Weekly Vulnerabilities Reports > November 13 to 19, 2023
Overview
724 new vulnerabilities reported during this period, including 66 critical vulnerabilities and 335 high severity vulnerabilities. This weekly summary report vulnerabilities in 1890 products from 274 vendors including Intel, Adobe, Microsoft, AMD, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Out-of-bounds Read", "Out-of-bounds Write", and "SQL Injection".
- 472 reported vulnerabilities are remotely exploitables.
- 183 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 411 reported vulnerabilities are exploitable by an anonymous user.
- Intel has the most reported vulnerabilities, with 100 reported vulnerabilities.
- Silabs has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
66 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-11-15 | CVE-2023-48365 | Qlik | HTTP Request Smuggling vulnerability in Qlik Sense Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. | 9.9 |
2023-11-18 | CVE-2023-4214 | Apppresser | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Apppresser The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. | 9.8 |
2023-11-18 | CVE-2023-43177 | Crushftp | Improper Control of Dynamically-Managed Code Resources vulnerability in Crushftp CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. | 9.8 |
2023-11-18 | CVE-2023-48028 | Kodcloud | Improper Restriction of Excessive Authentication Attempts vulnerability in Kodcloud Kodbox 1.46.01 kodbox 1.46.01 has a security flaw that enables user enumeration. | 9.8 |
2023-11-17 | CVE-2023-6188 | GET Simple | Code Injection vulnerability in Get-Simple Getsimplecms 3.3.16/3.4.0A A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. | 9.8 |
2023-11-17 | CVE-2023-44350 | Adobe | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
2023-11-17 | CVE-2023-44351 | Adobe | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
2023-11-17 | CVE-2023-44353 | Adobe | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
2023-11-17 | CVE-2023-44324 | Adobe | Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. | 9.8 |
2023-11-17 | CVE-2023-38316 | Opennds | Improper Encoding or Escaping of Output vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS Captive Portal before version 10.1.2. | 9.8 |
2023-11-17 | CVE-2023-41101 | Opennds | Out-of-bounds Write vulnerability in Opennds An issue was discovered in the captive portal in OpenNDS before version 10.1.3. | 9.8 |
2023-11-17 | CVE-2023-48655 | Misp Project | Unspecified vulnerability in Misp-Project Malware Information Sharing Platform An issue was discovered in MISP before 2.4.176. | 9.8 |
2023-11-17 | CVE-2023-48656 | Misp Project | Unspecified vulnerability in Misp-Project Malware Information Sharing Platform An issue was discovered in MISP before 2.4.176. | 9.8 |
2023-11-17 | CVE-2023-48657 | Misp Project | Unspecified vulnerability in Misp-Project Malware Information Sharing Platform An issue was discovered in MISP before 2.4.176. | 9.8 |
2023-11-17 | CVE-2023-48658 | Misp Project | Unspecified vulnerability in Misp-Project Malware Information Sharing Platform An issue was discovered in MISP before 2.4.176. | 9.8 |
2023-11-17 | CVE-2023-48659 | Misp Project | Unspecified vulnerability in Misp-Project Malware Information Sharing Platform An issue was discovered in MISP before 2.4.176. | 9.8 |
2023-11-17 | CVE-2023-48648 | Concretecms | Incorrect Default Permissions vulnerability in Concretecms Concrete CMS Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. | 9.8 |
2023-11-17 | CVE-2023-45387 | Myprestamodules | SQL Injection vulnerability in Myprestamodules Exportproducts In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` | 9.8 |
2023-11-17 | CVE-2023-48031 | Opensupports | Unrestricted Upload of File with Dangerous Type vulnerability in Opensupports 4.11.0 OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. | 9.8 |
2023-11-17 | CVE-2023-48078 | Code Projects | SQL Injection vulnerability in Code-Projects Simple Crud Functionality 1.0 SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. | 9.8 |
2023-11-16 | CVE-2023-6014 | Lfprojects | Unspecified vulnerability in Lfprojects Mlflow An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | 9.8 |
2023-11-16 | CVE-2023-6019 | RAY Project | OS Command Injection vulnerability in RAY Project RAY A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. | 9.8 |
2023-11-16 | CVE-2023-6016 | H2O | Unspecified vulnerability in H2O An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. | 9.8 |
2023-11-16 | CVE-2023-6018 | Lfprojects | OS Command Injection vulnerability in Lfprojects Mlflow An attacker can overwrite any file on the server hosting MLflow without any authentication. | 9.8 |
2023-11-16 | CVE-2023-47213 | C First | Use of Hard-coded Credentials vulnerability in C-First products First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. | 9.8 |
2023-11-16 | CVE-2023-47674 | C First | Missing Authentication for Critical Function vulnerability in C-First products Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. | 9.8 |
2023-11-16 | CVE-2021-35437 | Lmxcms | SQL Injection vulnerability in Lmxcms 1.4 SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class. | 9.8 |
2023-11-16 | CVE-2023-47003 | Redislabs | NULL Pointer Dereference vulnerability in Redislabs Redisgraph 2.12.10 An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | 9.8 |
2023-11-15 | CVE-2023-41442 | Kloudq | Improper Authentication vulnerability in Kloudq products An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component. | 9.8 |
2023-11-15 | CVE-2023-5245 | Combust | Path Traversal vulnerability in Combust Mleap 0.18.0/0.23.0 FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution | 9.8 |
2023-11-15 | CVE-2023-47445 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Pre-School Enrollment System 1.0 Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. | 9.8 |
2023-11-15 | CVE-2023-43979 | Prestahero | SQL Injection vulnerability in Prestahero YBC Blog ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). | 9.8 |
2023-11-15 | CVE-2023-47308 | Activedesign | SQL Injection vulnerability in Activedesign Newsletterpop In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 |
2023-11-15 | CVE-2023-39335 | Ivanti | Unspecified vulnerability in Ivanti Endpoint Manager Mobile A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. | 9.8 |
2023-11-14 | CVE-2023-45614 | Arubanetworks HP | Classic Buffer Overflow vulnerability in multiple products There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). | 9.8 |
2023-11-14 | CVE-2023-45615 | Arubanetworks HP | Classic Buffer Overflow vulnerability in multiple products There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). | 9.8 |
2023-11-14 | CVE-2023-45616 | Arubanetworks HP | Classic Buffer Overflow vulnerability in multiple products There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). | 9.8 |
2023-11-14 | CVE-2023-34060 | Vmware | Missing Authentication for Critical Function vulnerability in VMWare Cloud Director VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . | 9.8 |
2023-11-14 | CVE-2023-36049 | Microsoft | Unspecified vulnerability in Microsoft .Net and .Net Framework .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 9.8 |
2023-11-14 | CVE-2023-47130 | Yiiframework | Deserialization of Untrusted Data vulnerability in Yiiframework YII Yii is an open source PHP web framework. | 9.8 |
2023-11-14 | CVE-2022-23820 | AMD | Improper Input Validation vulnerability in AMD products Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. | 9.8 |
2023-11-14 | CVE-2022-23821 | AMD | Unspecified vulnerability in AMD products Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | 9.8 |
2023-11-14 | CVE-2023-20596 | AMD | Unspecified vulnerability in AMD products Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | 9.8 |
2023-11-14 | CVE-2023-31273 | Intel | Improper Privilege Management vulnerability in Intel Data Center Manager Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2023-11-14 | CVE-2023-34991 | Fortinet | SQL Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. | 9.8 |
2023-11-14 | CVE-2023-36018 | Microsoft | Unspecified vulnerability in Microsoft Jupyter 2022.9.110 Visual Studio Code Jupyter Extension Spoofing Vulnerability | 9.8 |
2023-11-14 | CVE-2023-36028 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
2023-11-14 | CVE-2023-36397 | Microsoft | Unspecified vulnerability in Microsoft products Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
2023-11-14 | CVE-2023-36553 | Fortinet | OS Command Injection vulnerability in Fortinet Fortisiem A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 9.8 |
2023-11-14 | CVE-2023-6126 | Salesagility | Code Injection vulnerability in Salesagility Suitecrm Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 9.8 |
2023-11-14 | CVE-2023-43504 | Siemens | Classic Buffer Overflow vulnerability in Siemens Comos A vulnerability has been identified in COMOS (All versions < V10.4.4). | 9.8 |
2023-11-14 | CVE-2023-24585 | Weston Embedded Silabs | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
2023-11-14 | CVE-2023-25181 | Weston Embedded Silabs | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
2023-11-14 | CVE-2023-27882 | Weston Embedded Silabs | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
2023-11-14 | CVE-2023-28379 | Weston Embedded Silabs | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
2023-11-14 | CVE-2023-28391 | Weston Embedded Silabs | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
2023-11-14 | CVE-2023-31247 | Weston Embedded Silabs | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
2023-11-14 | CVE-2023-45878 | Gibbonedu | Unspecified vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. | 9.8 |
2023-11-14 | CVE-2023-43902 | Emsigner | Unspecified vulnerability in Emsigner 2.8.7 Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token. | 9.8 |
2023-11-13 | CVE-2023-6102 | Maiwei Safety Production Control Platform Project | Unrestricted Upload of File with Dangerous Type vulnerability in Maiwei Safety Production Control Platform Project Maiwei Safety Production Control Platform 4.1 A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. | 9.8 |
2023-11-13 | CVE-2023-6099 | Szjocat | Improper Privilege Management vulnerability in Szjocat Facial Love Cloud Platform 1.0.55.0.0.1 A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. | 9.8 |
2023-11-15 | CVE-2023-48224 | Ethyca | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ethyca Fides Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. | 9.1 |
2023-11-15 | CVE-2023-47678 | Asus | Unspecified vulnerability in Asus Rt-Ac87U Firmware An improper access control vulnerability exists in RT-AC87U all versions. | 9.1 |
2023-11-15 | CVE-2023-39337 | Ivanti | Unspecified vulnerability in Ivanti Endpoint Manager Mobile A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. | 9.1 |
2023-11-14 | CVE-2023-25603 | Fortinet | Overly Permissive Cross-domain Whitelist vulnerability in Fortinet Fortiadc and Fortiddos-F A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. | 9.1 |
2023-11-14 | CVE-2023-44373 | Siemens | Injection vulnerability in Siemens products Affected devices do not properly sanitize an input field. | 9.1 |
335 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-11-18 | CVE-2023-25985 | Tooltips | Unspecified vulnerability in Tooltips Wordpress Tooltips Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5. | 8.8 |
2023-11-18 | CVE-2023-28780 | Yoast | Cross-Site Request Forgery (CSRF) vulnerability in Yoast Local SEO Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8. | 8.8 |
2023-11-18 | CVE-2023-31075 | Ciphercoin | Cross-Site Request Forgery (CSRF) vulnerability in Ciphercoin Easy Hide Login 1.0.8 Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8. | 8.8 |
2023-11-18 | CVE-2023-31089 | Webternsolutions | Cross-Site Request Forgery (CSRF) vulnerability in Webternsolutions Video XML Sitemap Generator Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0. | 8.8 |
2023-11-18 | CVE-2023-32245 | Wpdeveloper | Cross-Site Request Forgery (CSRF) vulnerability in Wpdeveloper Essential Addons for Elementor 5.4.8 Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8. | 8.8 |
2023-11-18 | CVE-2023-32504 | Kaine | Cross-Site Request Forgery (CSRF) vulnerability in Kaine Wise Chat Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3. | 8.8 |
2023-11-18 | CVE-2023-32514 | Himanshuparashar | Cross-Site Request Forgery (CSRF) vulnerability in Himanshuparashar Google Site Verification Plugin Using Meta TAG 1.2 Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2. | 8.8 |
2023-11-18 | CVE-2023-41129 | Patreon | Unspecified vulnerability in Patreon Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6. | 8.8 |
2023-11-18 | CVE-2023-47243 | Codemshop | Cross-Site Request Forgery (CSRF) vulnerability in Codemshop Mshop MY Site 1.1.6 Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? – MSHOP MY SITE.This issue affects ???? ????? – MSHOP MY SITE: from n/a through 1.1.6. | 8.8 |
2023-11-18 | CVE-2023-47519 | Wcproducttable | Cross-Site Request Forgery (CSRF) vulnerability in Wcproducttable Woocommerce Product Table Lite Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2. | 8.8 |
2023-11-18 | CVE-2023-47531 | Droitthemes | Cross-Site Request Forgery (CSRF) vulnerability in Droitthemes Droit Dark Mode Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.This issue affects Droit Dark Mode: from n/a through 1.1.2. | 8.8 |
2023-11-18 | CVE-2023-47551 | Rednao | Cross-Site Request Forgery (CSRF) vulnerability in Rednao Donations Made Easy - Smart Donations Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | 8.8 |
2023-11-18 | CVE-2023-47552 | Webdevocean | Cross-Site Request Forgery (CSRF) vulnerability in Webdevocean Image Hover Effects 5.3 Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5. | 8.8 |
2023-11-18 | CVE-2023-47553 | Userlocal | Cross-Site Request Forgery (CSRF) vulnerability in Userlocal Userheat Plugin Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6. | 8.8 |
2023-11-18 | CVE-2023-47556 | Jamesmehorter | Cross-Site Request Forgery (CSRF) vulnerability in Jamesmehorter Device Theme Switcher Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2. | 8.8 |
2023-11-18 | CVE-2023-47644 | Metagauss | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Profilegrid Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. | 8.8 |
2023-11-18 | CVE-2023-47649 | Pricelisto | Cross-Site Request Forgery (CSRF) vulnerability in Pricelisto Best Restaurant Menu Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1. | 8.8 |
2023-11-18 | CVE-2023-47650 | Petersterling | Unspecified vulnerability in Petersterling ADD Local Avatar Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.This issue affects Add Local Avatar: from n/a through 12.1. | 8.8 |
2023-11-18 | CVE-2023-47651 | Wplinkspage | Unspecified vulnerability in Wplinkspage WP Links Page Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a through 4.9.4. | 8.8 |
2023-11-18 | CVE-2023-47655 | Wpgov | Cross-Site Request Forgery (CSRF) vulnerability in Wpgov Anac XML Bandi DI Gara Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5. | 8.8 |
2023-11-18 | CVE-2023-47664 | Plainviewplugins | Cross-Site Request Forgery (CSRF) vulnerability in Plainviewplugins Plainview Protect Passwords Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4. | 8.8 |
2023-11-18 | CVE-2023-47666 | Code Snippets | Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Code Snippets Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0. | 8.8 |
2023-11-18 | CVE-2023-47667 | Paymentsplugin | Cross-Site Request Forgery (CSRF) vulnerability in Paymentsplugin WP Full Stripe Free 1.6.1 Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 1.6.1. | 8.8 |
2023-11-18 | CVE-2023-47670 | Icansoft | Cross-Site Request Forgery (CSRF) vulnerability in Icansoft Korea SNS Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3. | 8.8 |
2023-11-18 | CVE-2023-47671 | Gopiplus | Cross-Site Request Forgery (CSRF) vulnerability in Gopiplus Vertical Scroll Recent Registered User Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0. | 8.8 |
2023-11-18 | CVE-2023-47672 | Swashata | Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget 2.0.3 Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3. | 8.8 |
2023-11-18 | CVE-2023-47685 | NKB BD | Cross-Site Request Forgery (CSRF) vulnerability in Nkb-Bd Preloader Matrix Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1. | 8.8 |
2023-11-18 | CVE-2023-48017 | Dreamer CMS Project | Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3 Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | 8.8 |
2023-11-18 | CVE-2023-6187 | Strangerstudios | Unrestricted Upload of File with Dangerous Type vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. | 8.8 |
2023-11-17 | CVE-2023-47757 | Aweber | Cross-Site Request Forgery (CSRF) vulnerability in Aweber Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9. | 8.8 |
2023-11-17 | CVE-2023-39544 | NEC | Missing Authorization vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
2023-11-17 | CVE-2023-39545 | NEC | Files or Directories Accessible to External Parties vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
2023-11-17 | CVE-2023-39546 | NEC | Unspecified vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
2023-11-17 | CVE-2023-39547 | NEC | Authentication Bypass by Capture-replay vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
2023-11-17 | CVE-2023-39548 | NEC | Unrestricted Upload of File with Dangerous Type vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
2023-11-16 | CVE-2023-47686 | Kibokolabs | Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Arigato Autoresponder and Newsletter Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions. | 8.8 |
2023-11-16 | CVE-2023-47687 | Vjinfotech | Cross-Site Request Forgery (CSRF) vulnerability in Vjinfotech WOO Custom and Sequential Order Number Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions. | 8.8 |
2023-11-16 | CVE-2023-47688 | Alexufo | Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube Speedload Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube SpeedLoad plugin <= 0.6.3 versions. | 8.8 |
2023-11-16 | CVE-2023-46214 | Splunk | XML Injection (aka Blind XPath Injection) vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. | 8.8 |
2023-11-16 | CVE-2023-6022 | Prefect | Cross-Site Request Forgery (CSRF) vulnerability in Prefect An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the open source Prefect web server's API. | 8.8 |
2023-11-16 | CVE-2023-43275 | Dedecms | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | 8.8 |
2023-11-15 | CVE-2023-47444 | Opencart | Code Injection vulnerability in Opencart 4.0.0.0 An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | 8.8 |
2023-11-15 | CVE-2023-47637 | Pimcore | SQL Injection vulnerability in Pimcore Pimcore is an Open Source Data & Experience Management Platform. | 8.8 |
2023-11-15 | CVE-2023-5997 | Google Fedoraproject Debian | Use After Free vulnerability in multiple products Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-11-15 | CVE-2023-6112 | Google Debian Fedoraproject | Use After Free vulnerability in multiple products Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-11-15 | CVE-2023-48089 | Xuxueli | Unspecified vulnerability in Xuxueli Xxl-Job 2.4.0 xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. | 8.8 |
2023-11-15 | CVE-2023-40923 | Myprestamodules | SQL Injection vulnerability in Myprestamodules Orders (Csv, Excel) Export MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. | 8.8 |
2023-11-15 | CVE-2023-43582 | Zoom | Improper Authentication vulnerability in Zoom products Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. | 8.8 |
2023-11-14 | CVE-2022-45781 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1/1.0.0.12890 Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. | 8.8 |
2023-11-14 | CVE-2023-48217 | Statamic | Unrestricted Upload of File with Dangerous Type vulnerability in Statamic Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. | 8.8 |
2023-11-14 | CVE-2023-36437 | Microsoft | Unspecified vulnerability in Microsoft Azure Pipelines Agent Azure DevOps Server Remote Code Execution Vulnerability | 8.8 |
2023-11-14 | CVE-2023-47631 | Vantage6 | Insufficient Verification of Data Authenticity vulnerability in Vantage6 vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). | 8.8 |
2023-11-14 | CVE-2023-47640 | Datahub Project | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Datahub Project Datahub DataHub is an open-source metadata platform. | 8.8 |
2023-11-14 | CVE-2023-5528 | Kubernetes Fedoraproject | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |
2023-11-14 | CVE-2023-22663 | Intel | Improper Authentication vulnerability in Intel Unison Software Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 |
2023-11-14 | CVE-2023-32641 | Intel | Unspecified vulnerability in Intel Quickassist Technology Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. | 8.8 |
2023-11-14 | CVE-2023-36860 | Intel | Improper Input Validation vulnerability in Intel Unison Software Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 |
2023-11-14 | CVE-2023-39221 | Intel | Unspecified vulnerability in Intel Unison Software Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 |
2023-11-14 | CVE-2023-39412 | Intel | Cross-Site Request Forgery (CSRF) vulnerability in Intel Unison Software Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 |
2023-11-14 | CVE-2023-26205 | Fortinet | Improper Access Control vulnerability in Fortinet Fortiadc An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script. | 8.8 |
2023-11-14 | CVE-2023-36017 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Windows Scripting Engine Memory Corruption Vulnerability | 8.8 |
2023-11-14 | CVE-2023-36025 | Microsoft | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
2023-11-14 | CVE-2023-36400 | Microsoft | Unspecified vulnerability in Microsoft products Windows HMAC Key Derivation Elevation of Privilege Vulnerability | 8.8 |
2023-11-14 | CVE-2023-36402 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-11-14 | CVE-2023-36423 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Remote Registry Service Remote Code Execution Vulnerability | 8.8 |
2023-11-14 | CVE-2023-36560 | Microsoft | Unspecified vulnerability in Microsoft .Net Framework ASP.NET Security Feature Bypass Vulnerability | 8.8 |
2023-11-14 | CVE-2023-38151 | Microsoft | Unspecified vulnerability in Microsoft Host Integration Server and OLE DB Provider Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability | 8.8 |
2023-11-14 | CVE-2023-6130 | Salesagility | Path Traversal: '..filename' vulnerability in Salesagility Suitecrm Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 8.8 |
2023-11-14 | CVE-2023-6131 | Salesagility | Code Injection vulnerability in Salesagility Suitecrm Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 8.8 |
2023-11-14 | CVE-2023-6125 | Salesagility | Code Injection vulnerability in Salesagility Suitecrm Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 8.8 |
2023-11-14 | CVE-2023-48020 | Iteachyou | Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. | 8.8 |
2023-11-14 | CVE-2023-48021 | Iteachyou | Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. | 8.8 |
2023-11-14 | CVE-2023-44374 | Siemens | Unsynchronized Access to Shared Data in a Multithreaded Context vulnerability in Siemens products Affected devices allow to change the password, but insufficiently check which password is to be changed. | 8.8 |
2023-11-14 | CVE-2023-46098 | Siemens | Overly Permissive Cross-domain Whitelist vulnerability in Siemens Simatic PCS NEO 3.0 A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). | 8.8 |
2023-11-14 | CVE-2023-47609 | OSS Calendar | SQL Injection vulnerability in Oss-Calendar OSS Calendar SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. | 8.8 |
2023-11-14 | CVE-2023-42326 | Netgate | Command Injection vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | 8.8 |
2023-11-13 | CVE-2023-47621 | Duncanmcclean | Unrestricted Upload of File with Dangerous Type vulnerability in Duncanmcclean Guest Entries Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. | 8.8 |
2023-11-13 | CVE-2023-48058 | Dreamer CMS Project | Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run | 8.8 |
2023-11-13 | CVE-2023-48060 | Dreamer CMS Project | Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add | 8.8 |
2023-11-13 | CVE-2023-6097 | Icssolution | SQL Injection vulnerability in Icssolution ICS Business Manager 7.06.0028.2802/7.06.0028.7066/7.06.0028.7089 A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. | 8.8 |
2023-11-13 | CVE-2023-5747 | Hanwhavision | Improper Verification of Cryptographic Signature vulnerability in Hanwhavision products Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. | 8.8 |
2023-11-13 | CVE-2023-35041 | Webpushr | Cross-Site Request Forgery (CSRF) vulnerability in Webpushr web Push Notifications Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0 versions. | 8.8 |
2023-11-13 | CVE-2023-32583 | Walkeprashant | Cross-Site Request Forgery (CSRF) vulnerability in Walkeprashant WP ALL Backup Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions. | 8.8 |
2023-11-13 | CVE-2023-32588 | Brandbrilliance | Cross-Site Request Forgery (CSRF) vulnerability in Brandbrilliance Post State Tags Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions. | 8.8 |
2023-11-13 | CVE-2023-33207 | Wielogorski | Cross-Site Request Forgery (CSRF) vulnerability in Wielogorski Stop Referrer Spam Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielogórski Stop Referrer Spam plugin <= 1.3.0 versions. | 8.8 |
2023-11-13 | CVE-2023-34378 | Scriptburn | Cross-Site Request Forgery (CSRF) vulnerability in Scriptburn WP Hide Post Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions. | 8.8 |
2023-11-13 | CVE-2023-34384 | Kebo Twitter Feed Project | Cross-Site Request Forgery (CSRF) vulnerability in Kebo Twitter Feed Project Kebo Twitter Feed Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions. | 8.8 |
2023-11-13 | CVE-2023-47669 | Cozmoslabs | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions. | 8.8 |
2023-11-13 | CVE-2023-26531 | Wbolt | Cross-Site Request Forgery (CSRF) vulnerability in Wbolt All-In-One Search Automatic Push Management Cross-Site Request Forgery (CSRF) vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? plugin <= 4.2.7 versions. | 8.8 |
2023-11-13 | CVE-2023-26543 | WP Meteor | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Meteor WP Meteor Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions. | 8.8 |
2023-11-13 | CVE-2023-46618 | Bala Krishna | Cross-Site Request Forgery (CSRF) vulnerability in Bala-Krishna Category SEO Meta Tags Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions. | 8.8 |
2023-11-13 | CVE-2023-46619 | WEB Dorado | Cross-Site Request Forgery (CSRF) vulnerability in Web-Dorado Wdsocialwidgets Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. | 8.8 |
2023-11-13 | CVE-2023-46620 | Fluenx | Cross-Site Request Forgery (CSRF) vulnerability in Fluenx Deepl API Translation Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions. | 8.8 |
2023-11-13 | CVE-2023-46625 | Daext | Cross-Site Request Forgery (CSRF) vulnerability in Daext Autolinks Manager Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions. | 8.8 |
2023-11-13 | CVE-2023-46629 | Themelocation | Cross-Site Request Forgery (CSRF) vulnerability in Themelocation Remove ADD to Cart Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4. | 8.8 |
2023-11-13 | CVE-2023-46636 | Blackbam | Cross-Site Request Forgery (CSRF) vulnerability in Blackbam Custom Header Images Cross-Site Request Forgery (CSRF) vulnerability in David Stöckl Custom Header Images plugin <= 1.2.1 versions. | 8.8 |
2023-11-13 | CVE-2023-46638 | Webcodin | Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP Openweather Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. | 8.8 |
2023-11-13 | CVE-2023-47230 | Cimatti | Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Wordpress Contact Forms Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. | 8.8 |
2023-11-13 | CVE-2023-26514 | Wpgrim | Cross-Site Request Forgery (CSRF) vulnerability in Wpgrim Dynamic XML Sitemaps Generator for Google Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin <= 1.3.3 versions. | 8.8 |
2023-11-13 | CVE-2023-26516 | Wpindeed | Cross-Site Request Forgery (CSRF) vulnerability in Wpindeed Debug Assistant Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. | 8.8 |
2023-11-13 | CVE-2023-26518 | Accesspressthemes | Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes WP Tfeed Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions. | 8.8 |
2023-11-13 | CVE-2023-26524 | Expresstech | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions. | 8.8 |
2023-11-13 | CVE-2023-27434 | Wpgrim | Cross-Site Request Forgery (CSRF) vulnerability in Wpgrim Classic Editor and Classic Widgets Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions. | 8.8 |
2023-11-13 | CVE-2023-27436 | Breakdance | Cross-Site Request Forgery (CSRF) vulnerability in Breakdance Elegant Custom Fonts Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions. | 8.8 |
2023-11-13 | CVE-2023-27438 | Yur4Enko | Cross-Site Request Forgery (CSRF) vulnerability in Yur4Enko WP Translitera Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions. | 8.8 |
2023-11-13 | CVE-2023-27441 | NEW Adman Project | Cross-Site Request Forgery (CSRF) vulnerability in NEW Adman Project NEW Adman 1.6.7.2/1.6.8 Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. | 8.8 |
2023-11-13 | CVE-2023-27445 | Meril | Cross-Site Request Forgery (CSRF) vulnerability in Meril Blog Floating Button Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. | 8.8 |
2023-11-14 | CVE-2023-36052 | Microsoft | Unspecified vulnerability in Microsoft Azure CLI Azure CLI REST Command Information Disclosure Vulnerability | 8.6 |
2023-11-14 | CVE-2023-45617 | Arubanetworks HP | There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). | 8.2 |
2023-11-14 | CVE-2023-45618 | Arubanetworks HP | There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). | 8.2 |
2023-11-14 | CVE-2023-45619 | Arubanetworks HP | There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). | 8.2 |
2023-11-17 | CVE-2023-48025 | Howerj | Out-of-bounds Read vulnerability in Howerj Liblisp Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c | 8.1 |
2023-11-17 | CVE-2023-38130 | Cubecart | Cross-Site Request Forgery (CSRF) vulnerability in Cubecart Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | 8.1 |
2023-11-14 | CVE-2023-20571 | AMD | Race Condition vulnerability in AMD products A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. | 8.1 |
2023-11-14 | CVE-2023-45794 | Siemens | Authentication Bypass by Capture-replay vulnerability in Siemens Mendix A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). | 8.1 |
2023-11-17 | CVE-2023-48029 | Corebos | Improper Neutralization of Formula Elements in a CSV File vulnerability in Corebos Corebos 8.0 and below is vulnerable to CSV Injection. | 8.0 |
2023-11-17 | CVE-2023-5444 | Mcafee | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. | 8.0 |
2023-11-16 | CVE-2023-43752 | Elecom | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | 8.0 |
2023-11-14 | CVE-2023-25756 | Intel | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 8.0 |
2023-11-14 | CVE-2023-36021 | Microsoft | Unspecified vulnerability in Microsoft On-Prem Data Gateway Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | 8.0 |
2023-11-14 | CVE-2023-36035 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 8.0 |
2023-11-14 | CVE-2023-36039 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 8.0 |
2023-11-14 | CVE-2023-36050 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 8.0 |
2023-11-14 | CVE-2023-36425 | Microsoft | Unspecified vulnerability in Microsoft products Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 8.0 |
2023-11-14 | CVE-2023-36439 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |
2023-11-14 | CVE-2023-46097 | Siemens | SQL Injection vulnerability in Siemens Simatic PCS NEO 3.0 A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). | 8.0 |
2023-11-14 | CVE-2023-31403 | SAP | Incorrect Authorization vulnerability in SAP Business ONE 10.0 SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. | 8.0 |
2023-11-14 | CVE-2023-47629 | Datahub Project | Improper Privilege Management vulnerability in Datahub Project Datahub DataHub is an open-source metadata platform. | 8.0 |
2023-11-17 | CVE-2023-6179 | Honeywell | Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Prowatch 4.5 Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). | 7.8 |
2023-11-17 | CVE-2023-47066 | Adobe | Out-of-bounds Read vulnerability in Adobe After Effects 24.0 Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-17 | CVE-2023-47067 | Adobe | Out-of-bounds Read vulnerability in Adobe After Effects 24.0 Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-17 | CVE-2023-47068 | Adobe | Out-of-bounds Read vulnerability in Adobe After Effects 24.0 Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-17 | CVE-2023-47069 | Adobe | Out-of-bounds Read vulnerability in Adobe After Effects 24.0 Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-17 | CVE-2023-47070 | Adobe | Out-of-bounds Write vulnerability in Adobe After Effects 24.0 Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-17 | CVE-2023-47073 | Adobe | Out-of-bounds Write vulnerability in Adobe After Effects 24.0 Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-47055 | Adobe | Use After Free vulnerability in Adobe Premiere PRO Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-47056 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere PRO Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-47057 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere PRO Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-47058 | Adobe | Out-of-bounds Read vulnerability in Adobe Premiere PRO Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-16 | CVE-2023-47059 | Adobe | Out-of-bounds Read vulnerability in Adobe Premiere PRO Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-16 | CVE-2023-26368 | Adobe | Out-of-bounds Read vulnerability in Adobe Incopy Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-16 | CVE-2023-47047 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-44330 | Adobe | Out-of-bounds Write vulnerability in Adobe Photoshop Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-47040 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-16 | CVE-2023-47041 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-47042 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-47043 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-16 | CVE-2023-44282 | Dell | Improper Privilege Management vulnerability in Dell Repository Manager 1.1.52/1.2.155/1.3.124 Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. | 7.8 |
2023-11-16 | CVE-2023-44292 | Dell | Improper Privilege Management vulnerability in Dell Repository Manager 1.1.52/1.2.155/1.3.124 Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. | 7.8 |
2023-11-16 | CVE-2023-44336 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-44337 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-16 | CVE-2023-44338 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2023-11-16 | CVE-2023-44359 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-44365 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-44366 | Adobe | Out-of-bounds Write vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-44367 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-44371 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-44372 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-11-16 | CVE-2023-6119 | Trellix | Improper Privilege Management vulnerability in Trellix Getsusp An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. | 7.8 |
2023-11-16 | CVE-2023-39259 | Dell | Unspecified vulnerability in Dell OS Recovery Tool 2.2.4013/2.3.7012.0/2.3.7515.0 Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. | 7.8 |
2023-11-16 | CVE-2023-47470 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c | 7.8 |
2023-11-15 | CVE-2023-48199 | Grocy Project | Injection vulnerability in Grocy Project Grocy 4.0.3 HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. | 7.8 |
2023-11-15 | CVE-2023-22818 | Westerndigital | Uncontrolled Search Path Element vulnerability in Westerndigital Sandisk Security Installer Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. | 7.8 |
2023-11-15 | CVE-2023-48011 | Gpac | Use After Free vulnerability in Gpac 2.3Devrev566G50C2Ab06Fmaster GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. | 7.8 |
2023-11-15 | CVE-2023-48013 | Gpac | Double Free vulnerability in Gpac 2.3Devrev566G50C2Ab06Fmaster GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. | 7.8 |
2023-11-15 | CVE-2023-48014 | Gpac | Out-of-bounds Write vulnerability in Gpac 2.3Devrev566G50C2Ab06Fmaster GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. | 7.8 |
2023-11-15 | CVE-2023-33873 | Aveva | Unspecified vulnerability in Aveva products This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. | 7.8 |
2023-11-15 | CVE-2023-47580 | Fujielectric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fujielectric Tellus and Tellus Lite Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. | 7.8 |
2023-11-15 | CVE-2023-47581 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric Tellus and Tellus Lite Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. | 7.8 |
2023-11-15 | CVE-2023-47582 | Fujielectric | Access of Uninitialized Pointer vulnerability in Fujielectric Tellus and Tellus Lite Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. | 7.8 |
2023-11-15 | CVE-2023-47583 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric Tellus 4.0.12.0/4.0.15.0 Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. | 7.8 |
2023-11-15 | CVE-2023-47584 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. | 7.8 |
2023-11-15 | CVE-2023-47585 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric V-Server Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. | 7.8 |
2023-11-15 | CVE-2023-47586 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. | 7.8 |
2023-11-15 | CVE-2023-35080 | Ivanti | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | 7.8 |
2023-11-15 | CVE-2023-38043 | Ivanti | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | 7.8 |
2023-11-15 | CVE-2023-38543 | Ivanti | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | 7.8 |
2023-11-15 | CVE-2023-41718 | Ivanti | Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3 When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | 7.8 |
2023-11-15 | CVE-2023-43590 | Zoom | Link Following vulnerability in Zoom Rooms Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 |
2023-11-15 | CVE-2023-43591 | Zoom | Unspecified vulnerability in Zoom Rooms Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-39535 | AMI | Unspecified vulnerability in AMI Aptio V AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. | 7.8 |
2023-11-14 | CVE-2023-39536 | AMI | Unspecified vulnerability in AMI Aptio V AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. | 7.8 |
2023-11-14 | CVE-2023-39537 | AMI | Unspecified vulnerability in AMI Aptio V AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. | 7.8 |
2023-11-14 | CVE-2023-46022 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank 1.0 SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter. | 7.8 |
2023-11-14 | CVE-2023-46582 | Code Projects | SQL Injection vulnerability in Code-Projects Inventory Management 1.0 SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component. | 7.8 |
2023-11-14 | CVE-2022-27229 | Intel | Path Traversal vulnerability in Intel Hdmi Firmware Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2022-33898 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC Watchdog Timer Utility Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2022-38786 | Intel | Unspecified vulnerability in Intel Battery Life Diagnostic Tool 1.0.7/2.2.0 Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2022-41689 | Intel | Unspecified vulnerability in Intel In-Band Manageability 2.13.0 Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2022-41700 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC PRO Software Suite 2.0.0.3 Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2022-45469 | Intel | Improper Input Validation vulnerability in Intel Unison Software Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-20563 | AMD | Improper Privilege Management vulnerability in AMD products Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-20565 | AMD | Improper Privilege Management vulnerability in AMD products Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-22292 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Unison Software Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-23583 | Intel Debian Netapp | Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | 7.8 |
2023-11-14 | CVE-2023-24592 | Intel | Path Traversal vulnerability in Intel products Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-25075 | Intel | Unquoted Search Path or Element vulnerability in Intel Server Configuration Utility 16.0.7/16.0.8 Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-27305 | Intel | Incorrect Default Permissions vulnerability in Intel ARC a Graphics and Iris XE Graphics Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-27513 | Intel | Uncontrolled Search Path Element vulnerability in Intel Server Information Retrieval Utility Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-27519 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-28377 | Intel | Improper Authentication vulnerability in Intel USB Firmware Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-28378 | Intel | Unspecified vulnerability in Intel products Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-28388 | Intel | Uncontrolled Search Path Element vulnerability in Intel Chipset Device Software 10.1.1.45 Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-28397 | Intel | Unspecified vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | 7.8 |
2023-11-14 | CVE-2023-28401 | Intel | Out-of-bounds Write vulnerability in Intel ARC a Graphics and Iris XE Graphics Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-28737 | Intel | Improper Initialization vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-28740 | Intel | Uncontrolled Search Path Element vulnerability in Intel products Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-28741 | Intel | Classic Buffer Overflow vulnerability in Intel products Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-29157 | Intel | Unspecified vulnerability in Intel ONE Boot Flash Update Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-29161 | Intel | Uncontrolled Search Path Element vulnerability in Intel ONE Boot Flash Update Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-29504 | Intel | Uncontrolled Search Path Element vulnerability in Intel Realsense D400 Series Dynamic Calibration Tool 2.11 Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-32204 | Intel | Unspecified vulnerability in Intel ONE Boot Flash Update Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-32638 | Intel | Incorrect Default Permissions vulnerability in Intel ARC RGB Controller 1.03 Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-32661 | Intel | Improper Authentication vulnerability in Intel Realtek SD Card Reader Driver Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-33878 | Intel | Path Traversal vulnerability in Intel Audio Install Package Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-34314 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Simics Simulator Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-34350 | Intel | Uncontrolled Search Path Element vulnerability in Intel Extreme Tuning Utility 6.4.1.21/6.5.1.360/6.5.3.25 Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-34430 | Intel | Uncontrolled Search Path Element vulnerability in Intel Battery Life Diagnostic Tool 1.0.7/2.2.0 Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-34997 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Server Configuration Utility 16.0.7/16.0.8 Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-38411 | Intel | Unspecified vulnerability in Intel Smart Campus 6.1 Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-38570 | Intel | Unspecified vulnerability in Intel Unison Software Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-39230 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Rapid Storage Technology Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-11-14 | CVE-2023-36033 | Microsoft | Unspecified vulnerability in Microsoft products Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36036 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36037 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Security Feature Bypass Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36041 | Microsoft | Use After Free vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36045 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Graphics Remote Code Execution Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36047 | Microsoft | Unspecified vulnerability in Microsoft products Windows Authentication Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36393 | Microsoft | Unspecified vulnerability in Microsoft products Windows User Interface Application Core Remote Code Execution Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36396 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 22H2 Windows Compressed Folder Remote Code Execution Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36407 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36408 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36422 | Microsoft | Unspecified vulnerability in Microsoft Windows Defender 1.1.23060.3001 Microsoft Windows Defender Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36424 | Microsoft | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36705 | Microsoft | Unspecified vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-36719 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | 7.8 |
2023-11-14 | CVE-2023-41840 | Fortinet | Untrusted Search Path vulnerability in Fortinet Forticlient 7.0.9/7.2.0/7.2.1 A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. | 7.8 |
2023-11-14 | CVE-2023-6111 | Linux | Use After Free vulnerability in Linux Kernel A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630. | 7.8 |
2023-11-18 | CVE-2023-38361 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 10.1 IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2023-11-18 | CVE-2023-46402 | GIT Urls Project | Unspecified vulnerability in Git-Urls Project Git-Urls 1.0.1 git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go. | 7.5 |
2023-11-17 | CVE-2023-46745 | Librenms | Improper Restriction of Excessive Authentication Attempts vulnerability in Librenms LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. | 7.5 |
2023-11-17 | CVE-2023-48238 | Joaquimserafim | Insufficient Verification of Data Authenticity vulnerability in Joaquimserafim Json web Token joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. | 7.5 |
2023-11-17 | CVE-2023-48185 | Terra Mater | Path Traversal vulnerability in Terra-Mater Terra-Master Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request. | 7.5 |
2023-11-17 | CVE-2023-26347 | Adobe | Improper Access Control vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 7.5 |
2023-11-17 | CVE-2023-22272 | Adobe | Improper Input Validation vulnerability in Adobe Robohelp Server Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. | 7.5 |
2023-11-17 | CVE-2023-22274 | Adobe | XXE vulnerability in Adobe Robohelp Server Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. | 7.5 |
2023-11-17 | CVE-2023-22275 | Adobe | SQL Injection vulnerability in Adobe Robohelp Server Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. | 7.5 |
2023-11-17 | CVE-2023-38313 | Opennds | NULL Pointer Dereference vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS Captive Portal before 10.1.2. | 7.5 |
2023-11-17 | CVE-2023-38315 | Opennds | NULL Pointer Dereference vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS Captive Portal before version 10.1.2. | 7.5 |
2023-11-17 | CVE-2023-38320 | Opennds | NULL Pointer Dereference vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS Captive Portal before version 10.1.2. | 7.5 |
2023-11-17 | CVE-2023-38322 | Opennds | NULL Pointer Dereference vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS Captive Portal before version 10.1.2. | 7.5 |
2023-11-17 | CVE-2023-41102 | Opennds | Memory Leak vulnerability in Opennds An issue was discovered in the captive portal in OpenNDS before version 10.1.3. | 7.5 |
2023-11-17 | CVE-2023-45382 | Common Services | Path Traversal vulnerability in Common-Services Sonice Retour In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. | 7.5 |
2023-11-16 | CVE-2023-6020 | RAY Project | Missing Authorization vulnerability in RAY Project RAY LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. | 7.5 |
2023-11-16 | CVE-2023-48134 | Linecorp | Unspecified vulnerability in Linecorp Line 13.6.1 nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. | 7.5 |
2023-11-16 | CVE-2023-48053 | Archerydms | Use of Hard-coded Credentials vulnerability in Archerydms Archery 1.9.0 Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. | 7.5 |
2023-11-16 | CVE-2023-48055 | Superagi | Use of Hard-coded Credentials vulnerability in Superagi 0.0.13 SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. | 7.5 |
2023-11-16 | CVE-2023-48056 | Bandoche | Use of Insufficiently Random Values vulnerability in Bandoche Pypinksign 0.5.1 PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. | 7.5 |
2023-11-16 | CVE-2023-6021 | RAY Project | Path Traversal vulnerability in RAY Project RAY LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. | 7.5 |
2023-11-16 | CVE-2023-6038 | H2O | Missing Authorization vulnerability in H2O A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. | 7.5 |
2023-11-16 | CVE-2023-6015 | Lfprojects | Path Traversal vulnerability in Lfprojects Mlflow MLflow allowed arbitrary files to be PUT onto the server. | 7.5 |
2023-11-16 | CVE-2023-6023 | Vertaai | Path Traversal vulnerability in Vertaai Modeldb An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter. | 7.5 |
2023-11-16 | CVE-2023-26031 | Apache | Untrusted Search Path vulnerability in Apache Hadoop 3.3.1/3.3.2/3.3.4 Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. | 7.5 |
2023-11-16 | CVE-2023-47263 | Withsecure | Unspecified vulnerability in Withsecure products Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. | 7.5 |
2023-11-16 | CVE-2023-47264 | Withsecure | Out-of-bounds Read vulnerability in Withsecure products Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). | 7.5 |
2023-11-15 | CVE-2023-47345 | Free5Gc | Classic Buffer Overflow vulnerability in Free5Gc 3.3.0 Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero. | 7.5 |
2023-11-15 | CVE-2023-47347 | Free5Gc | Classic Buffer Overflow vulnerability in Free5Gc 3.3.0 Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes. | 7.5 |
2023-11-15 | CVE-2023-5720 | Quarkus | Unspecified vulnerability in Quarkus A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. | 7.5 |
2023-11-15 | CVE-2023-34062 | Pivotal | Path Traversal vulnerability in Pivotal Reactor Netty 1.0.11/1.0.23 In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. | 7.5 |
2023-11-14 | CVE-2023-39203 | Zoom | Unspecified vulnerability in Zoom Virtual Desktop Infrastructure and Zoom Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access. | 7.5 |
2023-11-14 | CVE-2023-39204 | Zoom | Classic Buffer Overflow vulnerability in Zoom products Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | 7.5 |
2023-11-14 | CVE-2023-39206 | Zoom | Classic Buffer Overflow vulnerability in Zoom products Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | 7.5 |
2023-11-14 | CVE-2023-45620 | Arubanetworks HP | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. | 7.5 |
2023-11-14 | CVE-2023-45621 | Arubanetworks HP | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. | 7.5 |
2023-11-14 | CVE-2023-45622 | Arubanetworks HP | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. | 7.5 |
2023-11-14 | CVE-2023-45623 | Arubanetworks HP | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. | 7.5 |
2023-11-14 | CVE-2023-45624 | Arubanetworks HP | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. | 7.5 |
2023-11-14 | CVE-2023-36038 | Microsoft | Unspecified vulnerability in Microsoft Asp.Net Core and Visual Studio 2022 ASP.NET Core Denial of Service Vulnerability | 7.5 |
2023-11-14 | CVE-2023-46024 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0 SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter. | 7.5 |
2023-11-14 | CVE-2023-47627 | Aiohttp | HTTP Request Smuggling vulnerability in Aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 7.5 |
2023-11-14 | CVE-2021-46774 | AMD | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | 7.5 |
2023-11-14 | CVE-2023-20533 | AMD | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | 7.5 |
2023-11-14 | CVE-2023-20566 | AMD | Unspecified vulnerability in AMD products Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. | 7.5 |
2023-11-14 | CVE-2023-22285 | Intel | Unspecified vulnerability in Intel Unison Software Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2023-11-14 | CVE-2023-22337 | Intel | Improper Input Validation vulnerability in Intel Unison Software Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2023-11-14 | CVE-2023-31203 | Intel | Unspecified vulnerability in Intel Openvino Model Server Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2023-11-14 | CVE-2023-31320 | AMD | Improper Input Validation vulnerability in AMD products Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. | 7.5 |
2023-11-14 | CVE-2023-32279 | Intel | Unspecified vulnerability in Intel Connectivity Performance Suite Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2023-11-14 | CVE-2023-39228 | Intel | Unspecified vulnerability in Intel Unison Software Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2023-11-14 | CVE-2023-36392 | Microsoft | Unspecified vulnerability in Microsoft products DHCP Server Service Denial of Service Vulnerability | 7.5 |
2023-11-14 | CVE-2023-36395 | Microsoft | Unspecified vulnerability in Microsoft products Windows Deployment Services Denial of Service Vulnerability | 7.5 |
2023-11-14 | CVE-2023-42783 | Fortinet | Relative Path Traversal vulnerability in Fortinet Fortiwlm A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests. | 7.5 |
2023-11-14 | CVE-2023-45684 | Northern Tech | SQL Injection vulnerability in Northern.Tech Cfengine Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. | 7.5 |
2023-11-14 | CVE-2023-43503 | Siemens | Cleartext Transmission of Sensitive Information vulnerability in Siemens Comos A vulnerability has been identified in COMOS (All versions < V10.4.4). | 7.5 |
2023-11-14 | CVE-2023-46590 | Siemens | XXE vulnerability in Siemens OPC UA Modeling Editor A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). | 7.5 |
2023-11-14 | CVE-2023-46601 | Siemens | Improper Access Control vulnerability in Siemens Comos A vulnerability has been identified in COMOS (All versions). | 7.5 |
2023-11-14 | CVE-2023-45558 | Golden Project | Unspecified vulnerability in Golden Project Golden 13.6.1 An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 7.5 |
2023-11-14 | CVE-2023-45560 | Memberscard Project | Unspecified vulnerability in Memberscard Project Memberscard 13.6.1 An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 7.5 |
2023-11-13 | CVE-2023-47346 | Free5Gc | Classic Buffer Overflow vulnerability in Free5Gc Free5Gc, SMF and UPF Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages. | 7.5 |
2023-11-13 | CVE-2023-47117 | Humansignal | Unspecified vulnerability in Humansignal Label Studio Label Studio is an open source data labeling tool. | 7.5 |
2023-11-13 | CVE-2023-6101 | Maiwei Safety Production Control Platform Project | Unspecified vulnerability in Maiwei Safety Production Control Platform Project Maiwei Safety Production Control Platform 4.1 A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. | 7.5 |
2023-11-13 | CVE-2022-45835 | Phonepe | Server-Side Request Forgery (SSRF) vulnerability in Phonepe Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | 7.5 |
2023-11-13 | CVE-2023-34013 | AYS PRO | Server-Side Request Forgery (SSRF) vulnerability in Ays-Pro Poll Maker Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. | 7.5 |
2023-11-13 | CVE-2023-46207 | Stylemixthemes | Server-Side Request Forgery (SSRF) vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6. | 7.5 |
2023-11-13 | CVE-2023-47163 | Remarshal Project | Uncontrolled Recursion vulnerability in Remarshal Project Remarshal Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. | 7.5 |
2023-11-16 | CVE-2023-48052 | Httpie | Improper Certificate Validation vulnerability in Httpie 3.2.2 Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | 7.4 |
2023-11-16 | CVE-2023-48054 | Localstack | Improper Certificate Validation vulnerability in Localstack 2.3.2 Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | 7.4 |
2023-11-16 | CVE-2023-39246 | Dell | Link Following vulnerability in Dell products Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. | 7.3 |
2023-11-14 | CVE-2023-29165 | Intel | Unquoted Search Path or Element vulnerability in Intel ARC a Graphics and Iris XE Graphics Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-11-14 | CVE-2023-32278 | Intel | Path Traversal vulnerability in Intel NUC Uniwill Service Driver Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-11-14 | CVE-2023-32655 | Intel | Path Traversal vulnerability in Intel USB Type C Power Delivery Controller Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-11-14 | CVE-2023-32658 | Intel | Unquoted Search Path or Element vulnerability in Intel Hdmi Firmware Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-11-14 | CVE-2023-32660 | Intel | Uncontrolled Search Path Element vulnerability in Intel Thunderbolt 3 Controller Firmware 27/38 Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-11-14 | CVE-2023-33874 | Intel | Uncontrolled Search Path Element vulnerability in Intel HID Event Filter Driver Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-11-14 | CVE-2023-45582 | Fortinet | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortimail An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts. | 7.3 |
2023-11-17 | CVE-2023-22273 | Adobe | Path Traversal vulnerability in Adobe Robohelp Server Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. | 7.2 |
2023-11-17 | CVE-2023-47675 | Cubecart | OS Command Injection vulnerability in Cubecart CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 7.2 |
2023-11-14 | CVE-2023-45625 | Arubanetworks HP | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the command line interface. | 7.2 |
2023-11-14 | CVE-2023-45626 | Arubanetworks HP | An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. | 7.2 |
2023-11-14 | CVE-2023-22448 | Intel | Unspecified vulnerability in Intel Unison Software Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. | 7.2 |
2023-11-14 | CVE-2023-36401 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Remote Registry Service Remote Code Execution Vulnerability | 7.2 |
2023-11-14 | CVE-2023-44317 | Siemens | Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in Siemens products Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device. | 7.2 |
2023-11-14 | CVE-2023-45880 | Gibbonedu | Path Traversal vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. | 7.2 |
2023-11-16 | CVE-2023-6017 | H2O | Unspecified vulnerability in H2O H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. | 7.1 |
2023-11-15 | CVE-2023-34982 | Aveva | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aveva products This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. | 7.1 |
2023-11-15 | CVE-2023-31100 | Phoenix | Unspecified vulnerability in Phoenix Securecore Technology Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138 | 7.1 |
2023-11-14 | CVE-2023-47630 | Kyverno | Insufficient Verification of Data Authenticity vulnerability in Kyverno Kyverno is a policy engine designed for Kubernetes. | 7.1 |
2023-11-14 | CVE-2022-40681 | Fortinet | Incorrect Authorization vulnerability in Fortinet Forticlient A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. | 7.1 |
2023-11-14 | CVE-2023-32701 | Blackberry | Unspecified vulnerability in Blackberry QNX Software Development Platform 6.6.0/7.0/7.1 Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. | 7.1 |
2023-11-14 | CVE-2023-36046 | Microsoft | Unspecified vulnerability in Microsoft products Windows Authentication Denial of Service Vulnerability | 7.1 |
2023-11-14 | CVE-2023-36399 | Microsoft | Unspecified vulnerability in Microsoft products Windows Storage Elevation of Privilege Vulnerability | 7.1 |
2023-11-14 | CVE-2023-36394 | Microsoft | Unspecified vulnerability in Microsoft products Windows Search Service Elevation of Privilege Vulnerability | 7.0 |
2023-11-14 | CVE-2023-36403 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.0 |
2023-11-14 | CVE-2023-36405 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.0 |
2023-11-14 | CVE-2023-36427 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Elevation of Privilege Vulnerability | 7.0 |
312 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-11-14 | CVE-2023-27383 | Intel | Unspecified vulnerability in Intel products Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 6.8 |
2023-11-14 | CVE-2023-38177 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 6.8 |
2023-11-14 | CVE-2023-46446 | Asyncssh Project | Authorization Bypass Through User-Controlled Key vulnerability in Asyncssh Project Asyncssh An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | 6.8 |
2023-11-16 | CVE-2023-32469 | Dell | Improper Input Validation vulnerability in Dell products Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. | 6.7 |
2023-11-14 | CVE-2022-24379 | Intel | Unspecified vulnerability in Intel products Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-11-14 | CVE-2022-29262 | Intel | Unspecified vulnerability in Intel products Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-11-14 | CVE-2022-29510 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-11-14 | CVE-2022-33945 | Intel | Unspecified vulnerability in Intel products Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-11-14 | CVE-2022-36374 | Intel | Unspecified vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-11-14 | CVE-2022-36396 | Intel | Unspecified vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-11-14 | CVE-2023-20567 | Intel AMD | Improper Verification of Cryptographic Signature vulnerability in multiple products Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | 6.7 |
2023-11-14 | CVE-2023-20568 | Intel AMD | Improper Verification of Cryptographic Signature vulnerability in multiple products Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | 6.7 |
2023-11-14 | CVE-2023-29177 | Fortinet | Classic Buffer Overflow vulnerability in Fortinet Fortiadc and Fortiddos-F Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | 6.7 |
2023-11-14 | CVE-2023-32662 | Intel | Unspecified vulnerability in Intel Battery Life Diagnostic Tool 1.0.7/2.2.0 Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-11-14 | CVE-2023-34431 | Intel | Unspecified vulnerability in Intel products Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access | 6.7 |
2023-11-14 | CVE-2023-28002 | Fortinet | Improper Validation of Integrity Check Value vulnerability in Fortinet Fortios An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | 6.7 |
2023-11-14 | CVE-2023-6006 | Papercut | Unspecified vulnerability in Papercut MF This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. | 6.7 |
2023-11-16 | CVE-2023-36008 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 6.6 |
2023-11-18 | CVE-2023-48736 | Color | Out-of-bounds Read vulnerability in Color Demoiccmax 20231109 In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read. | 6.5 |
2023-11-18 | CVE-2023-40363 | IBM | Incorrect Default Permissions vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. | 6.5 |
2023-11-17 | CVE-2023-48024 | Howerj | Use After Free vulnerability in Howerj Liblisp Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c | 6.5 |
2023-11-17 | CVE-2023-22268 | Adobe | SQL Injection vulnerability in Adobe Robohelp Server Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. | 6.5 |
2023-11-17 | CVE-2023-38314 | Opennds | NULL Pointer Dereference vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS Captive Portal before version 10.1.2. | 6.5 |
2023-11-17 | CVE-2023-42428 | Cubecart | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. | 6.5 |
2023-11-16 | CVE-2023-6174 | Wireshark Debian | Injection vulnerability in multiple products SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file | 6.5 |
2023-11-16 | CVE-2023-43757 | Elecom | Inadequate Encryption Strength vulnerability in Elecom products Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. | 6.5 |
2023-11-16 | CVE-2023-47335 | Autelrobotics | Incorrect Default Permissions vulnerability in Autelrobotics EVO Nano Drone Firmware 1.6.5 Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | 6.5 |
2023-11-16 | CVE-2023-47471 | Struktur | Classic Buffer Overflow vulnerability in Struktur Libde265 1.0.12 Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component. | 6.5 |
2023-11-16 | CVE-2023-48204 | Publiccms | Server-Side Request Forgery (SSRF) vulnerability in Publiccms 4.0.202302.E An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. | 6.5 |
2023-11-15 | CVE-2023-43588 | Zoom | Unspecified vulnerability in Zoom Meetings Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | 6.5 |
2023-11-14 | CVE-2023-39199 | Zoom | Unspecified vulnerability in Zoom products Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | 6.5 |
2023-11-14 | CVE-2023-39205 | Zoom | Improper Check for Unusual or Exceptional Conditions vulnerability in Zoom products Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. | 6.5 |
2023-11-14 | CVE-2023-45627 | Arubanetworks HP | An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. | 6.5 |
2023-11-14 | CVE-2023-5189 | Redhat | Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite A path traversal vulnerability exists in Ansible when extracting tarballs. | 6.5 |
2023-11-14 | CVE-2023-46023 | Code Projects | SQL Injection vulnerability in Code-Projects Simple Task List 1.0 SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter. | 6.5 |
2023-11-14 | CVE-2023-46132 | Hyperledger | Race Condition vulnerability in Hyperledger Fabric Hyperledger Fabric is an open source permissioned distributed ledger framework. | 6.5 |
2023-11-14 | CVE-2023-47641 | Aiohttp | HTTP Request Smuggling vulnerability in Aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 6.5 |
2023-11-14 | CVE-2023-20592 | AMD | Unspecified vulnerability in AMD products Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. | 6.5 |
2023-11-14 | CVE-2023-22290 | Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in Intel Unison Software Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. | 6.5 |
2023-11-14 | CVE-2023-28376 | Intel | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2023-11-14 | CVE-2023-38131 | Intel | Improper Input Validation vulnerability in Intel Unison Software Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. | 6.5 |
2023-11-14 | CVE-2023-36043 | Microsoft | Exposure of Resource to Wrong Sphere vulnerability in Microsoft System Center Operations Manager 2016/2019/2022 Open Management Infrastructure Information Disclosure Vulnerability | 6.5 |
2023-11-14 | CVE-2023-36398 | Microsoft | Unspecified vulnerability in Microsoft products Windows NTFS Information Disclosure Vulnerability | 6.5 |
2023-11-14 | CVE-2023-36413 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Security Feature Bypass Vulnerability | 6.5 |
2023-11-14 | CVE-2023-36641 | Fortinet | Numeric Truncation Error vulnerability in Fortinet Fortios and Fortiproxy A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. | 6.5 |
2023-11-14 | CVE-2023-41676 | Fortinet | Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. | 6.5 |
2023-11-14 | CVE-2023-43505 | Siemens | Improper Access Control vulnerability in Siemens Comos A vulnerability has been identified in COMOS (All versions). | 6.5 |
2023-11-14 | CVE-2023-44321 | Siemens | Resource Exhaustion vulnerability in Siemens products Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. | 6.5 |
2023-11-14 | CVE-2023-46096 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens Simatic PCS NEO 3.0 A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). | 6.5 |
2023-11-14 | CVE-2023-43900 | Emsigner | Authorization Bypass Through User-Controlled Key vulnerability in Emsigner 2.8.7 Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters. | 6.5 |
2023-11-13 | CVE-2023-23684 | Wpengine | Unspecified vulnerability in Wpengine Wpgraphql Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. | 6.5 |
2023-11-13 | CVE-2023-23800 | Getshortcodes | Server-Side Request Forgery (SSRF) vulnerability in Getshortcodes Shortcodes Ultimate Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6. | 6.5 |
2023-11-13 | CVE-2023-41239 | Blubrry | Server-Side Request Forgery (SSRF) vulnerability in Blubrry Powerpress Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6. | 6.5 |
2023-11-18 | CVE-2023-40809 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. | 6.1 |
2023-11-18 | CVE-2023-40810 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. | 6.1 |
2023-11-18 | CVE-2023-40812 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. | 6.1 |
2023-11-18 | CVE-2023-40813 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. | 6.1 |
2023-11-18 | CVE-2023-40814 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. | 6.1 |
2023-11-18 | CVE-2023-40815 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. | 6.1 |
2023-11-18 | CVE-2023-40816 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. | 6.1 |
2023-11-18 | CVE-2023-40817 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. | 6.1 |
2023-11-17 | CVE-2023-44352 | Adobe | Cross-site Scripting vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2023-11-17 | CVE-2020-11448 | Bell | Cross-site Scripting vulnerability in Bell Home HUB 3000 Firmware Sg48222070 An issue was discovered on Bell HomeHub 3000 SG48222070 devices. | 6.1 |
2023-11-17 | CVE-2023-47797 | Liferay | Cross-site Scripting vulnerability in Liferay Portal Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter. | 6.1 |
2023-11-16 | CVE-2023-40314 | Opennms | Cross-site Scripting vulnerability in Opennms Horizon Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. | 6.1 |
2023-11-16 | CVE-2023-28621 | Wishfulthemes | Cross-site Scripting vulnerability in Wishfulthemes Raise MAG and Wishful Blog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1. | 6.1 |
2023-11-16 | CVE-2023-32796 | Mingocommerce | Cross-site Scripting vulnerability in Mingocommerce Woocommerce Product Enquiry Unauth. | 6.1 |
2023-11-16 | CVE-2023-34375 | 10Web | Cross-site Scripting vulnerability in 10Web SEO Unauth. | 6.1 |
2023-11-16 | CVE-2023-39926 | Acurax | Cross-site Scripting vulnerability in Acurax Under Construction / Maintenance Mode 2.6 Unauth. | 6.1 |
2023-11-16 | CVE-2023-47508 | Averta | Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1 Unauth. | 6.1 |
2023-11-16 | CVE-2023-47509 | Ioannup | Cross-site Scripting vulnerability in Ioannup Edit Woocommerce Templates Unauth. | 6.1 |
2023-11-16 | CVE-2023-47512 | Wphive | Cross-site Scripting vulnerability in Wphive Product Enquiry for Woocommerce Unauth. | 6.1 |
2023-11-16 | CVE-2023-47514 | Star Emea | Cross-site Scripting vulnerability in Star-Emea Star Cloudprnt for Woocommerce Unauth. | 6.1 |
2023-11-16 | CVE-2023-4771 | Cksource | Unspecified vulnerability in Cksource Ckeditor A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. | 6.1 |
2023-11-15 | CVE-2023-41699 | Payara | Open Redirect vulnerability in Payara URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11. | 6.1 |
2023-11-15 | CVE-2023-48219 | Tiny | Cross-site Scripting vulnerability in Tiny Tinymce TinyMCE is an open source rich text editor. | 6.1 |
2023-11-15 | CVE-2023-4602 | Kibokolabs | Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. | 6.1 |
2023-11-15 | CVE-2023-41597 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms 1.6.2 EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. | 6.1 |
2023-11-15 | CVE-2023-5986 | Schneider Electric | Open Redirect vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. | 6.1 |
2023-11-15 | CVE-2023-5987 | Schneider Electric | Cross-site Scripting vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | 6.1 |
2023-11-14 | CVE-2023-47517 | Pressified | Cross-site Scripting vulnerability in Pressified Sendpress Unauth. | 6.1 |
2023-11-14 | CVE-2023-47518 | Vfbpro | Cross-site Scripting vulnerability in Vfbpro Restrict Categories Unauth. | 6.1 |
2023-11-14 | CVE-2023-47520 | Michaeluno | Cross-site Scripting vulnerability in Michaeluno Responsive Column Widgets Unauth. | 6.1 |
2023-11-14 | CVE-2023-47522 | Photofeed | Cross-site Scripting vulnerability in Photofeed Photo Feed Unauth. | 6.1 |
2023-11-14 | CVE-2023-47524 | Codebard | Cross-site Scripting vulnerability in Codebard Patron Button and Widgets for Patreon Unauth. | 6.1 |
2023-11-14 | CVE-2023-47532 | Themeum | Cross-site Scripting vulnerability in Themeum WP Crowdfunding Unauth. | 6.1 |
2023-11-14 | CVE-2023-47544 | Atarim | Cross-site Scripting vulnerability in Atarim Visual Collaboration Unauth. | 6.1 |
2023-11-14 | CVE-2023-47547 | Wpfactory | Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce Unauth. | 6.1 |
2023-11-14 | CVE-2023-47549 | Spider Themes | Cross-site Scripting vulnerability in Spider-Themes Eazydocs Unauth. | 6.1 |
2023-11-14 | CVE-2023-47125 | Typo3 | Cross-site Scripting vulnerability in Typo3 Html Sanitizer and Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 6.1 |
2023-11-14 | CVE-2023-47550 | Rednao | Cross-Site Request Forgery (CSRF) vulnerability in Rednao Donations Made Easy - Smart Donations Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations allows Stored XSS.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | 6.1 |
2023-11-14 | CVE-2021-46758 | AMD | Unspecified vulnerability in AMD products Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. | 6.1 |
2023-11-14 | CVE-2023-36030 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 Sales Spoofing Vulnerability | 6.1 |
2023-11-14 | CVE-2023-48094 | Cesium | Cross-site Scripting vulnerability in Cesium Cesiumjs 1.111 A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. | 6.1 |
2023-11-14 | CVE-2023-45881 | Gibbonedu | Cross-site Scripting vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. | 6.1 |
2023-11-14 | CVE-2023-47665 | Plainviewplugins | Cross-site Scripting vulnerability in Plainviewplugins Plainview Protect Passwords Unauth. | 6.1 |
2023-11-14 | CVE-2023-47673 | Thecrowned | Cross-site Scripting vulnerability in Thecrowned Post PAY Counter 2.789 Unauth. | 6.1 |
2023-11-14 | CVE-2023-47684 | Themepunch | Cross-site Scripting vulnerability in Themepunch Essential Grid Unauth. | 6.1 |
2023-11-13 | CVE-2023-46019 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Blood Bank 1.0 Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter. | 6.1 |
2023-11-13 | CVE-2023-46020 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Blood Bank 1.0 Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters. | 6.1 |
2023-11-13 | CVE-2023-47690 | Antonbond | Cross-site Scripting vulnerability in Antonbond Additional Order Filters for Woocommerce Unauth. | 6.1 |
2023-11-13 | CVE-2023-47695 | Scribit | Cross-site Scripting vulnerability in Scribit Shortcodes Finder Unauth. | 6.1 |
2023-11-13 | CVE-2023-47696 | Gravitymaster | Cross-site Scripting vulnerability in Gravitymaster Product Enquiry for Woocommerce Unauth. | 6.1 |
2023-11-13 | CVE-2023-47697 | WP Eventmanager | Cross-site Scripting vulnerability in Wp-Eventmanager WP Event Manager Unauth. | 6.1 |
2023-11-13 | CVE-2023-4603 | Star Emea | Cross-site Scripting vulnerability in Star-Emea Star Cloudprnt for Woocommerce The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings' parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. | 6.1 |
2023-11-13 | CVE-2023-46015 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Blood Bank 1.0 Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL. | 6.1 |
2023-11-13 | CVE-2023-46016 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Blood Bank 1.0 Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL. | 6.1 |
2023-11-13 | CVE-2023-31230 | Baidu Tongji Generator Project | Cross-Site Request Forgery (CSRF) vulnerability in Baidu-Tongji-Generator Project Baidu-Tongji-Generator 1.0.2 Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2. | 6.1 |
2023-11-13 | CVE-2023-32123 | Dream Theme | Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 11.6.0/11.7.3 Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. | 6.1 |
2023-11-13 | CVE-2023-35877 | Vadimk | Cross-Site Request Forgery (CSRF) vulnerability in Vadimk Extra User Details Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. | 6.1 |
2023-11-13 | CVE-2023-39166 | Tagdiv | Cross-Site Request Forgery (CSRF) vulnerability in Tagdiv Composer 4.2 Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4. | 6.1 |
2023-11-13 | CVE-2023-6098 | Icssolution | Cross-site Scripting vulnerability in Icssolution ICS Business Manager 7.06.0028.2802/7.06.0028.7066/7.06.0028.7089 An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. | 6.1 |
2023-11-13 | CVE-2023-40335 | Cyberws | Cross-Site Request Forgery (CSRF) vulnerability in Cyberws Cleverwise Daily Quotes Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2. | 6.1 |
2023-11-13 | CVE-2023-46092 | Lionscripts | Cross-Site Request Forgery (CSRF) vulnerability in Lionscripts Webmaster Tools Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0. | 6.1 |
2023-11-13 | CVE-2023-46201 | Auto Login NEW User After Registration Project | Cross-Site Request Forgery (CSRF) vulnerability in Auto Login NEW User After Registration Project Auto Login NEW User After Registration Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6. | 6.1 |
2023-11-13 | CVE-2023-46634 | Phoeniixx | Cross-Site Request Forgery (CSRF) vulnerability in Phoeniixx Custom MY Account for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).This issue affects Custom My Account for Woocommerce: from n/a through 2.1. | 6.1 |
2023-11-13 | CVE-2023-47516 | Starkdigital | Cross-Site Request Forgery (CSRF) vulnerability in Starkdigital Category Post List Widget 1.1/1.2/2.0 Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0. | 6.1 |
2023-11-13 | CVE-2023-47652 | Autoaffiliatelinks | Cross-Site Request Forgery (CSRF) vulnerability in Autoaffiliatelinks Auto Affiliate Links Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4. | 6.1 |
2023-11-13 | CVE-2023-38364 | IBM | Cross-site Scripting vulnerability in IBM Cics TX 10.1 IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. | 6.1 |
2023-11-15 | CVE-2023-5676 | Eclipse | Race Condition vulnerability in Eclipse Openj9 In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. | 5.9 |
2023-11-14 | CVE-2023-44322 | Siemens | Unchecked Return Value vulnerability in Siemens products Affected devices can be configured to send emails when certain events occur on the device. | 5.9 |
2023-11-14 | CVE-2023-43901 | Emsigner | Unspecified vulnerability in Emsigner 2.8.7 Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user. | 5.9 |
2023-11-14 | CVE-2023-46445 | Asyncssh Project | Insufficient Verification of Data Authenticity vulnerability in Asyncssh Project Asyncssh An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." | 5.9 |
2023-11-14 | CVE-2023-20521 | AMD | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | 5.7 |
2023-11-19 | CVE-2023-5341 | Imagemagick Fedoraproject | Use After Free vulnerability in multiple products A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | 5.5 |
2023-11-17 | CVE-2023-47071 | Adobe | Out-of-bounds Read vulnerability in Adobe After Effects 24.0 Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-17 | CVE-2023-44325 | Adobe | Out-of-bounds Read vulnerability in Adobe Animate Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-17 | CVE-2023-44326 | Adobe | Out-of-bounds Read vulnerability in Adobe Dimension Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-47025 | Free5Gc | Resource Exhaustion vulnerability in Free5Gc 3.3.0 An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | 5.5 |
2023-11-16 | CVE-2023-47046 | Adobe | Out-of-bounds Write vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 5.5 |
2023-11-16 | CVE-2023-47048 | Adobe | Out-of-bounds Read vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 5.5 |
2023-11-16 | CVE-2023-47049 | Adobe | Out-of-bounds Read vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 5.5 |
2023-11-16 | CVE-2023-47050 | Adobe | Out-of-bounds Read vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 5.5 |
2023-11-16 | CVE-2023-47051 | Adobe | Out-of-bounds Write vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 5.5 |
2023-11-16 | CVE-2023-47052 | Adobe | Out-of-bounds Read vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-47053 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-47054 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Audition Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44327 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Bridge Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44328 | Adobe | Use After Free vulnerability in Adobe Bridge Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44329 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Bridge Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44331 | Adobe | Out-of-bounds Read vulnerability in Adobe Photoshop Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44332 | Adobe | Out-of-bounds Read vulnerability in Adobe Photoshop Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44333 | Adobe | Out-of-bounds Read vulnerability in Adobe Photoshop Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44334 | Adobe | Out-of-bounds Read vulnerability in Adobe Photoshop Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44335 | Adobe | Out-of-bounds Read vulnerability in Adobe Photoshop Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-47044 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Media Encoder Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44339 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44340 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44348 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44356 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44357 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44358 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44360 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44361 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-11-16 | CVE-2023-44296 | Dell | Use of Hard-coded Credentials vulnerability in Dell E-Lab Navigator 3.1.8/3.1.9 Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. | 5.5 |
2023-11-15 | CVE-2023-6105 | Zohocorp | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
2023-11-15 | CVE-2023-46672 | Elastic | Information Exposure Through Log Files vulnerability in Elastic Logstash 7.12.1/8.10.0 An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration. | 5.5 |
2023-11-15 | CVE-2023-38544 | Ivanti | Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3 A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. | 5.5 |
2023-11-14 | CVE-2023-39202 | Zoom | Untrusted Search Path vulnerability in Zoom Rooms and Virtual Desktop Infrastructure Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. | 5.5 |
2023-11-14 | CVE-2023-36558 | Microsoft | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 ASP.NET Core - Security Feature Bypass Vulnerability | 5.5 |
2023-11-14 | CVE-2023-46581 | Code Projects | SQL Injection vulnerability in Code-Projects Inventory Management 1.0 SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. | 5.5 |
2023-11-14 | CVE-2023-47384 | Gpac | Memory Leak vulnerability in Gpac 2.3Devrev617G671976Fccmaster MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. | 5.5 |
2023-11-14 | CVE-2021-46748 | Intel AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. | 5.5 |
2023-11-14 | CVE-2021-46766 | AMD | Incomplete Cleanup vulnerability in AMD products Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | 5.5 |
2023-11-14 | CVE-2022-42879 | Intel | NULL Pointer Dereference vulnerability in Intel Graphics Driver NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-11-14 | CVE-2022-43477 | Intel | Incomplete Cleanup vulnerability in Intel Unison Software Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2022-43666 | Intel | Unspecified vulnerability in Intel Unison Software Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2022-45109 | Intel | Improper Initialization vulnerability in Intel Unison Software Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2022-46299 | Intel | Unspecified vulnerability in Intel Unison Software Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2022-46646 | Intel | Unspecified vulnerability in Intel Unison Software Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2022-46647 | Intel | Information Exposure Through Log Files vulnerability in Intel Unison Software Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2023-22305 | Intel | Integer Overflow or Wraparound vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-11-14 | CVE-2023-25071 | Intel | NULL Pointer Dereference vulnerability in Intel ARC a Graphics and Iris XE Graphics NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-11-14 | CVE-2023-25080 | Intel | Unspecified vulnerability in Intel Openvino 2018 Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2023-25949 | Intel | Resource Exhaustion vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-11-14 | CVE-2023-25952 | Intel | Out-of-bounds Write vulnerability in Intel ARC a Graphics and Iris XE Graphics Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-11-14 | CVE-2023-26589 | Intel | Use After Free vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-11-14 | CVE-2023-27306 | Intel | Improper Initialization vulnerability in Intel products Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-11-14 | CVE-2023-28404 | Intel | Out-of-bounds Read vulnerability in Intel ARC a Graphics and Iris XE Graphics Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2023-28723 | Intel | Unspecified vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2023-32283 | Intel | Information Exposure Through Log Files vulnerability in Intel on Demand 1.16.1.1/2.1.0.1/3.0.1.3 Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2023-33872 | Intel | Unspecified vulnerability in Intel Support Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-11-14 | CVE-2023-40719 | Fortinet | Use of Hard-coded Credentials vulnerability in Fortinet Fortianalyzer and Fortimanager A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | 5.5 |
2023-11-14 | CVE-2023-33304 | Fortinet | Use of Hard-coded Credentials vulnerability in Fortinet Forticlient A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | 5.5 |
2023-11-14 | CVE-2023-36042 | Microsoft | Resource Exhaustion vulnerability in Microsoft Visual Studio 2019 and Visual Studio 2022 Visual Studio Denial of Service Vulnerability | 5.5 |
2023-11-14 | CVE-2023-36404 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 5.5 |
2023-11-14 | CVE-2023-36406 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Information Disclosure Vulnerability | 5.5 |
2023-11-14 | CVE-2023-36428 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.5 |
2023-11-14 | CVE-2023-44248 | Fortinet | Improper Access Control vulnerability in Fortinet Fortiedr 4.0.0/5.0.3 An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | 5.5 |
2023-11-13 | CVE-2023-46021 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank 1.0 SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter. | 5.5 |
2023-11-13 | CVE-2023-46014 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank 1.0 SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters. | 5.5 |
2023-11-13 | CVE-2023-46017 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank 1.0 SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters. | 5.5 |
2023-11-13 | CVE-2023-46018 | Code Projects | SQL Injection vulnerability in Code-Projects Blood Bank 1.0 SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter. | 5.5 |
2023-11-18 | CVE-2023-44796 | Limesurvey | Cross-site Scripting vulnerability in Limesurvey Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | 5.4 |
2023-11-17 | CVE-2023-48295 | Librenms | Cross-site Scripting vulnerability in Librenms LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. | 5.4 |
2023-11-17 | CVE-2023-5445 | Mcafee | Open Redirect vulnerability in Mcafee Epolicy Orchestrator An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. | 5.4 |
2023-11-17 | CVE-2023-48649 | Concretecms | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name. | 5.4 |
2023-11-16 | CVE-2023-48222 | Pagerduty | Missing Authorization vulnerability in Pagerduty Rundeck Rundeck is an open source automation service with a web console, command line tools and a WebAPI. | 5.4 |
2023-11-16 | CVE-2023-47239 | Wpplugin | Cross-site Scripting vulnerability in Wpplugin Easy Paypal Shopping Cart Auth. | 5.4 |
2023-11-16 | CVE-2023-47240 | Codebxr | Cross-site Scripting vulnerability in Codebxr CBX MAP for Google MAP & Openstreetmap Auth. | 5.4 |
2023-11-16 | CVE-2023-47242 | Marcomilesi | Cross-site Scripting vulnerability in Marcomilesi Anac XML Bandi DI Gara Auth. | 5.4 |
2023-11-16 | CVE-2023-6013 | H2O | Unspecified vulnerability in H2O H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. | 5.4 |
2023-11-15 | CVE-2023-48197 | Grocy Project | Cross-site Scripting vulnerability in Grocy Project Grocy 4.0.3 Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. | 5.4 |
2023-11-15 | CVE-2023-48198 | Grocy Project | Cross-site Scripting vulnerability in Grocy Project Grocy 4.0.3 A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies. | 5.4 |
2023-11-15 | CVE-2023-48200 | Grocy Project | Cross-site Scripting vulnerability in Grocy Project Grocy 4.0.3 Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component. | 5.4 |
2023-11-15 | CVE-2023-48087 | Xuxueli | Incorrect Permission Assignment for Critical Resource vulnerability in Xuxueli Xxl-Job 2.4.0 xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. | 5.4 |
2023-11-15 | CVE-2023-48088 | Xuxueli | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.4.0 xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. | 5.4 |
2023-11-15 | CVE-2023-4889 | Shareaholic | Cross-site Scripting vulnerability in Shareaholic The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-11-15 | CVE-2023-47446 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Pre-School Enrollment System 1.0 Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter. | 5.4 |
2023-11-15 | CVE-2023-47309 | Nukium | Cross-site Scripting vulnerability in Nukium GLS 3.0.1 Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile. | 5.4 |
2023-11-14 | CVE-2023-46580 | Code Projects | Cross-site Scripting vulnerability in Code-Projects Inventory Management 1.0 Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component. | 5.4 |
2023-11-14 | CVE-2023-47545 | Fatcatapps | Cross-site Scripting vulnerability in Fatcatapps Forms for Mailchimp BY Optin CAT Auth. | 5.4 |
2023-11-14 | CVE-2023-26222 | Tibco | Cross-site Scripting vulnerability in Tibco EBX The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. | 5.4 |
2023-11-14 | CVE-2023-47127 | Typo3 | Improper Authentication vulnerability in Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 5.4 |
2023-11-14 | CVE-2023-47654 | Livescore | Cross-site Scripting vulnerability in Livescore Bzscore Auth. | 5.4 |
2023-11-14 | CVE-2023-47656 | Marcomilesi | Cross-site Scripting vulnerability in Marcomilesi Anac XML Bandi DI Gara Auth. | 5.4 |
2023-11-14 | CVE-2023-36031 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2023-11-14 | CVE-2023-36410 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2023-11-14 | CVE-2023-36633 | Fortinet | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimail An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | 5.4 |
2023-11-14 | CVE-2023-47659 | Lava Code | Cross-site Scripting vulnerability in Lava-Code Lava Directory Manager Auth. | 5.4 |
2023-11-14 | CVE-2023-6127 | Salesagility | Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 5.4 |
2023-11-14 | CVE-2023-6128 | Salesagility | Cross-site Scripting vulnerability in Salesagility Suitecrm Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 5.4 |
2023-11-14 | CVE-2023-45879 | Gibbonedu | Cross-site Scripting vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. | 5.4 |
2023-11-14 | CVE-2023-42325 | Netgate | Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0 Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | 5.4 |
2023-11-14 | CVE-2023-42327 | Netgate | Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0 Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | 5.4 |
2023-11-14 | CVE-2023-47680 | Qodeinteractive | Cross-site Scripting vulnerability in Qodeinteractive QI Addons for Elementor Auth. | 5.4 |
2023-11-13 | CVE-2023-6103 | Intelbras | Cross-site Scripting vulnerability in Intelbras RX 1500 Firmware 1.1.9 A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. | 5.4 |
2023-11-13 | CVE-2023-48068 | Dedecms | Cross-site Scripting vulnerability in Dedecms 6.2 DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | 5.4 |
2023-11-13 | CVE-2023-4775 | Tinywebgallery | Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-11-13 | CVE-2023-5741 | Powr | Cross-site Scripting vulnerability in Powr The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-11-17 | CVE-2023-26364 | Adobe | Unspecified vulnerability in Adobe Css-Tools @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. | 5.3 |
2023-11-17 | CVE-2023-38324 | Opennds | Unspecified vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS before 10.1.2. | 5.3 |
2023-11-15 | CVE-2023-4723 | Webtechstreet | Unspecified vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. | 5.3 |
2023-11-15 | CVE-2023-47636 | Pimcore | Information Exposure Through an Error Message vulnerability in Pimcore Admin Classic Bundle The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. | 5.3 |
2023-11-15 | CVE-2023-6032 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Galaxy VL Firmware and Galaxy VS Firmware A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS. | 5.3 |
2023-11-14 | CVE-2023-41570 | Mikrotik | Unspecified vulnerability in Mikrotik Routeros MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | 5.3 |
2023-11-14 | CVE-2023-47126 | Typo3 | Unspecified vulnerability in Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 5.3 |
2023-11-14 | CVE-2022-23830 | AMD | Unspecified vulnerability in AMD products SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. | 5.3 |
2023-11-14 | CVE-2023-41366 | SAP | Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Netweaver Application Server Abap Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application. | 5.3 |
2023-11-14 | CVE-2023-42480 | SAP | Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Netweaver Application Server Java 7.50 The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability. | 5.3 |
2023-11-13 | CVE-2023-42813 | Nirmata | Unspecified vulnerability in Nirmata Kyverno 1.11.0 Kyverno is a policy engine designed for Kubernetes. | 5.3 |
2023-11-13 | CVE-2023-42814 | Nirmata | Unspecified vulnerability in Nirmata Kyverno 1.11.0 Kyverno is a policy engine designed for Kubernetes. | 5.3 |
2023-11-13 | CVE-2023-42815 | Nirmata | Unspecified vulnerability in Nirmata Kyverno 1.11.0 Kyverno is a policy engine designed for Kubernetes. | 5.3 |
2023-11-13 | CVE-2023-42816 | Nirmata | Unspecified vulnerability in Nirmata Kyverno 1.11.0 Kyverno is a policy engine designed for Kubernetes. | 5.3 |
2023-11-13 | CVE-2023-6100 | Maiwei Safety Production Control Platform Project | Unspecified vulnerability in Maiwei Safety Production Control Platform Project Maiwei Safety Production Control Platform 4.1 A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. | 5.3 |
2023-11-14 | CVE-2023-47262 | Abbott | Unspecified vulnerability in Abbott ID NOW Firmware The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. | 5.2 |
2023-11-17 | CVE-2023-47283 | Cubecart | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | 4.9 |
2023-11-15 | CVE-2023-6133 | Incsub | Unrestricted Upload of File with Dangerous Type vulnerability in Incsub Forminator The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. | 4.9 |
2023-11-15 | CVE-2023-5984 | Schneider Electric | Download of Code Without Integrity Check vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. | 4.9 |
2023-11-14 | CVE-2023-46025 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0 SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter. | 4.9 |
2023-11-14 | CVE-2021-26345 | AMD | Out-of-bounds Read vulnerability in AMD products Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. | 4.9 |
2023-11-14 | CVE-2023-44318 | Siemens | Use of Hard-coded Cryptographic Key vulnerability in Siemens products Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. | 4.9 |
2023-11-14 | CVE-2023-44319 | Siemens | Reversible One-Way Hash vulnerability in Siemens products Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. | 4.9 |
2023-11-13 | CVE-2023-31219 | Wpchill | Server-Side Request Forgery (SSRF) vulnerability in Wpchill Download Monitor Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1. | 4.9 |
2023-11-13 | CVE-2023-37978 | Riverside | Server-Side Request Forgery (SSRF) vulnerability in Riverside Http Headers Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11. | 4.9 |
2023-11-13 | CVE-2023-38515 | Church Admin Project | Server-Side Request Forgery (SSRF) vulnerability in Church Admin Project Church Admin Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56. | 4.9 |
2023-11-16 | CVE-2023-46213 | Splunk | Cross-site Scripting vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | 4.8 |
2023-11-16 | CVE-2023-32957 | Dazzlersoft | Cross-site Scripting vulnerability in Dazzlersoft Team Members Showcase Auth. | 4.8 |
2023-11-16 | CVE-2023-47245 | Marcomilesi | Cross-site Scripting vulnerability in Marcomilesi Anac XML Viewer Auth. | 4.8 |
2023-11-16 | CVE-2023-47511 | SO WP | Cross-site Scripting vulnerability in So-Wp Pinyin Slugs Auth. | 4.8 |
2023-11-15 | CVE-2023-5381 | Webtechstreet | Cross-site Scripting vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. | 4.8 |
2023-11-15 | CVE-2023-5985 | Schneider Electric | Cross-site Scripting vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values. | 4.8 |
2023-11-14 | CVE-2023-46026 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0 Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters. | 4.8 |
2023-11-14 | CVE-2023-47528 | Sajjad67 | Cross-site Scripting vulnerability in Sajjad67 WP Edit Username Auth. | 4.8 |
2023-11-14 | CVE-2023-47533 | Wpdevart | Cross-site Scripting vulnerability in Wpdevart Countdown and Countup, Woocommerce Sales Timer Auth. | 4.8 |
2023-11-14 | CVE-2023-47546 | Walterpinem | Cross-site Scripting vulnerability in Walterpinem Oneclick Chat to Order Auth. | 4.8 |
2023-11-14 | CVE-2023-47554 | Denk | Cross-site Scripting vulnerability in Denk Actueel Financieel Nieuws Auth. | 4.8 |
2023-11-14 | CVE-2023-47646 | Cedcommerce | Cross-site Scripting vulnerability in Cedcommerce Recently Viewed and Most Viewed products Auth. | 4.8 |
2023-11-14 | CVE-2023-47653 | Theweb Designs | Cross-site Scripting vulnerability in Theweb-Designs TWB Woocommerce Auth. | 4.8 |
2023-11-14 | CVE-2023-47658 | Actpro | Cross-site Scripting vulnerability in Actpro Extra Product Options for Woocommerce Auth. | 4.8 |
2023-11-14 | CVE-2023-47660 | Wpwham | Cross-site Scripting vulnerability in Wpwham Product Visibility BY Country for Woocommerce Auth. | 4.8 |
2023-11-14 | CVE-2023-46099 | Siemens | Cross-site Scripting vulnerability in Siemens Simatic PCS NEO 3.0 A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). | 4.8 |
2023-11-14 | CVE-2023-31754 | Optimizely | Cross-site Scripting vulnerability in Optimizely CMS Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel. | 4.8 |
2023-11-14 | CVE-2023-47628 | Datahub Project | Insufficient Session Expiration vulnerability in Datahub Project Datahub DataHub is an open-source metadata platform. | 4.8 |
2023-11-14 | CVE-2023-47657 | Grandplugins | Cross-site Scripting vulnerability in Grandplugins WOO Quick View and BUY NOW Auth. | 4.8 |
2023-11-14 | CVE-2023-47662 | Goldbroker | Cross-site Scripting vulnerability in Goldbroker Live Gold Price & Silver Price Charts Widgets Auth. | 4.8 |
2023-11-16 | CVE-2023-6176 | Linux Redhat | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. | 4.7 |
2023-11-14 | CVE-2023-22310 | Intel | Race Condition vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017 Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | 4.7 |
2023-11-13 | CVE-2023-47801 | Clickstudios | Incorrect Permission Assignment for Critical Resource vulnerability in Clickstudios Passwordstate 9.5/9.6 An issue was discovered in Click Studios Passwordstate before 9811. | 4.7 |
2023-11-14 | CVE-2023-20526 | AMD | Unspecified vulnerability in AMD products Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. | 4.6 |
2023-11-14 | CVE-2023-24588 | Intel | Unspecified vulnerability in Intel products Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 |
2023-11-14 | CVE-2023-27879 | Intel | Unspecified vulnerability in Intel products Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 |
2023-11-14 | CVE-2022-41659 | Intel | Unspecified vulnerability in Intel Unison Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-11-14 | CVE-2022-46298 | Intel | Incomplete Cleanup vulnerability in Intel Unison Software Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-11-14 | CVE-2022-46301 | Intel | Improper Initialization vulnerability in Intel Unison Software Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-11-14 | CVE-2023-22327 | Intel | Out-of-bounds Write vulnerability in Intel products Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-11-14 | CVE-2023-24587 | Intel | Unspecified vulnerability in Intel products Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-11-14 | CVE-2023-39411 | Intel | Improper Input Validation vulnerability in Intel Unison Software Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-11-14 | CVE-2023-40220 | Intel | Unspecified vulnerability in Intel Nuc6Cayh Firmware and Nuc6Cays Firmware Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-11-14 | CVE-2023-40540 | Intel | Unspecified vulnerability in Intel products Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-11-17 | CVE-2023-48294 | Librenms | Unspecified vulnerability in Librenms LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. | 4.3 |
2023-11-17 | CVE-2023-44355 | Adobe | Improper Input Validation vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. | 4.3 |
2023-11-17 | CVE-2020-11447 | Bell | Unspecified vulnerability in Bell Home HUB 3000 Firmware Sg48222070 An issue was discovered on Bell HomeHub 3000 SG48222070 devices. | 4.3 |
2023-11-16 | CVE-2023-48231 | VIM Fedoraproject | Use After Free vulnerability in multiple products Vim is an open source command line text editor. | 4.3 |
2023-11-16 | CVE-2023-48232 | VIM Fedoraproject | Improper Handling of Exceptional Conditions vulnerability in multiple products Vim is an open source command line text editor. | 4.3 |
2023-11-16 | CVE-2023-48233 | VIM Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products Vim is an open source command line text editor. | 4.3 |
2023-11-16 | CVE-2023-48234 | VIM Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products Vim is an open source command line text editor. | 4.3 |
2023-11-16 | CVE-2023-48235 | VIM Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products Vim is an open source command line text editor. | 4.3 |
2023-11-16 | CVE-2023-48236 | VIM Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products Vim is an open source command line text editor. | 4.3 |
2023-11-16 | CVE-2023-48237 | VIM Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products Vim is an open source command line text editor. | 4.3 |
2023-11-16 | CVE-2023-47112 | Pagerduty | Missing Authorization vulnerability in Pagerduty Rundeck 4.17.0/4.17.1/4.17.2 Rundeck is an open source automation service with a web console, command line tools and a WebAPI. | 4.3 |
2023-11-16 | CVE-2023-47642 | Zulip | Unspecified vulnerability in Zulip Server Zulip is an open-source team collaboration tool. | 4.3 |
2023-11-16 | CVE-2023-36026 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 |
2023-11-16 | CVE-2023-6121 | Redhat | Out-of-bounds Read vulnerability in Redhat Enterprise Linux An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. | 4.3 |
2023-11-15 | CVE-2023-4689 | Webtechstreet | Cross-Site Request Forgery (CSRF) vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. | 4.3 |
2023-11-15 | CVE-2023-4690 | Webtechstreet | Cross-Site Request Forgery (CSRF) vulnerability in Webtechstreet Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. | 4.3 |
2023-11-14 | CVE-2023-6124 | Salesagility | Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. | 4.3 |
2023-11-14 | CVE-2023-44320 | Siemens | Forced Browsing vulnerability in Siemens products Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator. | 4.3 |
2023-11-13 | CVE-2023-47625 | Dronecode | Classic Buffer Overflow vulnerability in Dronecode PX4 Drone Autopilot 1.14.0 PX4 autopilot is a flight control solution for drones. | 4.3 |
2023-11-13 | CVE-2023-48063 | Dreamer CMS Project | Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3 An issue was discovered in dreamer_cms 4.1.3. | 4.3 |
2023-11-13 | CVE-2023-38363 | IBM | Unspecified vulnerability in IBM Cics TX 10.1 IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2023-11-14 | CVE-2023-36007 | Microsoft | Unspecified vulnerability in Microsoft Send Customer Voice Survey From Dynamics 365 9.0.0.0/9.0.0.7 Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability | 4.1 |
11 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-11-15 | CVE-2023-30954 | Palantir | Race Condition vulnerability in Palantir Video-Application-Server The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized. | 3.7 |
2023-11-15 | CVE-2023-46121 | YT DLP Project | HTTP Request Smuggling vulnerability in Yt-Dlp Project Yt-Dlp yt-dlp is a youtube-dl fork with additional features and fixes. | 3.7 |
2023-11-14 | CVE-2023-6109 | YOP Poll | Race Condition vulnerability in Yop-Poll YOP Poll The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. | 3.7 |
2023-11-14 | CVE-2023-22329 | Intel | Unspecified vulnerability in Intel products Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access. | 3.5 |
2023-11-14 | CVE-2023-36016 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 3.4 |
2023-11-17 | CVE-2023-47072 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe After Effects 24.0 Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. | 3.3 |
2023-11-16 | CVE-2023-47060 | Adobe | Access of Uninitialized Pointer vulnerability in Adobe Premiere PRO Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. | 3.3 |
2023-11-14 | CVE-2023-20519 | AMD | Use After Free vulnerability in AMD Genoapi Firmware and Milanpi Firmware A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. | 3.3 |
2023-11-14 | CVE-2023-45585 | Fortinet | Information Exposure Through Log Files vulnerability in Fortinet Fortisiem An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. | 3.3 |
2023-11-15 | CVE-2023-23549 | Tribe29 | Unspecified vulnerability in Tribe29 Checkmk 2.0.0/2.1.0/2.2.0 Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. | 2.7 |
2023-11-14 | CVE-2023-22313 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. | 2.3 |