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. | 8.8 |
2023-10-04 | CVE-2023-36618 | Unify | OS Command Injection vulnerability in Unify Session Border Controller 10R3.01.03 Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users. | 8.8 |
2023-10-04 | CVE-2023-42809 | Redisson | Deserialization of Untrusted Data vulnerability in Redisson Redisson is a Java Redis client that uses the Netty framework. | 8.8 |
2023-10-04 | CVE-2023-20235 | Cisco | Improper Privilege Management vulnerability in Cisco IOS XE A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. | 8.8 |
2023-10-04 | CVE-2023-40559 | Multidots | Cross-Site Request Forgery (CSRF) vulnerability in Multidots Dynamic Pricing and Discount Rules for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions. | 8.8 |
2023-10-04 | CVE-2023-25025 | Chetangole | Cross-Site Request Forgery (CSRF) vulnerability in Chetangole Wp-Copyprotect [Protect Your Blog Posts] Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. | 8.8 |
2023-10-04 | CVE-2023-27433 | Yasglobal | Cross-Site Request Forgery (CSRF) vulnerability in Yasglobal Make Paths Relative Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0. | 8.8 |
2023-10-04 | CVE-2023-40561 | Multidots | Cross-Site Request Forgery (CSRF) vulnerability in Multidots Enhanced Ecommerce Google Analytics for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions. | 8.8 |
2023-10-04 | CVE-2023-25489 | Iwebss | Cross-Site Request Forgery (CSRF) vulnerability in Iwebss Update Theme and Plugins From ZIP File Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions. | 8.8 |
2023-10-04 | CVE-2023-25788 | Saphali | Cross-Site Request Forgery (CSRF) vulnerability in Saphali Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions. | 8.8 |
2023-10-04 | CVE-2023-25980 | Cagewebdev | Cross-Site Request Forgery (CSRF) vulnerability in Cagewebdev Optimize Database After Deleting Revisions Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions. | 8.8 |
2023-10-04 | CVE-2023-37995 | WP Copyprotect Project | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Copyprotect Project Wp-Copyprotect Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. | 8.8 |
2023-10-04 | CVE-2023-3701 | Aquaesolutions | Path Traversal vulnerability in Aquaesolutions Aqua Drive 2.4 Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. | 8.8 |
2023-10-04 | CVE-2023-4997 | Prointegra | Incorrect Authorization vulnerability in Prointegra Uptimedc Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | 8.8 |
2023-10-03 | CVE-2023-43176 | Afterlogic | Deserialization of Untrusted Data vulnerability in Afterlogic Aurora Files 9.7.3 A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. | 8.8 |
2023-10-03 | CVE-2023-4817 | Icpdas | Unrestricted Upload of File with Dangerous Type vulnerability in Icpdas Et-7060 Firmware 3.00 This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. | 8.8 |
2023-10-03 | CVE-2023-0506 | Bydemes | Unspecified vulnerability in Bydemes Airspace Cctv web Service 2.616.By00.11 The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access. | 8.8 |
2023-10-03 | CVE-2023-27435 | Yasglobal | Cross-Site Request Forgery (CSRF) vulnerability in Yasglobal Http Auth Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions. | 8.8 |
2023-10-03 | CVE-2023-32091 | Poeditor | Cross-Site Request Forgery (CSRF) vulnerability in Poeditor Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | 8.8 |
2023-10-03 | CVE-2023-40558 | Emarketdesign | Cross-Site Request Forgery (CSRF) vulnerability in Emarketdesign Youtube Video Gallery Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions. | 8.8 |
2023-10-03 | CVE-2023-41244 | Buildfail | Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions. | 8.8 |
2023-10-03 | CVE-2023-41693 | Plainviewplugins | Cross-Site Request Forgery (CSRF) vulnerability in Plainviewplugins Mycryptocheckout Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. | 8.8 |
2023-10-03 | CVE-2023-4929 | Moxa | Improper Validation of Integrity Check Value vulnerability in Moxa products All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. | 8.8 |
2023-10-03 | CVE-2023-2681 | Jorani | SQL Injection vulnerability in Jorani 1.0.0 An SQL Injection vulnerability has been found on Jorani version 1.0.0. | 8.8 |
2023-10-03 | CVE-2023-40199 | Crudlab | Cross-Site Request Forgery (CSRF) vulnerability in Crudlab WP Like Button Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. | 8.8 |
2023-10-03 | CVE-2023-40201 | Futuriowp | Cross-Site Request Forgery (CSRF) vulnerability in Futuriowp Futurio Extra Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. | 8.8 |
2023-10-03 | CVE-2023-40202 | Codemiq | Cross-Site Request Forgery (CSRF) vulnerability in Codemiq WP Html Mail Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions. | 8.8 |
2023-10-03 | CVE-2022-47891 | Riello UPS | Use of Hard-coded Credentials vulnerability in Riello-Ups Netman 204 Firmware All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function. | 8.8 |
2023-10-03 | CVE-2023-25989 | Mekshq | Cross-Site Request Forgery (CSRF) vulnerability in Mekshq products Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup. | 8.8 |
2023-10-03 | CVE-2023-2830 | Trustindex | Cross-Site Request Forgery (CSRF) vulnerability in Trustindex WP Testimonials Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions. | 8.8 |
2023-10-03 | CVE-2023-39165 | Fetchdesigns | Cross-Site Request Forgery (CSRF) vulnerability in Fetchdesigns Sign-Up Sheets Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. | 8.8 |
2023-10-03 | CVE-2023-39917 | AYS PRO | Cross-Site Request Forgery (CSRF) vulnerability in Ays-Pro Photo Gallery Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | 8.8 |
2023-10-03 | CVE-2023-39923 | Radiustheme | Cross-Site Request Forgery (CSRF) vulnerability in Radiustheme the Post Grid Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. | 8.8 |
2023-10-03 | CVE-2023-39989 | Draftpress | Cross-Site Request Forgery (CSRF) vulnerability in Draftpress Header Footer Code Manager Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. | 8.8 |
2023-10-03 | CVE-2023-40210 | Sean Barton | Cross-Site Request Forgery (CSRF) vulnerability in Sean-Barton SB Child List 4.5 Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. | 8.8 |
2023-10-03 | CVE-2023-4098 | Qsige | SQL Injection vulnerability in Qsige 3.0.0.0 It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. | 8.8 |
2023-10-03 | CVE-2023-4102 | Qsige | SQL Injection vulnerability in Qsige 3.0.0.0 QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 8.8 |
2023-10-03 | CVE-2023-4103 | Qsige | SQL Injection vulnerability in Qsige 3.0.0.0 QSige statistics are affected by a remote SQLi vulnerability. | 8.8 |
2023-10-03 | CVE-2022-46841 | Soflyy | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. | 8.8 |
2023-10-03 | CVE-2023-25463 | Gopiplus | Cross-Site Request Forgery (CSRF) vulnerability in Gopiplus Wp-Tell-A-Friend-Popup-Form 7.1 Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions. | 8.8 |
2023-10-03 | CVE-2023-37990 | Perelink PRO Project | Cross-Site Request Forgery (CSRF) vulnerability in Perelink PRO Project Perelink PRO Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions. | 8.8 |
2023-10-03 | CVE-2023-38390 | Anshullabs | Cross-Site Request Forgery (CSRF) vulnerability in Anshullabs Mobile Address BAR Changer Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions. | 8.8 |
2023-10-03 | CVE-2023-38396 | WEB Argument | Cross-Site Request Forgery (CSRF) vulnerability in Web-Argument Google-Map-Shortcode 3.1.2 Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions. | 8.8 |
2023-10-03 | CVE-2023-38398 | Tablooa | Cross-Site Request Forgery (CSRF) vulnerability in Tablooa Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions. | 8.8 |
2023-10-03 | CVE-2023-4097 | Qsige | Unrestricted Upload of File with Dangerous Type vulnerability in Qsige 3.0.0.0 The file upload functionality is not implemented correctly and allows uploading of any type of file. | 8.8 |
2023-10-03 | CVE-2023-37891 | Optimonk | Cross-Site Request Forgery (CSRF) vulnerability in Optimonk Optimonk:Popups, Personalization & A/B Testing Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions. | 8.8 |
2023-10-03 | CVE-2023-37991 | Monchito | Cross-Site Request Forgery (CSRF) vulnerability in Monchito WP Emoji ONE Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions. | 8.8 |
2023-10-03 | CVE-2023-37992 | Presspage | Cross-Site Request Forgery (CSRF) vulnerability in Presspage Smarty for Wordpress 3.1.35 Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. | 8.8 |
2023-10-03 | CVE-2023-37996 | Gtmetrix | Cross-Site Request Forgery (CSRF) vulnerability in Gtmetrix Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions. | 8.8 |
2023-10-03 | CVE-2023-37998 | Saas | Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler 3.0.3 Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3. | 8.8 |
2023-10-03 | CVE-2023-38381 | WP Flybox Project | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Flybox Project Wp-Flybox 6.46 Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions. | 8.8 |
2023-10-03 | CVE-2023-39222 | Furunosystems | OS Command Injection vulnerability in Furunosystems products OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. | 8.8 |
2023-10-03 | CVE-2023-41086 | Furunosystems | Cross-Site Request Forgery (CSRF) vulnerability in Furunosystems products Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. | 8.8 |
2023-10-03 | CVE-2023-42771 | Furunosystems | Improper Authentication vulnerability in Furunosystems Acera 1310 Firmware and Acera 1320 Firmware Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. | 8.8 |
2023-10-03 | CVE-2023-36628 | Purestorage | Unspecified vulnerability in Purestorage Purity//Fa A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | 8.8 |
2023-10-02 | CVE-2023-43268 | Deyue Remote Vehicle Management System Project | Deserialization of Untrusted Data vulnerability in Deyue Remote Vehicle Management System Project Deyue Remote Vehicle Management System 1.1 Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. | 8.8 |
2023-10-02 | CVE-2023-43835 | Superstorefinder | Injection vulnerability in Superstorefinder Super Store Finder Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. | 8.8 |
2023-10-02 | CVE-2023-43890 | Netis Systems | OS Command Injection vulnerability in Netis-Systems N3M Firmware 1.0.1.865 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. | 8.8 |
2023-10-02 | CVE-2023-3744 | Slims | Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.6.0 Server-Side Request Forgery vulnerability in SLims version 9.6.0. | 8.8 |
2023-10-02 | CVE-2023-5328 | Sato | Improper Authentication vulnerability in Sato Cl4Nx-J Plus Firmware 1.13.2U455R2 A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. | 8.8 |
2023-10-04 | CVE-2023-3037 | Helpdezk | Unspecified vulnerability in Helpdezk 1.1.10 Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. | 8.6 |
2023-10-05 | CVE-2023-45159 | 1E | Link Following vulnerability in 1E Client 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. | 8.4 |
2023-10-04 | CVE-2023-39191 | Linux Fedoraproject Redhat | An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. | 8.2 |
2023-10-03 | CVE-2023-4100 | Qsige | Cross-site Scripting vulnerability in Qsige 3.0.0.0 Allows an attacker to perform XSS attacks stored on certain resources. | 8.2 |
2023-10-03 | CVE-2023-22382 | Qualcomm | Unspecified vulnerability in Qualcomm products Weak configuration in Automotive while VM is processing a listener request from TEE. | 8.2 |
2023-10-05 | CVE-2023-39323 | Golang Fedoraproject | Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. | 8.1 |
2023-10-04 | CVE-2023-42449 | Iohk | Unspecified vulnerability in Iohk Hydra Hydra is the two-layer scalability solution for Cardano. | 8.1 |
2023-10-04 | CVE-2023-42448 | Iohk | Improper Validation of Specified Quantity in Input vulnerability in Iohk Hydra Hydra is the layer-two scalability solution for Cardano. | 8.1 |
2023-10-04 | CVE-2023-43804 | Python Debian Fedoraproject | Information Exposure vulnerability in multiple products urllib3 is a user-friendly HTTP client library for Python. | 8.1 |
2023-10-04 | CVE-2023-1832 | Candlepinproject Redhat | Incorrect Authorization vulnerability in multiple products An improper access control flaw was found in Candlepin. | 8.1 |
2023-10-03 | CVE-2023-43976 | Catonetworks | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Catonetworks Cato Client An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. | 8.1 |
2023-10-08 | CVE-2023-40634 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In phasechecksercer, there is a possible missing permission check. | 7.8 | |
2023-10-08 | CVE-2023-40635 | Missing Authorization vulnerability in Google Android 11.0 In linkturbo, there is a possible missing permission check. | 7.8 | |
2023-10-07 | CVE-2023-36123 | Plain Craft Launcher 2 Project | Path Traversal vulnerability in Plain Craft Launcher 2 Project Plain Craft Launcher 2 1.3.9 Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information. | 7.8 |
2023-10-06 | CVE-2023-21266 | Unspecified vulnerability in Google Android In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. | 7.8 | |
2023-10-06 | CVE-2023-35897 | IBM | Uncontrolled Search Path Element vulnerability in IBM Storage Protect and Storage Protect Client IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. | 7.8 |
2023-10-05 | CVE-2023-43069 | Dell | OS Command Injection vulnerability in Dell Smartfabric Storage Software 1.0.0 Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. | 7.8 |
2023-10-05 | CVE-2023-43072 | Dell | Improper Access Control vulnerability in Dell Smartfabric Storage Software 1.0.0 Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. | 7.8 |
2023-10-05 | CVE-2023-26236 | Watchguard | Unspecified vulnerability in Watchguard products An issue was discovered in WatchGuard EPDR 8.0.21.0002. | 7.8 |
2023-10-04 | CVE-2023-40299 | Konghq | Unspecified vulnerability in Konghq Insomnia 2023.4.0 Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable. | 7.8 |
2023-10-04 | CVE-2023-43799 | Altairgraphql | Unspecified vulnerability in Altairgraphql Altair Altair is a GraphQL Client. | 7.8 |
2023-10-04 | CVE-2023-44209 | Acronis | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis Agent C22.02 Local privilege escalation due to improper soft link handling. | 7.8 |
2023-10-04 | CVE-2023-42824 | Apple | Unspecified vulnerability in Apple Ipados The issue was addressed with improved checks. | 7.8 |
2023-10-04 | CVE-2023-43838 | Personal Management System | Unrestricted Upload of File with Dangerous Type vulnerability in Personal-Management-System Personal Management System 1.4.64 An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. | 7.8 |
2023-10-04 | CVE-2023-3665 | Trellix | Code Injection vulnerability in Trellix Endpoint Security A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. | 7.8 |
2023-10-04 | CVE-2023-4237 | Redhat | Unspecified vulnerability in Redhat Ansible Automation Platform and Ansible Collection A flaw was found in the Ansible Automation Platform. | 7.8 |
2023-10-04 | CVE-2023-22618 | Nokia | Unspecified vulnerability in Nokia products If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. | 7.8 |
2023-10-04 | CVE-2023-30690 | Samsung | Improper Input Validation vulnerability in Samsung Android 11.0/12.0 Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | 7.8 |
2023-10-04 | CVE-2023-30692 | Samsung | Unspecified vulnerability in Samsung Android 11.0/12.0 Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | 7.8 |
2023-10-04 | CVE-2023-30733 | Samsung | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0 Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution. | 7.8 |
2023-10-04 | CVE-2023-30738 | Samsung | Unspecified vulnerability in Samsung products An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption. | 7.8 |
2023-10-03 | CVE-2023-4911 | GNU Fedoraproject Redhat Debian Canonical | Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. | 7.8 |
2023-10-03 | CVE-2023-44217 | Sonicwall | Unspecified vulnerability in Sonicwall Netextender A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. | 7.8 |
2023-10-03 | CVE-2023-44218 | Sonicwall | Unspecified vulnerability in Sonicwall Netextender A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. | 7.8 |
2023-10-03 | CVE-2023-21673 | Qualcomm | Unspecified vulnerability in Qualcomm products Improper Access to the VM resource manager can lead to Memory Corruption. | 7.8 |
2023-10-03 | CVE-2023-22384 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ). | 7.8 |
2023-10-03 | CVE-2023-24844 | Qualcomm | Unspecified vulnerability in Qualcomm products Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | 7.8 |
2023-10-03 | CVE-2023-24850 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. | 7.8 |
2023-10-03 | CVE-2023-24853 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory Corruption in HLOS while registering for key provisioning notify. | 7.8 |
2023-10-03 | CVE-2023-28539 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | 7.8 |
2023-10-03 | CVE-2023-33029 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in DSP Service during a remote call from HLOS to DSP. | 7.8 |
2023-10-03 | CVE-2023-33034 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption while parsing the ADSP response command. | 7.8 |
2023-10-03 | CVE-2023-33035 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption while invoking callback function of AFE from ADSP. | 7.8 |
2023-10-03 | CVE-2023-33039 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in Automotive Display while destroying the image handle created using connected display driver. | 7.8 |
2023-10-03 | CVE-2023-5345 | Linux Fedoraproject | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. | 7.8 |
2023-10-03 | CVE-2023-3440 | Hitachi | Incorrect Default Permissions vulnerability in Hitachi Jp1/Performance Management Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*. | 7.8 |
2023-10-02 | CVE-2023-43361 | Xiph | Out-of-bounds Write vulnerability in Xiph Vorbis-Tools 1.4.2 Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. | 7.8 |
2023-10-08 | CVE-2023-40632 | Use After Free vulnerability in Google Android 13.0 In jpg driver, there is a possible use after free due to a logic error. | 7.5 | |
2023-10-07 | CVE-2023-43615 | ARM Fedoraproject | Classic Buffer Overflow vulnerability in multiple products Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | 7.5 |
2023-10-06 | CVE-2023-44860 | Netis Systems | Incorrect Authorization vulnerability in Netis-Systems N3M Firmware 1.0.1.865 An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | 7.5 |
2023-10-06 | CVE-2022-33160 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Directory Suite VA 8.0.1 IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2023-10-06 | CVE-2023-45282 | Nasa | Unspecified vulnerability in Nasa Openmct In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. | 7.5 |
2023-10-06 | CVE-2023-43810 | Opentelemetry | Resource Exhaustion vulnerability in Opentelemetry OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. | 7.5 |
2023-10-05 | CVE-2023-44828 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. | 7.5 |
2023-10-05 | CVE-2023-44829 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. | 7.5 |
2023-10-05 | CVE-2023-44830 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. | 7.5 |
2023-10-05 | CVE-2023-44831 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. | 7.5 |
2023-10-05 | CVE-2023-44832 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. | 7.5 |
2023-10-05 | CVE-2023-44833 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. | 7.5 |
2023-10-05 | CVE-2023-44834 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. | 7.5 |
2023-10-05 | CVE-2023-44835 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. | 7.5 |
2023-10-05 | CVE-2023-44836 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. | 7.5 |
2023-10-05 | CVE-2023-44837 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. | 7.5 |
2023-10-05 | CVE-2023-44838 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. | 7.5 |
2023-10-05 | CVE-2023-44839 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dir-823G Firmware 1.0.2B05 D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. | 7.5 |
2023-10-05 | CVE-2022-3248 | Redhat | Incorrect Authorization vulnerability in Redhat products A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. | 7.5 |
2023-10-05 | CVE-2023-45198 | Netbsd | Unspecified vulnerability in Netbsd Ftpd and Tnftpd ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. | 7.5 |
2023-10-04 | CVE-2023-43793 | Misskey | Improper Authentication vulnerability in Misskey Misskey is an open source, decentralized social media platform. | 7.5 |
2023-10-04 | CVE-2023-43805 | Nexryai | Improper Authentication vulnerability in Nexryai Nexkey Nexkey is a fork of Misskey, an open source, decentralized social media platform. | 7.5 |
2023-10-04 | CVE-2023-43809 | Charm | Improper Authentication vulnerability in Charm Soft Serve Soft Serve is a self-hostable Git server for the command line. | 7.5 |
2023-10-04 | CVE-2023-20259 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. | 7.5 |
2023-10-04 | CVE-2023-3038 | Helpdezk | SQL Injection vulnerability in Helpdezk 1.1.10 SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. | 7.5 |
2023-10-04 | CVE-2023-3361 | Opendatahub Redhat | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in Red Hat OpenShift Data Science. | 7.5 |
2023-10-04 | CVE-2023-43261 | Milesight | Information Exposure Through Log Files vulnerability in Milesight products An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | 7.5 |
2023-10-04 | CVE-2023-1584 | Quarkus | Unspecified vulnerability in Quarkus A flaw was found in Quarkus. | 7.5 |
2023-10-04 | CVE-2023-3512 | Setelsa Security | Path Traversal vulnerability in Setelsa-Security Conacwin 3.7.1.2 Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter. | 7.5 |
2023-10-04 | CVE-2023-30727 | Samsung | Unspecified vulnerability in Samsung Android 11.0/12.0 Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction. | 7.5 |
2023-10-04 | CVE-2022-22447 | IBM | Unspecified vulnerability in IBM Disconnected LOG Collector IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. | 7.5 |
2023-10-03 | CVE-2023-5255 | Puppet | Improper Resource Shutdown or Release vulnerability in Puppet and Puppet Server For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | 7.5 |
2023-10-03 | CVE-2023-4882 | Open5Gs | Improper Resource Shutdown or Release vulnerability in Open5Gs DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. | 7.5 |
2023-10-03 | CVE-2023-4883 | Open5Gs | Release of Invalid Pointer or Reference vulnerability in Open5Gs Invalid pointer release vulnerability. | 7.5 |
2023-10-03 | CVE-2023-4884 | Open5Gs | Missing Authentication for Critical Function vulnerability in Open5Gs An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | 7.5 |
2023-10-03 | CVE-2023-3349 | Ayesa | Information Exposure Through Log Files vulnerability in Ayesa Ibermatica RPS 2019 Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. | 7.5 |
2023-10-03 | CVE-2023-3350 | Ayesa | Information Exposure Through Log Files vulnerability in Ayesa Ibermatica RPS 2019 A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. | 7.5 |
2023-10-03 | CVE-2022-47892 | Riello UPS | Cleartext Transmission of Sensitive Information vulnerability in Riello-Ups Netman 204 Firmware All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials. | 7.5 |
2023-10-03 | CVE-2023-3655 | Cashit | Unspecified vulnerability in Cashit Cashit! 03.A06Rks2023.02.37 cashIT! - serving solutions. | 7.5 |
2023-10-03 | CVE-2023-24843 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS in Modem while triggering a camping on an 5G cell. | 7.5 |
2023-10-03 | CVE-2023-24847 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Transient DOS in Modem while allocating DSM items. | 7.5 |
2023-10-03 | CVE-2023-24848 | Qualcomm | Unspecified vulnerability in Qualcomm products Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | 7.5 |
2023-10-03 | CVE-2023-24849 | Qualcomm | Unspecified vulnerability in Qualcomm products Information Disclosure in data Modem while parsing an FMTP line in an SDP message. | 7.5 |
2023-10-03 | CVE-2023-28540 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | 7.5 |
2023-10-03 | CVE-2023-33026 | Qualcomm | Resource Exhaustion vulnerability in Qualcomm products Transient DOS in WLAN Firmware while parsing a NAN management frame. | 7.5 |
2023-10-03 | CVE-2023-33027 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 |
2023-10-03 | CVE-2023-26150 | Freeopcua | Improper Authentication vulnerability in Freeopcua Opcua-Asyncio Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session. | 7.5 |
2023-10-03 | CVE-2023-26151 | Freeopcua | Infinite Loop vulnerability in Freeopcua Opcua-Asyncio Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. | 7.5 |
2023-10-03 | CVE-2023-26152 | Nbluis | Path Traversal vulnerability in Nbluis Static-Server All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. | 7.5 |
2023-10-03 | CVE-2023-3967 | Hitachi | Allocation of Resources Without Limits or Throttling vulnerability in Hitachi OPS Center Common Services Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00. | 7.5 |
2023-10-02 | CVE-2023-3592 | Eclipse | Memory Leak vulnerability in Eclipse Mosquitto In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. | 7.5 |
2023-10-02 | CVE-2023-5344 | VIM Fedoraproject | Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | 7.5 |
2023-10-02 | CVE-2023-3769 | Ingeteam | Unspecified vulnerability in Ingeteam Ingepac Fc5066 Firmware 5.3.1.1/6.1.1.22/9.0.22.6 Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | 7.5 |
2023-10-02 | CVE-2023-41580 | Phpipam | Injection vulnerability in PHPipam Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. | 7.5 |
2023-10-02 | CVE-2023-5106 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. | 7.5 |
2023-10-02 | CVE-2023-3768 | Ingeteam | Improper Input Validation vulnerability in Ingeteam products Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | 7.5 |
2023-10-02 | CVE-2023-32820 | Linuxfoundation Mediatek Linux | Reachable Assertion vulnerability in multiple products In wlan firmware, there is a possible firmware assertion due to improper input handling. | 7.5 |
2023-10-02 | CVE-2023-5329 | F Logic | Improper Authentication vulnerability in F-Logic Datacube4 Firmware 20231001 A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. | 7.5 |
2023-10-04 | CVE-2023-4586 | Redhat Infinispan | Improper Certificate Validation vulnerability in multiple products A vulnerability was found in the Hot Rod client. | 7.4 |
2023-10-06 | CVE-2023-32971 | Qnap | Out-of-bounds Write vulnerability in Qnap Qts, Quts Hero and Qutscloud A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. | 7.2 |
2023-10-06 | CVE-2023-32972 | Qnap | Out-of-bounds Write vulnerability in Qnap Qts, Quts Hero and Qutscloud A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. | 7.2 |
2023-10-06 | CVE-2023-36465 | Decidim | Incorrect Permission Assignment for Critical Resource vulnerability in Decidim Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. | 7.1 |
2023-10-06 | CVE-2023-45246 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure and manipulation due to missing authorization. | 7.1 |
2023-10-06 | CVE-2023-45244 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure and manipulation due to missing authorization. | 7.1 |
2023-10-05 | CVE-2023-44211 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure and manipulation due to missing authorization. | 7.1 |
2023-10-05 | CVE-2023-44212 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure and manipulation due to missing authorization. | 7.1 |
2023-10-04 | CVE-2023-2422 | Redhat | Improper Certificate Validation vulnerability in Redhat products A flaw was found in Keycloak. | 7.1 |
2023-10-04 | CVE-2023-5377 | Gpac | Out-of-bounds Read vulnerability in Gpac Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. | 7.1 |
2023-10-04 | CVE-2023-5369 | Freebsd | Improper Check for Dropped Privileges vulnerability in Freebsd 13.2 Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. | 7.1 |
2023-10-03 | CVE-2023-24518 | Pandorafms | Cross-Site Request Forgery (CSRF) vulnerability in Pandorafms Pandora FMS A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. | 7.1 |
2023-10-04 | CVE-2021-3784 | Garudalinux | Improper Authentication vulnerability in Garudalinux Garuda Linux Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. | 7.0 |
195 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-10-08 | CVE-2023-40653 | Missing Authorization vulnerability in Google Android 11.0 In FW-PackageManager, there is a possible missing permission check. | 6.7 | |
2023-10-08 | CVE-2023-40654 | Missing Authorization vulnerability in Google Android 11.0 In FW-PackageManager, there is a possible missing permission check. | 6.7 | |
2023-10-06 | CVE-2023-21244 | Missing Authorization vulnerability in Google Android In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. | 6.7 | |
2023-10-05 | CVE-2023-26237 | Watchguard | Authorization Bypass Through User-Controlled Key vulnerability in Watchguard products An issue was discovered in WatchGuard EPDR 8.0.21.0002. | 6.7 |
2023-10-02 | CVE-2023-32821 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In video, there is a possible out of bounds write due to a permissions bypass. | 6.7 | |
2023-10-02 | CVE-2023-32822 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In ftm, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-10-02 | CVE-2023-32823 | Integer Overflow or Wraparound vulnerability in Google Android 12.0/13.0 In rpmb , there is a possible memory corruption due to a missing bounds check. | 6.7 | |
2023-10-02 | CVE-2023-32824 | Double Free vulnerability in Google Android 12.0/13.0 In rpmb , there is a possible double free due to improper locking. | 6.7 | |
2023-10-02 | CVE-2023-32826 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In camera middleware, there is a possible out of bounds write due to a missing input validation. | 6.7 | |
2023-10-02 | CVE-2023-32827 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In camera middleware, there is a possible out of bounds write due to a missing input validation. | 6.7 | |
2023-10-02 | CVE-2023-32828 | Mediatek | Integer Overflow or Wraparound vulnerability in multiple products In vpu, there is a possible out of bounds write due to an integer overflow. | 6.7 |
2023-10-02 | CVE-2023-32829 | Linuxfoundation Mediatek | Integer Overflow or Wraparound vulnerability in multiple products In apusys, there is a possible out of bounds write due to an integer overflow. | 6.7 |
2023-10-02 | CVE-2023-32830 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0 In TVAPI, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-10-06 | CVE-2023-45322 | Xmlsoft | Use After Free vulnerability in Xmlsoft Libxml2 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. | 6.5 |
2023-10-06 | CVE-2023-23365 | Qnap | Path Traversal vulnerability in Qnap Music Station A path traversal vulnerability has been reported to affect Music Station. | 6.5 |
2023-10-06 | CVE-2023-23366 | Qnap | Path Traversal vulnerability in Qnap Music Station A path traversal vulnerability has been reported to affect Music Station. | 6.5 |
2023-10-05 | CVE-2023-40745 | Libtiff Fedoraproject Redhat Netapp | Integer Overflow or Wraparound vulnerability in multiple products LibTIFF is vulnerable to an integer overflow. | 6.5 |
2023-10-05 | CVE-2023-41175 | Libtiff Fedoraproject Redhat | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. | 6.5 |
2023-10-05 | CVE-2023-43070 | Dell | Path Traversal vulnerability in Dell Smartfabric Storage Software 1.0.0 Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. | 6.5 |
2023-10-05 | CVE-2023-43073 | Dell | Improper Input Validation vulnerability in Dell Smartfabric Storage Software 1.0.0 Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. | 6.5 |
2023-10-05 | CVE-2023-44387 | Gradle | Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 6.5 |
2023-10-04 | CVE-2023-5371 | Wireshark | Allocation of Resources Without Limits or Throttling vulnerability in Wireshark RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file | 6.5 |
2023-10-04 | CVE-2023-40376 | IBM | Improper Authentication vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. | 6.5 |
2023-10-04 | CVE-2023-5368 | Freebsd | Insecure Default Initialization of Resource vulnerability in Freebsd On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. | 6.5 |
2023-10-03 | CVE-2023-2544 | UPV | Authorization Bypass Through User-Controlled Key vulnerability in UPV Peix Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". | 6.5 |
2023-10-03 | CVE-2023-39158 | Multidots | Cross-Site Request Forgery (CSRF) vulnerability in Multidots Banner Management for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions. | 6.5 |
2023-10-03 | CVE-2023-32791 | Nxlog | Cross-Site Request Forgery (CSRF) vulnerability in Nxlog Manager 5.6.5633 Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. | 6.5 |
2023-10-03 | CVE-2023-32792 | Nxlog | Cross-Site Request Forgery (CSRF) vulnerability in Nxlog Manager 5.6.5633 Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. | 6.5 |
2023-10-03 | CVE-2023-39159 | Multidots | Cross-Site Request Forgery (CSRF) vulnerability in Multidots Fraud Prevention for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions. | 6.5 |
2023-10-03 | CVE-2023-40009 | Thimpress | Cross-Site Request Forgery (CSRF) vulnerability in Thimpress WP Pipes Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. | 6.5 |
2023-10-03 | CVE-2023-40198 | Antsanchez | Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie LAW Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions. | 6.5 |
2023-10-03 | CVE-2023-40212 | Multidots | Cross-Site Request Forgery (CSRF) vulnerability in Multidots Product Attachment for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions. | 6.5 |
2023-10-03 | CVE-2023-42508 | Jfrog | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body. | 6.5 |
2023-10-03 | CVE-2023-5353 | Salesagility | Unspecified vulnerability in Salesagility Suitecrm Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. | 6.5 |
2023-10-03 | CVE-2023-4099 | Qsige | Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0 The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 6.5 |
2023-10-03 | CVE-2023-4101 | Qsige | Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0 The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. | 6.5 |
2023-10-02 | CVE-2023-43836 | Jizhicms | SQL Injection vulnerability in Jizhicms 2.4.9 There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | 6.5 |
2023-10-04 | CVE-2023-4380 | Redhat | Information Exposure Through Log Files vulnerability in Redhat products A logic flaw exists in Ansible Automation platform. | 6.3 |
2023-10-05 | CVE-2023-43260 | Milesight | Cross-site Scripting vulnerability in Milesight products Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. | 6.1 |
2023-10-05 | CVE-2023-44390 | Htmlsanitizer Project | Cross-site Scripting vulnerability in Htmlsanitizer Project Htmlsanitizer HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. | 6.1 |
2023-10-04 | CVE-2023-42808 | Mozilla | Cross-site Scripting vulnerability in Mozilla Common Voice 1.88.2 Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. | 6.1 |
2023-10-04 | CVE-2023-27121 | Pleasantsolutions | Cross-site Scripting vulnerability in Pleasantsolutions Pleasant Password Server 7.11.41 A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter. | 6.1 |
2023-10-04 | CVE-2022-36277 | Tcman | Cross-site Scripting vulnerability in Tcman GIM 8.0.1 The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks. | 6.1 |
2023-10-04 | CVE-2023-5113 | HP | Cross-site Scripting vulnerability in HP Futuresmart 5 5.3 Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. | 6.1 |
2023-10-04 | CVE-2023-4492 | Easy Address Book WEB Server Project | Cross-site Scripting vulnerability in Easy Address Book web Server Project Easy Address Book web Server 1.6 Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded | 6.1 |
2023-10-04 | CVE-2023-4495 | Easy Chat Server Project | Cross-site Scripting vulnerability in Easy Chat Server Project Easy Chat Server Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. | 6.1 |
2023-10-04 | CVE-2023-4496 | Easy Chat Server Project | Cross-site Scripting vulnerability in Easy Chat Server Project Easy Chat Server Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter. | 6.1 |
2023-10-04 | CVE-2023-4497 | Easy Chat Server Project | Cross-site Scripting vulnerability in Easy Chat Server Project Easy Chat Server Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. | 6.1 |
2023-10-04 | CVE-2023-4090 | Acilia | Cross-site Scripting vulnerability in Acilia Widestand 5.3.5 Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response. | 6.1 |
2023-10-04 | CVE-2023-5375 | Mosparo | Open Redirect vulnerability in Mosparo Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. | 6.1 |
2023-10-03 | CVE-2023-40519 | Broadpeak | Cross-site Scripting vulnerability in Broadpeak Centralized Accounts Management Auth Agent 00.12.01.95655881254B459/01.01.00.19219575Ee9195B0/01.01.01.30097902Fd999E76 A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter. | 6.1 |
2023-10-03 | CVE-2023-32790 | Nxlog | Cross-site Scripting vulnerability in Nxlog Manager 5.6.5633 Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. | 6.1 |
2023-10-03 | CVE-2023-0828 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. | 6.1 |
2023-10-02 | CVE-2023-44012 | Mojoportal | Cross-site Scripting vulnerability in Mojoportal 2.7.0.0 Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. | 6.1 |
2023-10-02 | CVE-2023-44144 | Dreamfoxmedia | Cross-site Scripting vulnerability in Dreamfoxmedia Payment Gateway PER Product for Woocommerce Unauth. | 6.1 |
2023-10-02 | CVE-2023-44245 | Leaptodigital | Cross-site Scripting vulnerability in Leaptodigital Contact Form Website to Workflow Tool Unauth. | 6.1 |
2023-10-02 | CVE-2023-41856 | Clicktotweet | Cross-site Scripting vulnerability in Clicktotweet Click to Tweet Unauth. | 6.1 |
2023-10-02 | CVE-2023-44244 | Fooplugins | Cross-site Scripting vulnerability in Fooplugins Foogallery Unauth. | 6.1 |
2023-10-02 | CVE-2023-44474 | MD Jakir Hosen | Cross-site Scripting vulnerability in MD Jakir Hosen Tiger Forms - Drag and Drop Form Builder Unauth. | 6.1 |
2023-10-02 | CVE-2023-41692 | Hennessey | Cross-site Scripting vulnerability in Hennessey Attorney Unauth. | 6.1 |
2023-10-04 | CVE-2022-4132 | Dogtagpki Redhat | Memory Leak vulnerability in multiple products A flaw was found in JSS. | 5.9 |
2023-10-03 | CVE-2023-4885 | Open5Gs | Unspecified vulnerability in Open5Gs Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | 5.9 |
2023-10-03 | CVE-2023-43627 | Furunosystems | Path Traversal vulnerability in Furunosystems Acera 1310 Firmware and Acera 1320 Firmware Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. | 5.7 |
2023-10-04 | CVE-2023-38537 | Race Condition vulnerability in Whatsapp A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | 5.6 | |
2023-10-08 | CVE-2023-40633 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In phasecheckserver, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40637 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telecom service, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40639 | Missing Authorization vulnerability in Google Android 10.0 In SoundRecorder service, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40640 | Missing Authorization vulnerability in Google Android 10.0 In SoundRecorder service, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40641 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40642 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40643 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40644 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40645 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40646 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40647 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40648 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40649 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Messaging, there is a possible missing permission check. | 5.5 | |
2023-10-08 | CVE-2023-40650 | Missing Authorization vulnerability in Google Android 11.0/12.0 In Telecom service, there is a possible missing permission check. | 5.5 | |
2023-10-07 | CVE-2023-5182 | Canonical | Information Exposure Through Log Files vulnerability in Canonical Subiquity Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. | 5.5 |
2023-10-06 | CVE-2022-34355 | IBM | Unspecified vulnerability in IBM products IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. | 5.5 |
2023-10-06 | CVE-2023-21252 | Unspecified vulnerability in Google Android In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. | 5.5 | |
2023-10-06 | CVE-2023-21253 | Resource Exhaustion vulnerability in Google Android In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. | 5.5 | |
2023-10-06 | CVE-2023-21291 | Missing Authorization vulnerability in Google Android In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. | 5.5 | |
2023-10-06 | CVE-2023-5366 | Openvswitch Redhat | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. | 5.5 |
2023-10-06 | CVE-2023-45245 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure due to missing authorization. | 5.5 |
2023-10-05 | CVE-2023-44213 | Acronis | Privacy Violation vulnerability in Acronis Agent Sensitive information disclosure due to excessive collection of system information. | 5.5 |
2023-10-05 | CVE-2023-44214 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure due to missing authorization. | 5.5 |
2023-10-05 | CVE-2023-45240 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure due to missing authorization. | 5.5 |
2023-10-05 | CVE-2023-45241 | Acronis | Information Exposure Through Log Files vulnerability in Acronis Agent Sensitive information leak through log files. | 5.5 |
2023-10-05 | CVE-2023-45242 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure due to missing authorization. | 5.5 |
2023-10-05 | CVE-2023-45243 | Acronis | Missing Authorization vulnerability in Acronis Agent Sensitive information disclosure due to missing authorization. | 5.5 |
2023-10-05 | CVE-2023-5441 | VIM Fedoraproject | NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | 5.5 |
2023-10-05 | CVE-2023-42754 | Linux Redhat Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. | 5.5 |
2023-10-05 | CVE-2023-42755 | Linux Redhat Debian | Out-of-bounds Read vulnerability in multiple products A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. | 5.5 |
2023-10-05 | CVE-2023-26238 | Watchguard | Unspecified vulnerability in Watchguard products An issue was discovered in WatchGuard EPDR 8.0.21.0002. | 5.5 |
2023-10-05 | CVE-2023-26239 | Watchguard | Improper Check for Dropped Privileges vulnerability in Watchguard products An issue was discovered in WatchGuard EPDR 8.0.21.0002. | 5.5 |
2023-10-04 | CVE-2023-44210 | Acronis | Missing Authorization vulnerability in Acronis Agent C22.03 Sensitive information disclosure and manipulation due to missing authorization. | 5.5 |
2023-10-04 | CVE-2023-3428 | Imagemagick Fedoraproject | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. | 5.5 |
2023-10-04 | CVE-2023-3576 | Libtiff Fedoraproject Redhat | Memory Leak vulnerability in multiple products A memory leak flaw was found in Libtiff's tiffcrop utility. | 5.5 |
2023-10-04 | CVE-2023-4037 | Setelsa Security | SQL Injection vulnerability in Setelsa-Security Conacwin 3.7.1.2 Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter. | 5.5 |
2023-10-04 | CVE-2023-30734 | Samsung | Unspecified vulnerability in Samsung Health Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | 5.5 |
2023-10-04 | CVE-2023-30737 | Samsung | Unspecified vulnerability in Samsung Health Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | 5.5 |
2023-10-04 | CVE-2023-5370 | Freebsd | Improper Initialization vulnerability in Freebsd 13.2 On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. | 5.5 |
2023-10-03 | CVE-2023-43898 | Nothings | NULL Pointer Dereference vulnerability in Nothings STB Image.H 2.28 Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. | 5.5 |
2023-10-03 | CVE-2023-28571 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | 5.5 |
2023-10-03 | CVE-2023-3335 | Hitachi | Information Exposure Through Log Files vulnerability in Hitachi OPS Center Administrator Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00. | 5.5 |
2023-10-02 | CVE-2023-37605 | Baramundi | Improper Handling of Exceptional Conditions vulnerability in Baramundi Enterprise Mobility Management 23.1.50 Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter. | 5.5 |
2023-10-02 | CVE-2023-42132 | Mhlw | XXE vulnerability in Mhlw FD Application 9.01 FD Application Apr. | 5.5 |
2023-10-06 | CVE-2023-5452 | Snipeitapp | Cross-site Scripting vulnerability in Snipeitapp Snipe-It Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | 5.4 |
2023-10-06 | CVE-2023-44761 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | 5.4 |
2023-10-06 | CVE-2023-44762 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | 5.4 |
2023-10-06 | CVE-2023-44764 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). | 5.4 |
2023-10-06 | CVE-2023-44765 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. | 5.4 |
2023-10-06 | CVE-2023-44770 | Tribalsystems | Cross-site Scripting vulnerability in Tribalsystems Zenario 9.4.59197 A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. | 5.4 |
2023-10-06 | CVE-2023-44771 | Tribalsystems | Cross-site Scripting vulnerability in Tribalsystems Zenario 9.4.59197 A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. | 5.4 |
2023-10-06 | CVE-2023-44758 | Gdidees | Cross-site Scripting vulnerability in Gdidees CMS 3.9.2 GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. | 5.4 |
2023-10-05 | CVE-2023-43343 | Opensolution | Cross-site Scripting vulnerability in Opensolution Quick CMS 6.7 Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component. | 5.4 |
2023-10-05 | CVE-2023-43071 | Dell | Improper Neutralization of Formula Elements in a CSV File vulnerability in Dell Smartfabric Storage Software 1.0.0 Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. | 5.4 |
2023-10-04 | CVE-2023-44075 | Small CRM Project | Cross-site Scripting vulnerability in Small CRM Project Small CRM 3.0 Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. | 5.4 |
2023-10-04 | CVE-2023-3971 | Redhat | Cross-site Scripting vulnerability in Redhat products An HTML injection flaw was found in Controller in the user interface settings. | 5.4 |
2023-10-04 | CVE-2023-40684 | IBM | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.11/3.0.13/3.0.14 IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. | 5.4 |
2023-10-04 | CVE-2023-4493 | Easy Address Book WEB Server Project | Cross-site Scripting vulnerability in Easy Address Book web Server Project Easy Address Book web Server 1.6 Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). | 5.4 |
2023-10-04 | CVE-2023-44272 | Citadel | Cross-site Scripting vulnerability in Citadel A cross-site scripting vulnerability exists in Citadel versions prior to 994. | 5.4 |
2023-10-04 | CVE-2023-30736 | Samsung | Unspecified vulnerability in Samsung Assistant Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. | 5.4 |
2023-10-04 | CVE-2023-5291 | Awplife | Unspecified vulnerability in Awplife Blog Filter The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-10-04 | CVE-2023-5357 | Ink361 | Unspecified vulnerability in Ink361 Instagram for Wordpress The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-10-04 | CVE-2023-35905 | IBM | Cross-site Scripting vulnerability in IBM Filenet Content Manager 5.5.10/5.5.11/5.5.8 IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. | 5.4 |
2023-10-03 | CVE-2023-43951 | Sscms Project | Cross-site Scripting vulnerability in Sscms Project Sscms 7.2.2 SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component. | 5.4 |
2023-10-03 | CVE-2023-43952 | Sscms Project | Cross-site Scripting vulnerability in Sscms Project Sscms 7.2.2 SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component. | 5.4 |
2023-10-03 | CVE-2023-43953 | Sscms Project | Cross-site Scripting vulnerability in Sscms Project Sscms 7.2.2 SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. | 5.4 |
2023-10-03 | CVE-2023-32669 | Buddyboss | Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss 2.2.9 Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. | 5.4 |
2023-10-03 | CVE-2023-32670 | Buddyboss | Cross-site Scripting vulnerability in Buddyboss 2.2.9 Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded. | 5.4 |
2023-10-03 | CVE-2023-32671 | Buddyboss | Cross-site Scripting vulnerability in Buddyboss 2.2.9 A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. | 5.4 |
2023-10-03 | CVE-2023-5351 | Salesagility | Cross-site Scripting vulnerability in Salesagility Suitecrm Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. | 5.4 |
2023-10-03 | CVE-2023-5334 | Wponlinesupport | Unspecified vulnerability in Wponlinesupport WP Responsive Header Image Slider The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-10-03 | CVE-2023-39429 | Furunosystems | Cross-site Scripting vulnerability in Furunosystems products Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. | 5.4 |
2023-10-02 | CVE-2023-43267 | Emlog | Cross-site Scripting vulnerability in Emlog 2.1.14 A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. | 5.4 |
2023-10-02 | CVE-2023-43297 | Linecorp | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Linecorp Line 13.6.1 An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 5.4 |
2023-10-02 | CVE-2023-44242 | 2Joomla | Cross-site Scripting vulnerability in 2Joomla 2J Slideshow Auth. | 5.4 |
2023-10-02 | CVE-2023-44264 | Arrowplugins | Cross-site Scripting vulnerability in Arrowplugins the Awesome Feed Auth. | 5.4 |
2023-10-02 | CVE-2023-44145 | Jesweb | Cross-site Scripting vulnerability in Jesweb Anchor Episodes Index (Spotify for Podcasters) Auth. | 5.4 |
2023-10-02 | CVE-2023-41797 | Goldplugins | Cross-site Scripting vulnerability in Goldplugins Locations Auth. | 5.4 |
2023-10-02 | CVE-2023-41847 | Wensolutions | Cross-site Scripting vulnerability in Wensolutions Notice BAR Auth. | 5.4 |
2023-10-02 | CVE-2023-44477 | Boxystudio | Cross-site Scripting vulnerability in Boxystudio Cooked 1.7.5.6/1.7.5.7 Auth. | 5.4 |
2023-10-02 | CVE-2023-41728 | Rescuethemes | Cross-site Scripting vulnerability in Rescuethemes Rescue Shortcodes Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 2.5. | 5.4 |
2023-10-06 | CVE-2023-42445 | Gradle | XXE vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 5.3 |
2023-10-06 | CVE-2023-4469 | Bestwebsoft | Unspecified vulnerability in Bestwebsoft Profile Extra Fields The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. | 5.3 |
2023-10-05 | CVE-2023-44386 | Vapor | Incorrect Behavior Order vulnerability in Vapor 4.83.2/4.84.0/4.84.1 Vapor is an HTTP web framework for Swift. | 5.3 |
2023-10-05 | CVE-2022-4145 | Redhat | Injection vulnerability in Redhat Openshift Container Platform 4.0 A content spoofing flaw was found in OpenShift's OAuth endpoint. | 5.3 |
2023-10-04 | CVE-2022-43906 | IBM | Unspecified vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. | 5.3 |
2023-10-04 | CVE-2023-3153 | OVN Redhat | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. | 5.3 |
2023-10-04 | CVE-2023-3213 | Wpforms | Unspecified vulnerability in Wpforms WP Mail Smtp The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. | 5.3 |
2023-10-02 | CVE-2023-44463 | Rami | Unspecified vulnerability in Rami Pretix An issue was discovered in pretix before 2023.7.1. | 5.3 |
2023-10-02 | CVE-2023-0809 | Eclipse | Allocation of Resources Without Limits or Throttling vulnerability in Eclipse Mosquitto In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | 5.3 |
2023-10-04 | CVE-2023-38538 | Race Condition vulnerability in Whatsapp A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | 5.0 | |
2023-10-03 | CVE-2023-32572 | Purestorage | Unspecified vulnerability in Purestorage Purity//Fa A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | 4.9 |
2023-10-06 | CVE-2023-44766 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS 9.2.1 A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. | 4.8 |
2023-10-04 | CVE-2023-43877 | Ritecms | Cross-site Scripting vulnerability in Ritecms 3.0 Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. | 4.8 |
2023-10-04 | CVE-2023-44389 | Zope | Cross-site Scripting vulnerability in Zope Zope is an open-source web application server. | 4.8 |
2023-10-03 | CVE-2023-3196 | Capensis | Cross-site Scripting vulnerability in Capensis Canopsis 23.04 This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel. | 4.8 |
2023-10-03 | CVE-2023-4564 | Capensis | Cross-site Scripting vulnerability in Capensis Canopsis 23.04 This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel. | 4.8 |
2023-10-02 | CVE-2023-44228 | Gopiplus | Cross-site Scripting vulnerability in Gopiplus Onclick Show Popup Auth. | 4.8 |
2023-10-02 | CVE-2023-44230 | Gopiplus | Cross-site Scripting vulnerability in Gopiplus Popup Contact Form Auth. | 4.8 |
2023-10-02 | CVE-2023-44265 | Gopiplus | Cross-site Scripting vulnerability in Gopiplus Popup Contact Form Auth. | 4.8 |
2023-10-02 | CVE-2023-44266 | Wpadminify | Cross-site Scripting vulnerability in Wpadminify WP Adminify 2.0.6/2.0.7/2.0.8 Auth. | 4.8 |
2023-10-02 | CVE-2023-44239 | Walkswithme | Cross-site Scripting vulnerability in Walkswithme Social Share on Image Hover Auth. | 4.8 |
2023-10-02 | CVE-2023-44262 | Renzojohnson | Cross-site Scripting vulnerability in Renzojohnson Blocks Auth. | 4.8 |
2023-10-02 | CVE-2023-44263 | Riyaz | Cross-site Scripting vulnerability in Riyaz Social Metrics Auth. | 4.8 |
2023-10-02 | CVE-2023-41737 | Wpgens | Cross-site Scripting vulnerability in Wpgens Swifty BAR Auth. | 4.8 |
2023-10-02 | CVE-2023-41800 | Uniconsent | Cross-site Scripting vulnerability in Uniconsent CMP for Gdpr Cpra GPP TCF Auth. | 4.8 |
2023-10-02 | CVE-2023-41855 | Regpacks | Cross-site Scripting vulnerability in Regpacks Regpack Auth. | 4.8 |
2023-10-02 | CVE-2023-41859 | Tychesoftwares | Cross-site Scripting vulnerability in Tychesoftwares Order Delivery Date for WP E-Commerce Auth. | 4.8 |
2023-10-02 | CVE-2023-44479 | Krillwebdesign | Cross-site Scripting vulnerability in Krillwebdesign Wp-Jump-Menu Auth. | 4.8 |
2023-10-02 | CVE-2023-41729 | Pressified | Cross-site Scripting vulnerability in Pressified Sendpress Auth. | 4.8 |
2023-10-02 | CVE-2023-41731 | I13Websolution | Cross-site Scripting vulnerability in I13Websolution Wordpress Publish Post Email Notification Auth. | 4.8 |
2023-10-02 | CVE-2023-41733 | Yydevelopment | Cross-site Scripting vulnerability in Yydevelopment Back to the TOP Button Auth. | 4.8 |
2023-10-02 | CVE-2023-41734 | Nigauri | Cross-site Scripting vulnerability in Nigauri Insert Estimated Reading Time Auth. | 4.8 |
2023-10-02 | CVE-2023-41736 | Gopiplus | Cross-site Scripting vulnerability in Gopiplus Email Posts to Subscribers 6.2 Auth. | 4.8 |
2023-10-03 | CVE-2023-33200 | ARM | Use After Free vulnerability in ARM products A local non-privileged user can make improper GPU processing operations to exploit a software race condition. | 4.7 |
2023-10-03 | CVE-2023-34970 | ARM | Out-of-bounds Write vulnerability in ARM Mali GPU Kernel Driver and Valhall GPU Kernel Driver A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. | 4.7 |
2023-10-03 | CVE-2023-4732 | Linux Redhat | Race Condition vulnerability in multiple products A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. | 4.7 |
2023-10-04 | CVE-2023-30731 | Samsung | Unspecified vulnerability in Samsung Android 12.0/13.0 Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type. | 4.6 |
2023-10-08 | CVE-2023-40631 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In Dialer, there is a possible missing permission check. | 4.4 | |
2023-10-08 | CVE-2023-40636 | Missing Authorization vulnerability in Google Android 11.0 In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. | 4.4 | |
2023-10-08 | CVE-2023-40638 | Missing Authorization vulnerability in Google Android 11.0 In Telecom service, there is a possible missing permission check. | 4.4 | |
2023-10-08 | CVE-2023-40651 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In urild service, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-10-08 | CVE-2023-40652 | Out-of-bounds Write vulnerability in Google Android 11.0 In jpg driver, there is a possible out of bounds write due to improper input validation. | 4.4 | |
2023-10-06 | CVE-2023-23370 | Qnap | Insufficiently Protected Credentials vulnerability in Qnap Qvpn An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. | 4.4 |
2023-10-06 | CVE-2023-23371 | Qnap | Cleartext Transmission of Sensitive Information vulnerability in Qnap Qvpn A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. | 4.4 |
2023-10-03 | CVE-2023-4886 | Theforeman Redhat | A sensitive information exposure vulnerability was found in foreman. | 4.4 |
2023-10-02 | CVE-2023-32819 | Unspecified vulnerability in Google Android 12.0/13.0 In display, there is a possible information disclosure due to a missing bounds check. | 4.4 | |
2023-10-02 | CVE-2023-31042 | Purestorage | Unspecified vulnerability in Purestorage Purity A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. | 4.3 |
2023-10-02 | CVE-2023-3770 | Ingeteam | Missing Authorization vulnerability in Ingeteam Ingepac Da3451 Firmware 0.29.2.42 Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication. | 4.3 |
2023-10-02 | CVE-2023-5160 | Mattermost | Unspecified vulnerability in Mattermost Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled | 4.3 |
2023-10-06 | CVE-2023-44384 | Discourse | Server-Side Request Forgery (SSRF) vulnerability in Discourse Jira 20231001 Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. | 4.1 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-10-04 | CVE-2023-30732 | Samsung | Unspecified vulnerability in Samsung Android 13.0 Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number. | 3.3 |
2023-10-04 | CVE-2023-30735 | Samsung | Improper Preservation of Permissions vulnerability in Samsung Sassistant Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant. | 3.3 |
2023-10-03 | CVE-2023-28373 | Purestorage | Unspecified vulnerability in Purestorage Purity//Fa A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. | 2.7 |
2023-10-02 | CVE-2023-28372 | Purestorage | Unspecified vulnerability in Purestorage Purity A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | 2.7 |
2023-10-02 | CVE-2023-36627 | Purestorage | Unspecified vulnerability in Purestorage Purity A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. | 2.7 |