Weekly Vulnerabilities Reports > December 11 to 17, 2023

Overview

872 new vulnerabilities reported during this period, including 95 critical vulnerabilities and 269 high severity vulnerabilities. This weekly summary report vulnerabilities in 679 products from 291 vendors including Adobe, Microsoft, Apple, Siemens, and Jenkins. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Path Traversal", and "Cross-Site Request Forgery (CSRF)".

  • 732 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 452 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 407 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 214 reported vulnerabilities.
  • Kodcloud has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

95 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-12-14 CVE-2023-45894 Parallels Unspecified vulnerability in Parallels Remote Application Server

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques.

10.0
2023-12-17 CVE-2023-6903 Netentsec SQL Injection vulnerability in Netentsec Application Security Gateway 6.3.1

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1.

9.8
2023-12-17 CVE-2023-6902 Codelyfe Unrestricted Upload of File with Dangerous Type vulnerability in Codelyfe Stupid Simple CMS

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical.

9.8
2023-12-17 CVE-2023-6901 Codelyfe OS Command Injection vulnerability in Codelyfe Stupid Simple CMS

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3.

9.8
2023-12-17 CVE-2023-6899 Rmountjoy92 Code Injection vulnerability in Rmountjoy92 Dashmachine 0.54

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4.

9.8
2023-12-17 CVE-2023-6898 Mayuri K SQL Injection vulnerability in Mayuri K Best Courier Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0.

9.8
2023-12-17 CVE-2023-6895 Hikvision OS Command Injection vulnerability in Hikvision Intercom Broadcast System

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK).

9.8
2023-12-17 CVE-2023-50965 Starnight Out-of-bounds Write vulnerability in Starnight Micro Http Server

In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.

9.8
2023-12-17 CVE-2023-6886 Wang Market Code Injection vulnerability in Wang.Market Wangmarket 6.1

A vulnerability was found in xnx3 wangmarket 6.1.

9.8
2023-12-17 CVE-2023-6887 Forestblog Project Unrestricted Upload of File with Dangerous Type vulnerability in Forestblog Project Forestblog 20190404

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630.

9.8
2023-12-17 CVE-2023-6888 Phz76 Out-of-bounds Write vulnerability in Phz76 Rtspserver 1.0.0

A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0.

9.8
2023-12-16 CVE-2023-6885 Tongda2000 SQL Injection vulnerability in Tongda2000 Tongda Office Anywhere 2017

A vulnerability was found in Tongda OA 2017 up to 11.10.

9.8
2023-12-16 CVE-2023-6559 WEB Soudan Path Traversal vulnerability in Web-Soudan MW WP Form

The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3.

9.8
2023-12-16 CVE-2023-6852 Kodcloud Server-Side Request Forgery (SSRF) vulnerability in Kodcloud Kodexplorer

A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03.

9.8
2023-12-16 CVE-2023-6853 Kodcloud Server-Side Request Forgery (SSRF) vulnerability in Kodcloud Kodexplorer

A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03.

9.8
2023-12-16 CVE-2023-6851 Kodcloud Code Injection vulnerability in Kodcloud Kodexplorer

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03.

9.8
2023-12-16 CVE-2023-6850 Kodcloud Unrestricted Upload of File with Dangerous Type vulnerability in Kodcloud Kodexplorer

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03.

9.8
2023-12-16 CVE-2023-6849 Kodcloud Server-Side Request Forgery (SSRF) vulnerability in Kodcloud Kodbox

A vulnerability was found in kalcaddle kodbox up to 1.48.

9.8
2023-12-16 CVE-2023-6848 Kodcloud Command Injection vulnerability in Kodcloud Kodbox

A vulnerability was found in kalcaddle kodbox up to 1.48.

9.8
2023-12-16 CVE-2020-17485 Uffizio Unspecified vulnerability in Uffizio GPS Tracker

A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions.

9.8
2023-12-16 CVE-2021-42796 Aveva Unspecified vulnerability in Aveva Edge 2020/8.1

An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.

9.8
2023-12-15 CVE-2023-50469 Szlbt Classic Buffer Overflow vulnerability in Szlbt Lbt-T300-T310 Firmware 2.2.2.6

Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi.

9.8
2023-12-15 CVE-2023-50918 Misp Unspecified vulnerability in Misp

app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.

9.8
2023-12-15 CVE-2023-50089 Netgear Command Injection vulnerability in Netgear Wnr2000 Firmware 1.0.0.70

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70.

9.8
2023-12-15 CVE-2023-50917 Mjdm Command Injection vulnerability in Mjdm Majordomo

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters.

9.8
2023-12-15 CVE-2023-33218 Idemia Out-of-bounds Write vulnerability in Idemia products

The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow.

9.8
2023-12-15 CVE-2023-33219 Idemia Out-of-bounds Write vulnerability in Idemia products

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations.

9.8
2023-12-15 CVE-2023-33220 Idemia Out-of-bounds Write vulnerability in Idemia products

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check.

9.8
2023-12-15 CVE-2023-33221 Idemia Out-of-bounds Write vulnerability in Idemia products

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received.

9.8
2023-12-15 CVE-2023-33222 Idemia Out-of-bounds Write vulnerability in Idemia products

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading.

9.8
2023-12-15 CVE-2023-6553 Backupbliss Unspecified vulnerability in Backupbliss Backup Migration

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file.

9.8
2023-12-15 CVE-2023-48392 Kaifa Use of Hard-coded Credentials vulnerability in Kaifa Webitr Attendance System 2.1.0.23

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key.

9.8
2023-12-15 CVE-2023-29234 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.

9.8
2023-12-15 CVE-2023-46279 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo 3.1.5

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.

9.8
2023-12-15 CVE-2023-48384 Armorxgt SQL Injection vulnerability in Armorxgt Spamtrap 8.15.22.872.0881.90.027

ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function.

9.8
2023-12-15 CVE-2023-48388 Multisuns Use of Hard-coded Credentials vulnerability in Multisuns Easylog Web+ Firmware 1.13.2.8

Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials.

9.8
2023-12-15 CVE-2023-48390 Multisuns Code Injection vulnerability in Multisuns Easylog Web+ Firmware 1.13.2.8

Multisuns EasyLog web+ has a code injection vulnerability.

9.8
2023-12-15 CVE-2023-48376 Csharp Unrestricted Upload of File with Dangerous Type vulnerability in Csharp CWS Collaborative Development Platform 10.25

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type.

9.8
2023-12-15 CVE-2023-48372 Itpison SQL Injection vulnerability in Itpison Omicard EDM 6.0.1.5

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input.

9.8
2023-12-15 CVE-2023-48371 Itpison Unrestricted Upload of File with Dangerous Type vulnerability in Itpison Omicard EDM 6.0.1.5

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type.

9.8
2023-12-15 CVE-2023-40954 Gmarczynski SQL Injection vulnerability in Gmarczynski Dynamic Progress BAR

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v.

9.8
2023-12-15 CVE-2023-48050 Camsbiometrics
Odoo
SQL Injection vulnerability in multiple products

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v.

9.8
2023-12-15 CVE-2023-48049 Cybrosys SQL Injection vulnerability in Cybrosys Website Blog Search

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v.

9.8
2023-12-14 CVE-2023-4489 Silabs Use of Uninitialized Resource vulnerability in Silabs Z/Ip Gateway SDK 7.18.01

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier.

9.8
2023-12-14 CVE-2023-47261 Dokmee Unspecified vulnerability in Dokmee Enterprise Content Management 7.4.6

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled.

9.8
2023-12-14 CVE-2023-50073 Leadscloud SQL Injection vulnerability in Leadscloud Empirecms 7.5

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.

9.8
2023-12-14 CVE-2023-50563 SEM CMS SQL Injection vulnerability in Sem-Cms Semcms 4.8

Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.

9.8
2023-12-14 CVE-2023-0757 Phoenixcontact Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact Multiprog and Proconos Eclr

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.

9.8
2023-12-14 CVE-2023-46141 Phoenixcontact Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact products

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

9.8
2023-12-14 CVE-2023-40629 King Products SQL Injection vulnerability in King-Products LMS King Lite

SQLi vulnerability in LMS Lite component for Joomla.

9.8
2023-12-14 CVE-2023-40630 Joomcode Server-Side Request Forgery (SSRF) vulnerability in Joomcode Jcdashboard

Unauthenticated LFI/SSRF in JCDashboards component for Joomla.

9.8
2023-12-14 CVE-2023-46348 Sunnytoo SQL Injection vulnerability in Sunnytoo Sturls

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods.

9.8
2023-12-14 CVE-2023-48925 BUY Addons SQL Injection vulnerability in Buy-Addons Bavideotab

SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().

9.8
2023-12-14 CVE-2023-49707 Joomlart SQL Injection vulnerability in Joomlart S5 Register

SQLi vulnerability in S5 Register module for Joomla.

9.8
2023-12-14 CVE-2023-49708 Joomstar SQL Injection vulnerability in Joomstar Starshop

SQLi vulnerability in Starshop component for Joomla.

9.8
2023-12-14 CVE-2023-48084 Nagios SQL Injection vulnerability in Nagios XI

Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.

9.8
2023-12-14 CVE-2023-48085 Nagios Unspecified vulnerability in Nagios XI

Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.

9.8
2023-12-14 CVE-2023-44709 Sammycage Integer Overflow or Wraparound vulnerability in Sammycage Plutosvg

PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.

9.8
2023-12-14 CVE-2023-49934 Schedmd SQL Injection vulnerability in Schedmd Slurm 23.11

An issue was discovered in SchedMD Slurm 23.11.x.

9.8
2023-12-14 CVE-2023-49937 Schedmd Double Free vulnerability in Schedmd Slurm

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x.

9.8
2023-12-14 CVE-2023-40921 Common Services SQL Injection vulnerability in Common-Services Soliberte 4.0.0

SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters.

9.8
2023-12-13 CVE-2023-46726 Glpi Project Injection vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

9.8
2023-12-13 CVE-2023-46727 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

9.8
2023-12-13 CVE-2023-6771 Oretnom23 SQL Injection vulnerability in Oretnom23 Simple Student Attendance System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0.

9.8
2023-12-13 CVE-2023-49363 Rockoa SQL Injection vulnerability in Rockoa

Rockoa <2.3.3 is vulnerable to SQL Injection.

9.8
2023-12-13 CVE-2023-6765 Mayurik SQL Injection vulnerability in Mayurik Online Tours & Travels Management System 1.0

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0.

9.8
2023-12-13 CVE-2023-6756 Thecosy Improper Restriction of Excessive Authentication Attempts vulnerability in Thecosy Icecms 2.0.1

A vulnerability was found in Thecosy IceCMS 2.0.1.

9.8
2023-12-13 CVE-2023-42495 Dasannetworks OS Command Injection vulnerability in Dasannetworks W-Web

Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9.8
2023-12-13 CVE-2023-6723 Europeana Unrestricted Upload of File with Dangerous Type vulnerability in Europeana Repox 2.3.7

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.

9.8
2023-12-13 CVE-2023-47577 Relyum Insufficiently Protected Credentials vulnerability in Relyum Rely-Pcie Firmware and Rely-Rec Firmware

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password.

9.8
2023-12-12 CVE-2023-50252 Dompdf External Control of System or Configuration Setting vulnerability in Dompdf PHP-Svg-Lib

php-svg-lib is an SVG file parsing / rendering library.

9.8
2023-12-12 CVE-2023-43364 Arjunsharda Injection vulnerability in Arjunsharda Searchor

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.

9.8
2023-12-12 CVE-2013-2513 Milboj Command Injection vulnerability in Milboj Flash Tool 0.5.0/0.6.0

The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.

9.8
2023-12-12 CVE-2023-46454 GL Inet OS Command Injection vulnerability in Gl-Inet Gl-Ar300M Firmware 4.3.7

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.

9.8
2023-12-12 CVE-2023-46456 GL Inet Injection vulnerability in Gl-Inet Gl-Ar300M Firmware 3.216

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.

9.8
2023-12-12 CVE-2023-6593 Devolutions Incorrect Permission Assignment for Critical Resource vulnerability in Devolutions Remote Desktop Manager

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.

9.8
2023-12-12 CVE-2023-48427 Siemens Improper Certificate Validation vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2).

9.8
2023-12-12 CVE-2023-41117 Enterprisedb Uncontrolled Search Path Element vulnerability in Enterprisedb Postgres Advanced Server

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.

9.8
2023-12-12 CVE-2023-50424 SAP Improper Privilege Management vulnerability in SAP Cloud-Security-Client-Go

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges.

9.8
2023-12-12 CVE-2023-49583 SAP Improper Privilege Management vulnerability in SAP @Sap/XSSec

SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges.

9.8
2023-12-12 CVE-2023-50422 SAP Improper Privilege Management vulnerability in SAP Cloud-Security-Services-Integration-Library

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges.

9.8
2023-12-12 CVE-2023-50423 SAP Improper Privilege Management vulnerability in SAP Sap-XSSec

SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges.

9.8
2023-12-11 CVE-2023-50245 Afichet Classic Buffer Overflow vulnerability in Afichet Openexr Viewer

OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing.

9.8
2023-12-11 CVE-2023-49417 Totolink Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.

9.8
2023-12-11 CVE-2023-49418 Totolink Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.

9.8
2023-12-11 CVE-2023-48417 Google Missing Authorization vulnerability in Google Chromecast Firmware

Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application

9.8
2023-12-11 CVE-2023-48424 Google Unspecified vulnerability in Google Chromecast Firmware

U-Boot shell vulnerability resulting in Privilege escalation in a production device

9.8
2023-12-11 CVE-2023-48425 Google Unspecified vulnerability in Google Chromecast Firmware

U-Boot vulnerability resulting in persistent Code Execution 

9.8
2023-12-11 CVE-2023-6181 Google Unspecified vulnerability in Google Chromecast Firmware

An oversight in BCB handling of reboot reason that allows for persistent code execution

9.8
2023-12-14 CVE-2023-31546 Dedebiz Cross-site Scripting vulnerability in Dedebiz 6.0.3

Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature.

9.6
2023-12-12 CVE-2023-49581 SAP SQL Injection vulnerability in SAP Netweaver Application Server Abap

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential.

9.4
2023-12-17 CVE-2023-6900 Rmountjoy92 Path Traversal vulnerability in Rmountjoy92 Dashmachine 0.54

A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4.

9.1
2023-12-15 CVE-2023-4020 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

9.1
2023-12-12 CVE-2023-48225 LAF Information Exposure vulnerability in LAF

Laf is a cloud development platform.

9.1
2023-12-12 CVE-2023-36649 Prolion Information Exposure Through Log Files vulnerability in Prolion Cryptospike 3.0.15

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.

9.1

269 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-12-17 CVE-2023-3907 Gitlab Improper Privilege Management vulnerability in Gitlab

A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner

8.8
2023-12-17 CVE-2023-6904 Nxfilter Cross-Site Request Forgery (CSRF) vulnerability in Nxfilter 4.3.2.5

A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5.

8.8
2023-12-17 CVE-2023-49816 Whereyoursolutionis Cross-Site Request Forgery (CSRF) vulnerability in Whereyoursolutionis FIX MY Feed RSS Repair

Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4.

8.8
2023-12-17 CVE-2023-49824 Pixelyoursite Cross-Site Request Forgery (CSRF) vulnerability in Pixelyoursite Product Catalog Feed

Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.

8.8
2023-12-17 CVE-2023-49834 Pluginus Cross-Site Request Forgery (CSRF) vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.

8.8
2023-12-17 CVE-2023-24380 Webbjocke Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple WP Sitemap

Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.

8.8
2023-12-17 CVE-2023-49751 Getbutterfly Cross-Site Request Forgery (CSRF) vulnerability in Getbutterfly Block for Font Awesome

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.

8.8
2023-12-17 CVE-2023-49769 Softlabbd Cross-Site Request Forgery (CSRF) vulnerability in Softlabbd Integrate Google Drive

Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4.

8.8
2023-12-17 CVE-2023-49775 Wpcore Cross-Site Request Forgery (CSRF) vulnerability in Wpcore CSV Importer

Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.

8.8
2023-12-15 CVE-2023-50721 Xwiki Code Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-12-15 CVE-2023-50722 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-12-15 CVE-2023-50723 Xwiki Code Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-12-15 CVE-2023-49197 Apasionados Cross-Site Request Forgery (CSRF) vulnerability in Apasionados Dofollow Case BY Case

Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2.

8.8
2023-12-15 CVE-2023-49744 Giftup Cross-Site Request Forgery (CSRF) vulnerability in Giftup Gift UP Gift Cards for Wordpress and Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.

8.8
2023-12-15 CVE-2023-49749 Suretriggers Cross-Site Request Forgery (CSRF) vulnerability in Suretriggers

Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.

8.8
2023-12-15 CVE-2023-46116 Tuta Unspecified vulnerability in Tuta Tutanota

Tutanota (Tuta Mail) is an encrypted email provider.

8.8
2023-12-15 CVE-2023-50870 Jetbrains Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible

8.8
2023-12-15 CVE-2023-48394 Kaifa Unrestricted Upload of File with Dangerous Type vulnerability in Kaifa Webitr Attendance System 2.1.0.23

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type.

8.8
2023-12-15 CVE-2023-48387 Twca Improper Input Validation vulnerability in Twca Jcicsecuritytool 4.2.3.32

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions.

8.8
2023-12-15 CVE-2023-48375 Csharp Missing Authorization vulnerability in Csharp CWS Collaborative Development Platform 10.25

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands.

8.8
2023-12-15 CVE-2023-6827 G5Plus Unrestricted Upload of File with Dangerous Type vulnerability in G5Plus Essential Real Estate

The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5.

8.8
2023-12-14 CVE-2023-6702 Google
Fedoraproject
Microsoft
Type Confusion vulnerability in multiple products

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-12-14 CVE-2023-6703 Google Use After Free vulnerability in Google Chrome

Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-12-14 CVE-2023-6704 Google Use After Free vulnerability in Google Chrome

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file.

8.8
2023-12-14 CVE-2023-6705 Google Use After Free vulnerability in Google Chrome

Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-12-14 CVE-2023-6706 Google Use After Free vulnerability in Google Chrome

Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-12-14 CVE-2023-6707 Google Use After Free vulnerability in Google Chrome

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-12-14 CVE-2023-50017 Iteachyou Cross-Site Request Forgery (CSRF) vulnerability in Iteachyou Dreamer CMS 4.1.3

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup

8.8
2023-12-14 CVE-2023-42799 Moonlight Stream Classic Buffer Overflow vulnerability in Moonlight-Stream products

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients.

8.8
2023-12-14 CVE-2023-42800 Moonlight Stream Classic Buffer Overflow vulnerability in Moonlight-Stream products

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients.

8.8
2023-12-14 CVE-2023-50564 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.18

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.

8.8
2023-12-14 CVE-2023-45185 IBM Incorrect Authorization vulnerability in IBM I Access Client Solutions

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code.

8.8
2023-12-14 CVE-2023-46142 Phoenixcontact Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact products

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

8.8
2023-12-14 CVE-2023-25643 ZTE Command Injection vulnerability in ZTE Mc801A1 Firmware and Mc801A Firmware

There is a command injection vulnerability in some ZTE mobile internet products.

8.8
2023-12-14 CVE-2023-49935 Schedmd Insufficient Session Expiration vulnerability in Schedmd Slurm

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x.

8.8
2023-12-13 CVE-2023-43586 Zoom Path Traversal vulnerability in Zoom products

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

8.8
2023-12-13 CVE-2023-6773 Codeastro Improper Access Control vulnerability in Codeastro POS and Inventory Management System 1.0

A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic.

8.8
2023-12-13 CVE-2023-43813 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

8.8
2023-12-13 CVE-2023-50766 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Nexus Platform 3.18.003

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.

8.8
2023-12-13 CVE-2023-50768 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Nexus Platform 3.18.003

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

8.8
2023-12-13 CVE-2023-50778 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Paaslane Estimate 1.0.4

A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.

8.8
2023-12-13 CVE-2023-6761 Thecosy Improper Access Control vulnerability in Thecosy Icecms 2.0.1

A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1.

8.8
2023-12-13 CVE-2023-47322 Silverpeas Cross-Site Request Forgery (CSRF) vulnerability in Silverpeas

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation.

8.8
2023-12-13 CVE-2023-47326 Silverpeas Cross-Site Request Forgery (CSRF) vulnerability in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.

8.8
2023-12-13 CVE-2023-44251 Fortinet Path Traversal vulnerability in Fortinet Fortiwan

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1.

8.8
2023-12-13 CVE-2023-44252 Fortinet Improper Authentication vulnerability in Fortinet Fortiwan

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.

8.8
2023-12-13 CVE-2022-27488 Fortinet Cross-Site Request Forgery (CSRF) vulnerability in Fortinet products

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.

8.8
2023-12-13 CVE-2023-36639 Fortinet Use of Externally-Controlled Format String vulnerability in Fortinet Fortios

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.

8.8
2023-12-13 CVE-2023-41678 Fortinet Double Free vulnerability in Fortinet Fortios and Fortipam

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

8.8
2023-12-13 CVE-2023-48782 Fortinet OS Command Injection vulnerability in Fortinet Fortiwlm

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

8.8
2023-12-13 CVE-2023-48791 Fortinet Command Injection vulnerability in Fortinet Fortiportal

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.

8.8
2023-12-13 CVE-2023-47573 Relyum Missing Authorization vulnerability in Relyum Rely-Pcie Firmware and Rely-Rec Firmware

An issue discovered in Relyum RELY-PCIe 22.2.1 devices.

8.8
2023-12-13 CVE-2023-47576 Relyum Command Injection vulnerability in Relyum Rely-Pcie Firmware and Rely-Rec Firmware

An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface.

8.8
2023-12-13 CVE-2023-47578 Relyum Cross-Site Request Forgery (CSRF) vulnerability in Relyum Rely-Pcie Firmware and Rely-Rec Firmware

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.

8.8
2023-12-13 CVE-2023-6753 Lfprojects Path Traversal vulnerability in Lfprojects Mlflow

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.

8.8
2023-12-12 CVE-2023-3517 Hitachi Unspecified vulnerability in Hitachi Pentaho Data Integration and Analytics 1.0/9.4.0.0

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

8.8
2023-12-12 CVE-2023-35630 Microsoft Unspecified vulnerability in Microsoft products

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

8.8
2023-12-12 CVE-2023-35634 Microsoft Unspecified vulnerability in Microsoft Windows 11 21H2

Windows Bluetooth Driver Remote Code Execution Vulnerability

8.8
2023-12-12 CVE-2023-35639 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability

8.8
2023-12-12 CVE-2023-35641 Microsoft Unspecified vulnerability in Microsoft products

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

8.8
2023-12-12 CVE-2023-36006 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-12-12 CVE-2020-10676 Suse Incorrect Authorization vulnerability in Suse Rancher

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.

8.8
2023-12-12 CVE-2023-46281 Siemens Overly Permissive Cross-domain Whitelist vulnerability in Siemens products

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).

8.8
2023-12-12 CVE-2023-45316 Mattermost Path Traversal vulnerability in Mattermost Server

Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.

8.8
2023-12-12 CVE-2023-48641 Archerirm Authorization Bypass Through User-Controlled Key vulnerability in Archerirm Archer

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability.

8.8
2023-12-12 CVE-2023-41118 Enterprisedb Unspecified vulnerability in Enterprisedb Postgres Advanced Server

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.

8.8
2023-12-12 CVE-2023-41119 Enterprisedb Improper Privilege Management vulnerability in Enterprisedb Postgres Advanced Server

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.

8.8
2023-12-12 CVE-2023-6709 Lfprojects Unspecified vulnerability in Lfprojects Mlflow

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

8.8
2023-12-12 CVE-2023-42890 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

8.8
2023-12-12 CVE-2023-42910 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

8.8
2023-12-12 CVE-2023-36646 Prolion Incorrect Authorization vulnerability in Prolion Cryptospike 3.0.15

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.

8.8
2023-12-11 CVE-2021-3187 Beyondtrust Unspecified vulnerability in Beyondtrust Privilege Management for mac

An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7.

8.8
2023-12-11 CVE-2023-49805 Dockge Kuma
Uptime Kuma
Origin Validation Error vulnerability in multiple products

Uptime Kuma is an easy-to-use self-hosted monitoring tool.

8.8
2023-12-11 CVE-2020-12613 Beyondtrust Unspecified vulnerability in Beyondtrust Privilege Management for Windows

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6.

8.8
2023-12-11 CVE-2023-6035 Spider Themes SQL Injection vulnerability in Spider-Themes Eazydocs

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.

8.8
2023-12-11 CVE-2023-6671 Openjournalsystems Cross-Site Request Forgery (CSRF) vulnerability in Openjournalsystems Open Journal Systems 3.3.0.13

A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

8.8
2023-12-11 CVE-2023-6185 Libreoffice
Fedoraproject
Debian
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
8.8
2023-12-11 CVE-2023-6186 Libreoffice
Fedoraproject
Debian
Improper Preservation of Permissions vulnerability in multiple products

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

8.8
2023-12-11 CVE-2023-49964 Hyland Injection vulnerability in Hyland Alfresco Content Services 7.2.0

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0.

8.8
2023-12-11 CVE-2023-5500 Frauscher Code Injection vulnerability in Frauscher Diagnostic System 102

This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.

8.8
2023-12-12 CVE-2023-48431 Siemens Improper Check for Unusual or Exceptional Conditions vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2).

8.6
2023-12-15 CVE-2023-6837 Wso2 Unspecified vulnerability in Wso2 products

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.

8.2
2023-12-14 CVE-2023-37457 Sangoma
Digium
Classic Buffer Overflow vulnerability in multiple products

Asterisk is an open source private branch exchange and telephony toolkit.

8.2
2023-12-14 CVE-2023-6569 H2O Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4

External Control of File Name or Path in h2oai/h2o-3

8.2
2023-12-14 CVE-2023-49938 Schedmd Unspecified vulnerability in Schedmd Slurm

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x.

8.2
2023-12-12 CVE-2023-36648 Prolion Improper Authentication vulnerability in Prolion Cryptospike 3.0.15

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).

8.2
2023-12-15 CVE-2023-6680 Gitlab Improper Certificate Validation vulnerability in Gitlab

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication.

8.1
2023-12-15 CVE-2023-6831 Lfprojects Path Traversal vulnerability in Lfprojects Mlflow

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

8.1
2023-12-14 CVE-2023-6572 Gradio Project Command Injection vulnerability in Gradio Project Gradio

Command Injection in GitHub repository gradio-app/gradio prior to main.

8.1
2023-12-13 CVE-2023-50764 Jenkins Unspecified vulnerability in Jenkins Scriptler

Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.

8.1
2023-12-13 CVE-2023-50774 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Html Resource 1.01/1.02

A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.

8.1
2023-12-13 CVE-2023-47320 Silverpeas Unspecified vulnerability in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control.

8.1
2023-12-12 CVE-2023-35628 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Remote Code Execution Vulnerability

8.1
2023-12-12 CVE-2023-36005 Microsoft Unspecified vulnerability in Microsoft products

Windows Telephony Server Elevation of Privilege Vulnerability

8.1
2023-12-12 CVE-2023-42481 SAP Improper Access Control vulnerability in SAP Commerce Cloud 8.1

In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place.

8.1
2023-12-15 CVE-2023-48380 Softnext OS Command Injection vulnerability in Softnext Mail SQR Expert 230330

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function.

8.0
2023-12-14 CVE-2023-25651 ZTE SQL Injection vulnerability in ZTE Mf286R Firmware and Mf833U1 Firmware

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

8.0
2023-12-17 CVE-2023-6891 Peazip Uncontrolled Search Path Element vulnerability in Peazip 9.4.0

A vulnerability has been found in PeaZip 9.4.0 and classified as problematic.

7.8
2023-12-14 CVE-2023-49342 Ubuntubudgie Exposure of Resource to Wrong Sphere vulnerability in Ubuntubudgie Budgie Extras

Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated.

7.8
2023-12-14 CVE-2023-49343 Ubuntubudgie Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Ubuntubudgie Budgie Extras

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated.

7.8
2023-12-14 CVE-2023-49344 Ubuntubudgie Exposure of Resource to Wrong Sphere vulnerability in Ubuntubudgie Budgie Extras

Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated.

7.8
2023-12-14 CVE-2023-49345 Ubuntubudgie Exposure of Resource to Wrong Sphere vulnerability in Ubuntubudgie Budgie Extras

Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated.

7.8
2023-12-14 CVE-2023-49346 Ubuntubudgie Exposure of Resource to Wrong Sphere vulnerability in Ubuntubudgie Budgie Extras

Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated.

7.8
2023-12-14 CVE-2023-49347 Ubuntubudgie Exposure of Resource to Wrong Sphere vulnerability in Ubuntubudgie Budgie Extras

Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated.

7.8
2023-12-14 CVE-2023-44285 Dell Unspecified vulnerability in Dell products

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability.

7.8
2023-12-14 CVE-2023-44277 Dell OS Command Injection vulnerability in Dell products

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI.

7.8
2023-12-14 CVE-2023-25648 ZTE Incorrect Permission Assignment for Critical Resource vulnerability in ZTE Zxcloud Irai Firmware 6.03.04

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product.

7.8
2023-12-14 CVE-2023-41720 Ivanti Unspecified vulnerability in Ivanti Connect Secure

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application.

7.8
2023-12-13 CVE-2023-45166 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges.

7.8
2023-12-13 CVE-2023-45170 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service.

7.8
2023-12-13 CVE-2023-45174 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service.

7.8
2023-12-13 CVE-2023-48625 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48626 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48627 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48628 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48629 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48630 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Sampler 4.2.1

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48632 Adobe Out-of-bounds Write vulnerability in Adobe After Effects

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48633 Adobe Use After Free vulnerability in Adobe After Effects

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48634 Adobe Unspecified vulnerability in Adobe After Effects

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-48639 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Designer 12.4.0

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-47063 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2023-47074 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-12-13 CVE-2023-47075 Adobe Use After Free vulnerability in Adobe Illustrator

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-12-13 CVE-2022-22942 Vmware Use After Free vulnerability in VMWare Photon OS 3.0/4.0

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

7.8
2023-12-13 CVE-2023-31210 Tribe29 Uncontrolled Search Path Element vulnerability in Tribe29 Checkmk 2.2.0

Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries

7.8
2023-12-13 CVE-2023-40716 Fortinet OS Command Injection vulnerability in Fortinet Fortitester

An improper neutralization of special elements used in an OS command vulnerability [CWE-78]  in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .

7.8
2023-12-13 CVE-2023-6377 Redhat
Debian
X ORG
Tigervnc
Out-of-bounds Read vulnerability in multiple products

A flaw was found in xorg-server.

7.8
2023-12-12 CVE-2023-5764 Redhat
Fedoraproject
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data.
7.8
2023-12-12 CVE-2023-21740 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Remote Code Execution Vulnerability

7.8
2023-12-12 CVE-2023-35631 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2023-12-12 CVE-2023-35632 Microsoft Unspecified vulnerability in Microsoft products

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8
2023-12-12 CVE-2023-35633 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-12-12 CVE-2023-35644 Microsoft Unspecified vulnerability in Microsoft products

Windows Sysmain Service Elevation of Privilege

7.8
2023-12-12 CVE-2023-36011 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2023-12-12 CVE-2023-36391 Microsoft Unspecified vulnerability in Microsoft Windows 11 23H2 10.0.22631.2428/10.0.22631.2506/10.0.22631.2715

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

7.8
2023-12-12 CVE-2023-36696 Microsoft Unspecified vulnerability in Microsoft products

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

7.8
2023-12-12 CVE-2020-12614 Beyondtrust Unspecified vulnerability in Beyondtrust Privilege Management for Windows

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6.

7.8
2023-12-12 CVE-2020-28369 Beyondtrust Uncontrolled Search Path Element vulnerability in Beyondtrust Privilege Management for Windows

In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.

7.8
2023-12-12 CVE-2020-12612 Beyondtrust Unspecified vulnerability in Beyondtrust Privilege Management for Windows

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6.

7.8
2023-12-12 CVE-2020-12615 Beyondtrust Unspecified vulnerability in Beyondtrust Privilege Management for Windows

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6.

7.8
2023-12-12 CVE-2023-48677 Acronis Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect Home Office

Local privilege escalation due to DLL hijacking vulnerability.

7.8
2023-12-12 CVE-2023-40446 Apple Unspecified vulnerability in Apple Ipados, Iphone OS and Macos

The issue was addressed with improved memory handling.

7.8
2023-12-12 CVE-2023-42882 Apple Out-of-bounds Write vulnerability in Apple Macos

The issue was addressed with improved memory handling.

7.8
2023-12-12 CVE-2023-42886 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds read was addressed with improved bounds checking.

7.8
2023-12-12 CVE-2023-42899 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2023-12-12 CVE-2023-42901 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42902 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42903 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42904 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42905 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42906 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42907 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42908 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42909 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42911 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42912 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-12 CVE-2023-42926 Apple Out-of-bounds Write vulnerability in Apple Macos

Multiple memory corruption issues were addressed with improved input validation.

7.8
2023-12-11 CVE-2023-49804 Dockge Kuma
Uptime Kuma
Session Fixation vulnerability in multiple products

Uptime Kuma is an easy-to-use self-hosted monitoring tool.

7.8
2023-12-14 CVE-2023-6563 Redhat Allocation of Resources Without Limits or Throttling vulnerability in Redhat products

An unconstrained memory consumption vulnerability was discovered in Keycloak.

7.7
2023-12-14 CVE-2023-42801 Moonlight Stream Classic Buffer Overflow vulnerability in Moonlight-Stream products

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients.

7.6
2023-12-12 CVE-2023-42478 SAP Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420/430

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

7.6
2023-12-17 CVE-2023-50271 HP Unspecified vulnerability in HP System Management Homepage

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH).

7.5
2023-12-17 CVE-2023-6893 Hikvision Path Traversal vulnerability in Hikvision Intercom Broadcast System

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic.

7.5
2023-12-16 CVE-2023-50784 Unrealircd Classic Buffer Overflow vulnerability in Unrealircd

A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open).

7.5
2023-12-16 CVE-2023-39340 Ivanti Unspecified vulnerability in Ivanti Connect Secure

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

7.5
2023-12-16 CVE-2020-17483 Uffizio Unspecified vulnerability in Uffizio GPS Tracker

An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices.

7.5
2023-12-16 CVE-2021-42797 Aveva Path Traversal vulnerability in Aveva Edge 2020/8.1

Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.

7.5
2023-12-15 CVE-2023-50728 Octokit
Probot
Improper Handling of Exceptional Conditions vulnerability in multiple products

octokit/webhooks is a GitHub webhook events toolset for Node.js.

7.5
2023-12-15 CVE-2023-50264 Bazarr Path Traversal vulnerability in Bazarr

Bazarr manages and downloads subtitles.

7.5
2023-12-15 CVE-2023-50265 Bazarr Path Traversal vulnerability in Bazarr

Bazarr manages and downloads subtitles.

7.5
2023-12-15 CVE-2023-50719 Xwiki Cleartext Storage of Sensitive Information vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

7.5
2023-12-15 CVE-2023-3904 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2.

7.5
2023-12-15 CVE-2023-49159 Sean Barton Server-Side Request Forgery (SSRF) vulnerability in Sean-Barton Commentluv

Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.

7.5
2023-12-15 CVE-2023-33217 Idemia Unspecified vulnerability in Idemia products

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal.

7.5
2023-12-15 CVE-2023-6836 Wso2 XXE vulnerability in Wso2 products

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

7.5
2023-12-15 CVE-2023-48389 Multisuns Path Traversal vulnerability in Multisuns Easylog Web+ Firmware 1.13.2.8

Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL.

7.5
2023-12-15 CVE-2023-48378 Softnext Path Traversal vulnerability in Softnext Mail SQR Expert 230330

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL.

7.5
2023-12-15 CVE-2023-48373 Itpison Path Traversal vulnerability in Itpison Omicard EDM 6.0.1.5

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function.

7.5
2023-12-14 CVE-2023-49294 Sangoma
Digium
Path Traversal vulnerability in multiple products

Asterisk is an open source private branch exchange and telephony toolkit.

7.5
2023-12-14 CVE-2023-50471 Cjson Project NULL Pointer Dereference vulnerability in Cjson Project Cjson 1.7.16

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.

7.5
2023-12-14 CVE-2023-50472 Cjson Project NULL Pointer Dereference vulnerability in Cjson Project Cjson 1.7.16

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

7.5
2023-12-14 CVE-2023-41151 Softing Improper Handling of Exceptional Conditions vulnerability in Softing OPC and OPC UA C++ Software Development KIT

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.

7.5
2023-12-14 CVE-2023-4694 HP Unspecified vulnerability in HP products

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header.

7.5
2023-12-14 CVE-2023-50269 Squid Cache Uncontrolled Recursion vulnerability in Squid-Cache Squid

Squid is a caching proxy for the Web.

7.5
2023-12-14 CVE-2023-48671 Dell Unspecified vulnerability in Dell products

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability.

7.5
2023-12-14 CVE-2023-48660 Dell Path Traversal vulnerability in Dell products

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability.

7.5
2023-12-14 CVE-2023-46143 Phoenixcontact Download of Code Without Integrity Check vulnerability in Phoenixcontact products

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

7.5
2023-12-14 CVE-2023-5592 Phoenixcontact Download of Code Without Integrity Check vulnerability in Phoenixcontact Multiprog and Proconos Eclr

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.

7.5
2023-12-14 CVE-2023-48631 Adobe Unspecified vulnerability in Adobe Css-Tools

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

7.5
2023-12-14 CVE-2023-1904 Octopus Information Exposure Through Log Files vulnerability in Octopus Server

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

7.5
2023-12-14 CVE-2023-25644 ZTE Unspecified vulnerability in ZTE Mc801A1 Firmware and Mc801A Firmware

There is a denial of service vulnerability in some ZTE mobile internet products.

7.5
2023-12-14 CVE-2023-49933 Schedmd Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Schedmd Slurm

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x.

7.5
2023-12-14 CVE-2023-49936 Schedmd NULL Pointer Dereference vulnerability in Schedmd Slurm

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x.

7.5
2023-12-14 CVE-2023-45184 IBM Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks.

7.5
2023-12-14 CVE-2022-43843 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale 5.1.5.0/5.1.5.1

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2023-12-14 CVE-2023-43042 IBM Unspecified vulnerability in IBM Storage Virtualize 8.3

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user.

7.5
2023-12-13 CVE-2023-50709 Cube Unspecified vulnerability in Cube Cube.Js

Cube is a semantic layer for building data applications.

7.5
2023-12-13 CVE-2023-50262 Dompdf Project Uncontrolled Recursion vulnerability in Dompdf Project Dompdf

Dompdf is an HTML to PDF converter for PHP.

7.5
2023-12-13 CVE-2023-46247 Vyperlang Off-by-one Error vulnerability in Vyperlang Vyper

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM).

7.5
2023-12-13 CVE-2023-50444 Primx Improper Restriction of Excessive Authentication Attempts vulnerability in Primx Zed!, Zedmail and Zonecentral

By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.

7.5
2023-12-13 CVE-2023-6759 Thecosy Unspecified vulnerability in Thecosy Icecms 2.0.1

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1.

7.5
2023-12-13 CVE-2023-34194 Tinyxml Project Reachable Assertion vulnerability in Tinyxml Project Tinyxml

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

7.5
2023-12-13 CVE-2023-47323 Silverpeas Unspecified vulnerability in Silverpeas

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter.

7.5
2023-12-13 CVE-2023-6721 Europeana XXE vulnerability in Europeana Repox 2.3.7

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system.

7.5
2023-12-13 CVE-2023-6722 Europeana Relative Path Traversal vulnerability in Europeana Repox 2.3.7

A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information.

7.5
2023-12-13 CVE-2023-6534 Freebsd Unspecified vulnerability in Freebsd 12.4/13.2/14.0

In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers.

7.5
2023-12-13 CVE-2023-6718 Europeana Missing Authentication for Critical Function vulnerability in Europeana Repox 2.3.7

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.

7.5
2023-12-13 CVE-2023-6478 X ORG
Redhat
Debian
Tigervnc
Integer Overflow or Wraparound vulnerability in multiple products

A flaw was found in xorg-server.

7.5
2023-12-13 CVE-2023-45801 Nadatel Improper Authentication vulnerability in Nadatel products

Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.

7.5
2023-12-13 CVE-2023-45800 Hanbiro SQL Injection vulnerability in Hanbiro Groupware 3.8.79

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.

7.5
2023-12-13 CVE-2023-47579 Relyum Unspecified vulnerability in Relyum Rely-Pcie Firmware 22.2.1

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.

7.5
2023-12-12 CVE-2023-5379 Redhat Allocation of Resources Without Limits or Throttling vulnerability in Redhat products

A flaw was found in Undertow.

7.5
2023-12-12 CVE-2023-50251 Dompdf Uncontrolled Recursion vulnerability in Dompdf PHP-Svg-Lib

php-svg-lib is an SVG file parsing / rendering library.

7.5
2023-12-12 CVE-2023-50247 Dena Allocation of Resources Without Limits or Throttling vulnerability in Dena H2O

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3.

7.5
2023-12-12 CVE-2023-35621 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 10.0.37/10.0.38

Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

7.5
2023-12-12 CVE-2023-35622 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Spoofing Vulnerability

7.5
2023-12-12 CVE-2023-35638 Microsoft Unspecified vulnerability in Microsoft products

DHCP Server Service Denial of Service Vulnerability

7.5
2023-12-12 CVE-2023-35643 Microsoft Unspecified vulnerability in Microsoft products

DHCP Server Service Information Disclosure Vulnerability

7.5
2023-12-12 CVE-2023-36004 Microsoft Unspecified vulnerability in Microsoft products

Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

7.5
2023-12-12 CVE-2023-36010 Microsoft Unspecified vulnerability in Microsoft Malware Protection Platform

Microsoft Defender Denial of Service Vulnerability

7.5
2023-12-12 CVE-2015-8314 Heartcombo Cleartext Storage of Sensitive Information vulnerability in Heartcombo Devise

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.

7.5
2023-12-12 CVE-2018-16153 Apereo Insufficiently Protected Credentials vulnerability in Apereo Opencast

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6.

7.5
2023-12-12 CVE-2023-28465 Hapifhir Path Traversal vulnerability in Hapifhir HL7 Fhir Core

The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker.

7.5
2023-12-12 CVE-2009-4123 Jruby Improper Certificate Validation vulnerability in Jruby Jruby-Openssl

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

7.5
2023-12-12 CVE-2023-46455 GL Inet Path Traversal vulnerability in Gl-Inet Gl-Ar300M Firmware 4.3.7

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.

7.5
2023-12-12 CVE-2022-47374 Siemens Uncontrolled Recursion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl.

7.5
2023-12-12 CVE-2022-47375 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl.

7.5
2023-12-12 CVE-2023-38380 Siemens Memory Leak vulnerability in Siemens products

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl.

7.5
2023-12-12 CVE-2023-46156 Siemens Use After Free vulnerability in Siemens products

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition.

7.5
2023-12-12 CVE-2023-46283 Siemens Classic Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).

7.5
2023-12-12 CVE-2023-46284 Siemens Out-of-bounds Write vulnerability in Siemens products

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).

7.5
2023-12-12 CVE-2023-46285 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).

7.5
2023-12-12 CVE-2023-41963 Jtekt Resource Exhaustion vulnerability in Jtekt products

Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series.

7.5
2023-12-12 CVE-2023-49140 Jtekt Resource Exhaustion vulnerability in Jtekt products

Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series.

7.5
2023-12-12 CVE-2023-49143 Jtekt Resource Exhaustion vulnerability in Jtekt products

Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series.

7.5
2023-12-12 CVE-2023-49713 Jtekt Resource Exhaustion vulnerability in Jtekt products

Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series.

7.5
2023-12-12 CVE-2023-45847 Mattermost Resource Exhaustion vulnerability in Mattermost Server

Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin

7.5
2023-12-12 CVE-2023-49607 Mattermost Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost Server

Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.

7.5
2023-12-12 CVE-2022-48616 Huawei OS Command Injection vulnerability in Huawei Ar617Vw Firmware V300R21C00Spc200

A Huawei data communication product has a command injection vulnerability.

7.5
2023-12-12 CVE-2023-36647 Prolion Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

7.5
2023-12-11 CVE-2023-49803 Koajs Origin Validation Error vulnerability in Koajs Cross-Origin Resource Sharing for KOA

@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js.

7.5
2023-12-11 CVE-2023-49355 Jqlang Out-of-bounds Write vulnerability in Jqlang JQ 1.737G88F01A7

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input.

7.5
2023-12-11 CVE-2023-6659 Campcodes SQL Injection vulnerability in Campcodes Student Clearance System 1.0

A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0.

7.5
2023-12-12 CVE-2023-36019 Microsoft Unspecified vulnerability in Microsoft Azure Logic Apps and Power Platform

Microsoft Power Platform Connector Spoofing Vulnerability

7.4
2023-12-12 CVE-2023-35624 Microsoft Unspecified vulnerability in Microsoft Azure Connected Machine Agent 1.34/1.35/1.36

Azure Connected Machine Agent Elevation of Privilege Vulnerability

7.3
2023-12-12 CVE-2023-36003 Microsoft Unspecified vulnerability in Microsoft products

XAML Diagnostics Elevation of Privilege Vulnerability

7.3
2023-12-12 CVE-2023-49580 SAP Unspecified vulnerability in SAP Graphical User Interface

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential.

7.3
2023-12-15 CVE-2023-49898 Apache Command Injection vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1

In streampark, there is a project module that integrates Maven's compilation capability.

7.2
2023-12-15 CVE-2023-6826 E2Pdf Unrestricted Upload of File with Dangerous Type vulnerability in E2Pdf

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25.

7.2
2023-12-14 CVE-2023-48662 Dell OS Command Injection vulnerability in Dell products

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability.

7.2
2023-12-14 CVE-2023-48663 Dell OS Command Injection vulnerability in Dell products

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability.

7.2
2023-12-14 CVE-2023-48664 Dell OS Command Injection vulnerability in Dell products

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability.

7.2
2023-12-14 CVE-2023-48665 Dell OS Command Injection vulnerability in Dell products

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability.

7.2
2023-12-14 CVE-2023-48667 Dell OS Command Injection vulnerability in Dell products

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI.

7.2
2023-12-14 CVE-2023-50011 Popojicms Unspecified vulnerability in Popojicms 2.0.1

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.

7.2
2023-12-14 CVE-2023-41719 Ivanti Unspecified vulnerability in Ivanti Connect Secure

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.

7.2
2023-12-13 CVE-2023-48702 Jellyfin Command Injection vulnerability in Jellyfin

Jellyfin is a system for managing and streaming media.

7.2
2023-12-13 CVE-2023-6772 Otcms SQL Injection vulnerability in Otcms 7.01

A vulnerability, which was classified as critical, was found in OTCMS 7.01.

7.2
2023-12-13 CVE-2023-6755 Dedebiz SQL Injection vulnerability in Dedebiz 6.2

A vulnerability was found in DedeBIZ 6.2 and classified as critical.

7.2
2023-12-12 CVE-2023-48428 Siemens OS Command Injection vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2).

7.2
2023-12-12 CVE-2023-41623 Emlog SQL Injection vulnerability in Emlog 2.1.14

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.

7.2
2023-12-12 CVE-2023-36650 Prolion Improper Validation of Integrity Check Value vulnerability in Prolion Cryptospike 3.0.15

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

7.2
2023-12-12 CVE-2023-36651 Prolion Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.

7.2
2023-12-14 CVE-2023-48676 Acronis Missing Authorization vulnerability in Acronis Cyber Protect Cloud Agent 21/22/23

Sensitive information disclosure and manipulation due to missing authorization.

7.1
2023-12-14 CVE-2023-6407 Schneider Electric Path Traversal vulnerability in Schneider-Electric Easy UPS Online Monitoring Software 2.5Gs/2.5Gs0122320

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.

7.1
2023-12-12 CVE-2022-48615 Huawei Unspecified vulnerability in Huawei Ar617Vw Firmware V300R21C00Spc200

An improper access control vulnerability exists in a Huawei datacom product.

7.1
2023-12-12 CVE-2023-6542 SAP Incorrect Authorization vulnerability in SAP Emarsys SDK 3.6.2

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application.

7.1
2023-12-11 CVE-2023-6194 Eclipse XXE vulnerability in Eclipse Memory Analyzer

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

7.1

500 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-12-12 CVE-2023-35629 Microsoft Unspecified vulnerability in Microsoft products

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

6.8
2023-12-12 CVE-2022-42784 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3).

6.8
2023-12-12 CVE-2023-49695 Elecom OS Command Injection vulnerability in Elecom products

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.

6.8
2023-12-12 CVE-2023-42476 SAP Cross-site Scripting vulnerability in SAP Businessobjects web Intelligence 420

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited.

6.8
2023-12-14 CVE-2023-44278 Dell Path Traversal vulnerability in Dell products

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability.

6.7
2023-12-14 CVE-2023-44279 Dell OS Command Injection vulnerability in Dell products

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI.

6.7
2023-12-14 CVE-2023-48668 Dell OS Command Injection vulnerability in Dell Powerprotect Data Domain Management Center

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation.

6.7
2023-12-13 CVE-2023-50770 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Openid

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.

6.7
2023-12-12 CVE-2023-41337 Dena Improper Verification of Cryptographic Signature vulnerability in Dena H2O

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3.

6.7
2023-12-12 CVE-2023-49691 Siemens OS Command Injection vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2).

6.7
2023-12-12 CVE-2023-49692 Siemens OS Command Injection vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2).

6.7
2023-12-17 CVE-2023-6894 Hikvision Unspecified vulnerability in Hikvision Intercom Broadcast System

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK).

6.5
2023-12-15 CVE-2023-28022 Hcltech Unspecified vulnerability in Hcltech Connections

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

6.5
2023-12-15 CVE-2023-5310 Silabs Unspecified vulnerability in Silabs Z-Wave Software Development KIT

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier.

6.5
2023-12-15 CVE-2023-6051 Gitlab Code Injection vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2.

6.5
2023-12-15 CVE-2023-48395 Kaifa SQL Injection vulnerability in Kaifa Webitr Attendance System 2.1.0.23

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function.

6.5
2023-12-15 CVE-2023-48381 Softnext Path Traversal vulnerability in Softnext Mail SQR Expert 2Dut.220701

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL.

6.5
2023-12-15 CVE-2023-48382 Softnext Path Traversal vulnerability in Softnext Mail SQR Expert 230330

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL.

6.5
2023-12-15 CVE-2023-48374 Csharp Use of Hard-coded Credentials vulnerability in Csharp CWS Collaborative Development Platform 10.25

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege.

6.5
2023-12-14 CVE-2023-45182 IBM Insecure Storage of Sensitive Information vulnerability in IBM I Access Client Solutions

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded.

6.5
2023-12-14 CVE-2023-46144 Phoenixcontact Download of Code Without Integrity Check vulnerability in Phoenixcontact products

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

6.5
2023-12-14 CVE-2023-6570 Kubeflow Server-Side Request Forgery (SSRF) vulnerability in Kubeflow 1.7.0

Server-Side Request Forgery (SSRF) in kubeflow/kubeflow

6.5
2023-12-14 CVE-2023-25642 ZTE Classic Buffer Overflow vulnerability in ZTE Mc801A1 Firmware and Mc801A Firmware

There is a buffer overflow vulnerability in some ZTE mobile internet producsts.

6.5
2023-12-14 CVE-2023-25650 ZTE Unspecified vulnerability in ZTE Zxcloud Irai Firmware 6.03.04

There is an arbitrary file download vulnerability in ZXCLOUD iRAI.

6.5
2023-12-14 CVE-2023-21751 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2020.1.2/2022.1.0

Azure DevOps Server Spoofing Vulnerability

6.5
2023-12-13 CVE-2023-43585 Zoom Unspecified vulnerability in Zoom products

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.

6.5
2023-12-13 CVE-2023-49646 Zoom Improper Authentication vulnerability in Zoom products

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

6.5
2023-12-13 CVE-2023-47619 Audiobookshelf Server-Side Request Forgery (SSRF) vulnerability in Audiobookshelf

Audiobookshelf is a self-hosted audiobook and podcast server.

6.5
2023-12-13 CVE-2023-47624 Audiobookshelf Path Traversal vulnerability in Audiobookshelf

Audiobookshelf is a self-hosted audiobook and podcast server.

6.5
2023-12-13 CVE-2023-50248 Okfn Improper Handling of Length Parameter Inconsistency vulnerability in Okfn Ckan

CKAN is an open-source data management system for powering data hubs and data portals.

6.5
2023-12-13 CVE-2023-6757 Thecosy Unspecified vulnerability in Thecosy Icecms 2.0.1

A vulnerability was found in Thecosy IceCMS 2.0.1.

6.5
2023-12-13 CVE-2023-6660 Freebsd Unspecified vulnerability in Freebsd 13.2/14.0

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded.

6.5
2023-12-13 CVE-2023-46671 Elastic Information Exposure Through Log Files vulnerability in Elastic Kibana

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error.

6.5
2023-12-13 CVE-2023-46675 Elastic Information Exposure Through Log Files vulnerability in Elastic Kibana

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana.

6.5
2023-12-12 CVE-2023-49089 Umbraco Path Traversal vulnerability in Umbraco CMS

Umbraco is an ASP.NET content management system (CMS).

6.5
2023-12-12 CVE-2023-49922 Elastic Information Exposure Through Log Files vulnerability in Elastic Beats 8.0.0/8.9.2

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429.

6.5
2023-12-12 CVE-2023-6687 Elastic Information Exposure Through Log Files vulnerability in Elastic Agent 8.0.0/8.9.2

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429.

6.5
2023-12-12 CVE-2023-35636 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Outlook Information Disclosure Vulnerability

6.5
2023-12-12 CVE-2023-35642 Microsoft Unspecified vulnerability in Microsoft products

Internet Connection Sharing (ICS) Denial of Service Vulnerability

6.5
2023-12-12 CVE-2023-49923 Elastic Information Exposure Through Log Files vulnerability in Elastic Enterprise Search

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level.

6.5
2023-12-12 CVE-2023-26920 Naturalintelligence Unspecified vulnerability in Naturalintelligence Fast XML Parser

fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.

6.5
2023-12-12 CVE-2023-4421 Mozilla Information Exposure Through Discrepancy vulnerability in Mozilla NSS

The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks.

6.5
2023-12-12 CVE-2023-50495 Invisible Island Unspecified vulnerability in Invisible-Island Ncurse 6.420230418

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

6.5
2023-12-12 CVE-2023-49809 Mattermost Resource Exhaustion vulnerability in Mattermost Server

Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash.

6.5
2023-12-12 CVE-2023-41114 Enterprisedb Unspecified vulnerability in Enterprisedb Postgres Advanced Server

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.

6.5
2023-12-12 CVE-2023-41115 Enterprisedb Unspecified vulnerability in Enterprisedb Postgres Advanced Server

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.

6.5
2023-12-12 CVE-2023-41120 Enterprisedb Exposure of Resource to Wrong Sphere vulnerability in Enterprisedb Postgres Advanced Server

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.

6.5
2023-12-12 CVE-2023-36654 Prolion Path Traversal vulnerability in Prolion Cryptospike 3.0.15

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.

6.5
2023-12-11 CVE-2023-5907 Bitapps Files or Directories Accessible to External Parties vulnerability in Bitapps File Manager

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.

6.5
2023-12-11 CVE-2023-6538 Hitachi Unspecified vulnerability in Hitachi System Management Unit Firmware

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation.

6.5
2023-12-12 CVE-2023-49587 SAP Command Injection vulnerability in SAP Solution Manager 720

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.

6.4
2023-12-12 CVE-2023-5536 Canonical Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

6.4
2023-12-13 CVE-2023-6792 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

6.3
2023-12-12 CVE-2023-42914 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

6.3
2023-12-17 CVE-2023-6896 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Simple Image Stack Website 1.0

A vulnerability was found in SourceCodester Simple Image Stack Website 1.0.

6.1
2023-12-16 CVE-2020-17484 Uffizio Open Redirect vulnerability in Uffizio GPS Tracker

An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.

6.1
2023-12-15 CVE-2023-49170 Captainform Cross-site Scripting vulnerability in Captainform

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.

6.1
2023-12-15 CVE-2023-49176 Coderevolution Cross-site Scripting vulnerability in Coderevolution WP Pocket Urls 1.0.0/1.0.2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2.

6.1
2023-12-15 CVE-2023-49177 Gillesdumas Cross-site Scripting vulnerability in Gillesdumas Which Template File

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.

6.1
2023-12-15 CVE-2023-49178 Hdwplayer Cross-site Scripting vulnerability in Hdwplayer HDW Player

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr.

6.1
2023-12-15 CVE-2023-49182 Marzocca Cross-site Scripting vulnerability in Marzocca List ALL Posts BY Authors Nested Categories and Titles

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10.

6.1
2023-12-15 CVE-2023-49183 Nextscripts Cross-site Scripting vulnerability in Nextscripts Social Networks Auto Poster

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.This issue affects NextScripts: Social Networks Auto-Poster: from n/a through 4.4.2.

6.1
2023-12-15 CVE-2023-49185 Doofinder Cross-site Scripting vulnerability in Doofinder

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7.

6.1
2023-12-15 CVE-2023-49187 Spoonthemes Cross-site Scripting vulnerability in Spoonthemes Adifier

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.

6.1
2023-12-15 CVE-2023-6838 Wso2 Cross-site Scripting vulnerability in Wso2 products

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint.

6.1
2023-12-14 CVE-2023-48756 Motopress Cross-site Scripting vulnerability in Motopress Jetblocks for Elementor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.This issue affects JetBlocks For Elementor: from n/a through 1.3.8.

6.1
2023-12-14 CVE-2023-48767 TES India Cross-site Scripting vulnerability in Tes-India Mytube Playlist

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3.

6.1
2023-12-14 CVE-2023-48771 Skyphe Cross-site Scripting vulnerability in Skyphe File Gallery

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno "Aesqe" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.

6.1
2023-12-14 CVE-2023-5769 Hitachienergy Cross-site Scripting vulnerability in Hitachienergy products

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below.

6.1
2023-12-14 CVE-2023-44286 Dell Cross-site Scripting vulnerability in Dell products

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability.

6.1
2023-12-14 CVE-2023-49171 Theinnovs Cross-site Scripting vulnerability in Theinnovs Innovs HR

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: from n/a through 1.0.3.4.

6.1
2023-12-14 CVE-2023-49172 Braincert Cross-site Scripting vulnerability in Braincert Virtual Classroom API

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30.

6.1
2023-12-14 CVE-2023-49766 Themefic Cross-site Scripting vulnerability in Themefic Ultimate Addons for Contact Form 7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0.

6.1
2023-12-14 CVE-2023-49771 Petersplugins Cross-site Scripting vulnerability in Petersplugins Link LOG

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Reflected XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.

6.1
2023-12-14 CVE-2023-49813 WP Photo Album Plus Project Cross-site Scripting vulnerability in WP Photo Album Plus Project WP Photo Album Plus

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N.

6.1
2023-12-14 CVE-2022-45365 Urosevic Cross-site Scripting vulnerability in Urosevic Stock Ticker

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševi? Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.

6.1
2023-12-14 CVE-2023-49739 Ideabox Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor

[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]

6.1
2023-12-14 CVE-2023-49740 Seraphinitesolutions Cross-site Scripting vulnerability in Seraphinitesolutions Seraphinite Accelerator

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.

6.1
2023-12-14 CVE-2023-49827 Pencidesign Cross-site Scripting vulnerability in Pencidesign Soledad

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.

6.1
2023-12-14 CVE-2023-6571 Kubeflow Cross-site Scripting vulnerability in Kubeflow 1.7.0

Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow

6.1
2023-12-14 CVE-2023-40627 Mlwebtechnologies Cross-site Scripting vulnerability in Mlwebtechnologies Livingword

A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.

6.1
2023-12-14 CVE-2023-40628 Extplorer Cross-site Scripting vulnerability in Extplorer

A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.

6.1
2023-12-14 CVE-2023-40655 Mooj Cross-site Scripting vulnerability in Mooj Proforms

A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla.

6.1
2023-12-14 CVE-2023-40656 Plasma WEB Cross-site Scripting vulnerability in Plasma-Web Quickform

A reflected XSS vulnerability was discovered in the Quickform component for Joomla.

6.1
2023-12-14 CVE-2023-40657 Artio Cross-site Scripting vulnerability in Artio Joomdoc

A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.

6.1
2023-12-14 CVE-2023-40658 Deconf Cross-site Scripting vulnerability in Deconf Clicky Analytics Dashboard

A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla.

6.1
2023-12-14 CVE-2023-40659 Joomboost Cross-site Scripting vulnerability in Joomboost Easy Quick Contact

A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla.

6.1
2023-12-14 CVE-2023-46750 Apache Open Redirect vulnerability in Apache Shiro

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

6.1
2023-12-14 CVE-2023-5629 Schneider Electric Open Redirect vulnerability in Schneider-Electric products

A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.

6.1
2023-12-14 CVE-2023-41618 Emlog Cross-site Scripting vulnerability in Emlog 2.1.14

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.

6.1
2023-12-13 CVE-2023-41621 Emlog Cross-site Scripting vulnerability in Emlog 2.1.14

A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.

6.1
2023-12-13 CVE-2023-47620 Clockworkmod Cross-site Scripting vulnerability in Clockworkmod Scrypted

Scrypted is a home video integration and automation platform.

6.1
2023-12-13 CVE-2023-47623 Clockworkmod Cross-site Scripting vulnerability in Clockworkmod Scrypted

Scrypted is a home video integration and automation platform.

6.1
2023-12-13 CVE-2023-6775 Codeastro Cross-site Scripting vulnerability in Codeastro POS and Inventory Management System 1.0

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0.

6.1
2023-12-13 CVE-2023-49296 Arduino Cross-site Scripting vulnerability in Arduino Create Agent

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser.

6.1
2023-12-13 CVE-2023-6790 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.

6.1
2023-12-13 CVE-2023-50771 Jenkins Open Redirect vulnerability in Jenkins Openid

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.

6.1
2023-12-13 CVE-2023-6767 Remyandrade Cross-site Scripting vulnerability in Remyandrade Wedding Guest E-Book 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0.

6.1
2023-12-13 CVE-2023-6379 Alkacon Cross-site Scripting vulnerability in Alkacon Opencms 14.0.0/15.0.0

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.

6.1
2023-12-13 CVE-2023-6380 Alkacon Open Redirect vulnerability in Alkacon Opencms 14.0.0/15.0.0

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template.

6.1
2023-12-13 CVE-2023-6719 Europeana Cross-site Scripting vulnerability in Europeana Repox 2.3.7

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session.

6.1
2023-12-13 CVE-2023-47575 Relyum Cross-site Scripting vulnerability in Relyum Rely-Pcie Firmware and Rely-Rec Firmware

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices.

6.1
2023-12-12 CVE-2023-48313 Umbraco Cross-site Scripting vulnerability in Umbraco CMS

Umbraco is an ASP.NET content management system (CMS).

6.1
2023-12-12 CVE-2023-28604 Sitegeist Cross-site Scripting vulnerability in Sitegeist Fluid Components

The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases.

6.1
2023-12-12 CVE-2023-46282 Siemens Cross-site Scripting vulnerability in Siemens products

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3).

6.1
2023-12-12 CVE-2023-4958 Redhat Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Advanced Cluster Security 3.0/4.0

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack.

6.1
2023-12-12 CVE-2023-49563 Voltronicpower Cross-site Scripting vulnerability in Voltronicpower Snmp web PRO 1.1

Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver.

6.1
2023-12-12 CVE-2023-49577 SAP Cross-site Scripting vulnerability in SAP Human Capital Management

The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1
2023-12-12 CVE-2023-42479 SAP Cross-site Scripting vulnerability in SAP Biller Direct 635/750

An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system.

6.1
2023-12-11 CVE-2023-49802 Mantisbt Cross-site Scripting vulnerability in Mantisbt Linked Custom Fields 1.0/1.0.1/2.0.0

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs.

6.1
2023-12-11 CVE-2023-49488 Openfiler Cross-site Scripting vulnerability in Openfiler 2.99.1

A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter.

6.1
2023-12-11 CVE-2023-49490 Xunruicms Cross-site Scripting vulnerability in Xunruicms 4.5.5

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.

6.1
2023-12-11 CVE-2023-49494 Dedecms Cross-site Scripting vulnerability in Dedecms 5.7.111

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php.

6.1
2023-12-11 CVE-2023-5749 Wpdeveloper Cross-site Scripting vulnerability in Wpdeveloper Embedpress

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-12-11 CVE-2023-5750 Wpdeveloper Cross-site Scripting vulnerability in Wpdeveloper Embedpress

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-12-14 CVE-2023-49786 Sangoma
Digium
Race Condition vulnerability in multiple products

Asterisk is an open source private branch exchange and telephony toolkit.

5.9
2023-12-13 CVE-2023-47574 Relyum Unspecified vulnerability in Relyum Rely-Pcie Firmware and Rely-Rec Firmware

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices.

5.9
2023-12-15 CVE-2023-5512 Gitlab Code Injection vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2.

5.7
2023-12-13 CVE-2023-45725 Apache Unspecified vulnerability in Apache Couchdb

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: *   list *   show *   rewrite *   update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers

5.7
2023-12-13 CVE-2023-50246 Jqlang Out-of-bounds Write vulnerability in Jqlang JQ 1.7

jq is a command-line JSON processor.

5.5
2023-12-13 CVE-2023-50268 Jqlang Out-of-bounds Write vulnerability in Jqlang JQ 1.7

jq is a command-line JSON processor.

5.5
2023-12-13 CVE-2023-50440 Primx Unspecified vulnerability in Primx Zed!, Zedmail and Zonecentral

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.

5.5
2023-12-13 CVE-2023-50442 Primx Unspecified vulnerability in Primx Zonecentral 6.1.2240

Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily.

5.5
2023-12-13 CVE-2023-50441 Primx Unspecified vulnerability in Primx Zonecentral 6.1.2240

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened.

5.5
2023-12-13 CVE-2023-47080 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Stager 2.0.1

Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-47081 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Stager 2.0.1

Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-48635 Adobe Out-of-bounds Read vulnerability in Adobe After Effects

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-48636 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Designer 12.4.0

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-48637 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Designer 12.4.0

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-48638 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Designer 12.4.0

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-47061 Adobe Out-of-bounds Read vulnerability in Adobe Dimension

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-47062 Adobe Out-of-bounds Read vulnerability in Adobe Dimension

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-47078 Adobe Out-of-bounds Read vulnerability in Adobe Dimension

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-47079 Adobe Out-of-bounds Read vulnerability in Adobe Dimension

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-44362 Adobe Access of Uninitialized Pointer vulnerability in Adobe Prelude

Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-13 CVE-2023-6381 Supermailer Unspecified vulnerability in Supermailer 11.20.0.2204

Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204.

5.5
2023-12-13 CVE-2023-47076 Adobe NULL Pointer Dereference vulnerability in Adobe Indesign

Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability.

5.5
2023-12-13 CVE-2023-47077 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-12-12 CVE-2023-35635 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2

Windows Kernel Denial of Service Vulnerability

5.5
2023-12-12 CVE-2023-36009 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Word Information Disclosure Vulnerability

5.5
2023-12-12 CVE-2015-2179 Xaviershay DM Rails Porject Unspecified vulnerability in Xaviershay-Dm-Rails Porject Xaviershay-Dm-Rails 0.10.3.8

The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.

5.5
2023-12-12 CVE-2023-49994 Espeak NG Incorrect Comparison vulnerability in Espeak-Ng 1.52

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

5.5
2023-12-12 CVE-2022-46141 Siemens Cleartext Storage of Sensitive Information vulnerability in Siemens Simatic Step 7

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19).

5.5
2023-12-12 CVE-2023-42883 Apple
Debian
The issue was addressed with improved memory handling.
5.5
2023-12-12 CVE-2023-42884 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved redaction of sensitive information.

5.5
2023-12-12 CVE-2023-42891 Apple Unspecified vulnerability in Apple Macos

An authentication issue was addressed with improved state management.

5.5
2023-12-12 CVE-2023-42894 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved redaction of sensitive information.

5.5
2023-12-12 CVE-2023-42898 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

5.5
2023-12-12 CVE-2023-42900 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

5.5
2023-12-12 CVE-2023-42919 Apple Unspecified vulnerability in Apple Ipados and Macos

A privacy issue was addressed with improved private data redaction for log entries.

5.5
2023-12-12 CVE-2023-42922 Apple Unspecified vulnerability in Apple Ipados and Macos

This issue was addressed with improved redaction of sensitive information.

5.5
2023-12-12 CVE-2023-42924 Apple Incorrect Permission Assignment for Critical Resource vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2023-12-12 CVE-2023-42932 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2023-12-11 CVE-2023-6679 Linux
Fedoraproject
Redhat
NULL Pointer Dereference vulnerability in multiple products

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel.

5.5
2023-12-16 CVE-2023-6889 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

5.4
2023-12-16 CVE-2023-6890 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

5.4
2023-12-15 CVE-2023-49747 Webfactoryltd Cross-site Scripting vulnerability in Webfactoryltd Guest Author

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.

5.4
2023-12-15 CVE-2023-49823 Bold Themes Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.6.1.

5.4
2023-12-15 CVE-2023-49169 Datafeedr Cross-site Scripting vulnerability in Datafeedr ADS BY Datafeedr.Com

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.

5.4
2023-12-15 CVE-2023-49174 Dfactory Cross-site Scripting vulnerability in Dfactory Responsive Lightbox

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.

5.4
2023-12-15 CVE-2023-49175 Kreativopro Cross-site Scripting vulnerability in Kreativopro KP Fastest Tawk.To Chat

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.

5.4
2023-12-15 CVE-2023-49179 Avecnous Cross-site Scripting vulnerability in Avecnous Event Post

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S.

5.4
2023-12-15 CVE-2023-49181 WP Eventmanager Cross-site Scripting vulnerability in Wp-Eventmanager WP Event Manager

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.

5.4
2023-12-15 CVE-2023-49184 Wpdeveloper Cross-site Scripting vulnerability in Wpdeveloper Parallax Slider Block

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4.

5.4
2023-12-15 CVE-2023-48765 Tillkruss Cross-site Scripting vulnerability in Tillkruss Email Address Encoder

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.

5.4
2023-12-15 CVE-2023-49160 Formzu Cross-site Scripting vulnerability in Formzu WP

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc.

5.4
2023-12-15 CVE-2023-49165 Realbigplugins Cross-site Scripting vulnerability in Realbigplugins Client Dash

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1.

5.4
2023-12-15 CVE-2023-47064 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-47065 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48440 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48442 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48443 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48444 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48445 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48446 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48447 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48448 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48449 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48450 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48451 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48452 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48453 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48454 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48455 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48456 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48457 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48458 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48459 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48460 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48461 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48462 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48463 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48464 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48465 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48466 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48467 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48468 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48469 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48470 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48471 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48472 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48473 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48474 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48475 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48476 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48477 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48478 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48479 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48480 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48481 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48482 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48483 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48484 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48485 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48486 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48487 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48488 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48489 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48490 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48491 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48492 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48493 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48494 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48495 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48496 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48497 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48498 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48499 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48500 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48501 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48502 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48503 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48504 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48505 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48506 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48507 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48508 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48509 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48510 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48511 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48512 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48513 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48514 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48515 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48516 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48517 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48518 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48519 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48520 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48521 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48522 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48523 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48524 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48525 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48526 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48527 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48528 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48529 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48530 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48531 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48532 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48533 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48534 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48535 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48536 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48537 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48538 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48539 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48540 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48541 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48542 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48543 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48544 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48545 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48546 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48547 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48548 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48549 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48550 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48551 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48552 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48553 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48554 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48555 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48556 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48557 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48558 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48559 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48560 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48561 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48562 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48563 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48564 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48565 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48566 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48567 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48568 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48569 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48570 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48571 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48572 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48573 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48574 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48575 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48576 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48577 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48578 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48579 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48580 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48581 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48582 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48583 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48584 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48585 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48586 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48587 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48588 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48589 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48590 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48591 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48592 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48593 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48594 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48595 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48596 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48597 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48598 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48599 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48600 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48601 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48602 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48603 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48604 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48605 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48606 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48607 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48609 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48610 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48611 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48612 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48613 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48614 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48615 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48616 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48617 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48618 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48619 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48620 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48621 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48622 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-15 CVE-2023-48623 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-12-15 CVE-2023-48624 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.

5.4
2023-12-14 CVE-2023-6134 Redhat Cross-site Scripting vulnerability in Redhat products

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token.

5.4
2023-12-14 CVE-2023-49151 Sureswiftcapital Cross-site Scripting vulnerability in Sureswiftcapital Simple Calendar

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6.

5.4
2023-12-14 CVE-2023-49152 Labs64 Cross-site Scripting vulnerability in Labs64 Credit Tracker

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17.

5.4
2023-12-14 CVE-2023-48770 Uxdev Cross-site Scripting vulnerability in Uxdev Aparat

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.

5.4
2023-12-14 CVE-2023-48780 Maevelander Cross-site Scripting vulnerability in Maevelander WP Catalogue

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnigmaWeb WP Catalogue allows Stored XSS.This issue affects WP Catalogue: from n/a through 1.7.6.

5.4
2023-12-14 CVE-2023-49149 Currencyratetoday Cross-site Scripting vulnerability in Currencyratetoday Currency Converter Calculator

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.

5.4
2023-12-14 CVE-2023-49150 Currencyratetoday Cross-site Scripting vulnerability in Currencyratetoday Crypto Converter Widget

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1.

5.4
2023-12-14 CVE-2023-49860 Wedevs Cross-site Scripting vulnerability in Wedevs WP Project Manager

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.

5.4
2023-12-14 CVE-2023-49173 10To8 Cross-site Scripting vulnerability in 10To8 Sign in Scheduling Online Appointment Booking System

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System allows Stored XSS.This issue affects Sign In Scheduling Online Appointment Booking System: from n/a through 1.0.9.

5.4
2023-12-14 CVE-2023-49820 Wpsc Plugin Cross-site Scripting vulnerability in Wpsc-Plugin Structured Content

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.

5.4
2023-12-14 CVE-2023-50100 Jfinalcms Project Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.

5.4
2023-12-14 CVE-2023-50101 Jfinalcms Project Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.

5.4
2023-12-14 CVE-2023-50102 Jfinalcms Project Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).

5.4
2023-12-14 CVE-2023-50137 Jfinalcms Project Cross-site Scripting vulnerability in Jfinalcms Project Jfinalcms 5.0.0

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.

5.4
2023-12-14 CVE-2023-6364 Progress Cross-site Scripting vulnerability in Progress Whatsup Gold 22.1.0

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.  It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.   If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

5.4
2023-12-14 CVE-2023-6365 Progress Cross-site Scripting vulnerability in Progress Whatsup Gold 22.1.0

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.

5.4
2023-12-14 CVE-2023-6366 Progress Cross-site Scripting vulnerability in Progress Whatsup Gold 22.1.0

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.

5.4
2023-12-14 CVE-2023-6367 Progress Cross-site Scripting vulnerability in Progress Whatsup Gold 22.1.0

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.

5.4
2023-12-14 CVE-2023-49168 Wordplus Cross-site Scripting vulnerability in Wordplus Better Messages

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0.

5.4
2023-12-14 CVE-2023-49745 Spiffyplugins Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.

5.4
2023-12-14 CVE-2023-49828 Automattic Cross-site Scripting vulnerability in Automattic Woopayments

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.

5.4
2023-12-14 CVE-2023-49833 Brainstormforce Cross-site Scripting vulnerability in Brainstormforce Spectra

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9.

5.4
2023-12-14 CVE-2023-50565 Rpcms Cross-site Scripting vulnerability in Rpcms 3.5.5

A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

5.4
2023-12-14 CVE-2023-50566 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.6.5Utf8Sp1

A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.

5.4
2023-12-14 CVE-2023-49836 Brontobytes Cross-site Scripting vulnerability in Brontobytes Cookie BAR

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0.

5.4
2023-12-14 CVE-2023-49846 Bearne Cross-site Scripting vulnerability in Bearne Author Avatars List/Block

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.17.

5.4
2023-12-14 CVE-2023-49847 Twinpictures Cross-site Scripting vulnerability in Twinpictures Annual Archive

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.

5.4
2023-12-14 CVE-2023-50368 Averta Cross-site Scripting vulnerability in Averta Shortcodes and Extra Features for Phlox Theme

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2.

5.4
2023-12-14 CVE-2023-50369 Almapay Cross-site Scripting vulnerability in Almapay Alma

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alma Alma – Pay in installments or later for WooCommerce allows Stored XSS.This issue affects Alma – Pay in installments or later for WooCommerce: from n/a through 5.1.3.

5.4
2023-12-14 CVE-2023-50370 Livemeshthemes Cross-site Scripting vulnerability in Livemeshthemes Wpbakery Page Builder Addons

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5.

5.4
2023-12-14 CVE-2023-50371 Pagevisitcounter Cross-site Scripting vulnerability in Pagevisitcounter Advanced Page Visit Counter

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.

5.4
2023-12-13 CVE-2023-6774 Codeastro Cross-site Scripting vulnerability in Codeastro POS and Inventory Management System 1.0

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic.

5.4
2023-12-13 CVE-2023-50767 Jenkins Missing Authorization vulnerability in Jenkins Nexus Platform 3.18.003

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

5.4
2023-12-13 CVE-2023-6760 Thecosy Manage User Sessions vulnerability in Thecosy Icecms 2.0.1

A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1.

5.4
2023-12-13 CVE-2023-47324 Silverpeas Cross-site Scripting vulnerability in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.

5.4
2023-12-13 CVE-2023-47325 Silverpeas Unspecified vulnerability in Silverpeas

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control.

5.4
2023-12-13 CVE-2023-6720 Europeana Cross-site Scripting vulnerability in Europeana Repox 2.3.7

An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads.

5.4
2023-12-13 CVE-2023-41673 Fortinet Improper Authorization vulnerability in Fortinet Fortiadc

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

5.4
2023-12-13 CVE-2023-41844 Fortinet Cross-site Scripting vulnerability in Fortinet Fortisandbox

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint.

5.4
2023-12-13 CVE-2023-45587 Fortinet Cross-site Scripting vulnerability in Fortinet Fortisandbox

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests

5.4
2023-12-12 CVE-2023-6710 Redhat
Modcluster
Cross-site Scripting vulnerability in multiple products

A flaw was found in the mod_proxy_cluster in the Apache server.

5.4
2023-12-12 CVE-2023-49279 Umbraco Cross-site Scripting vulnerability in Umbraco CMS

Umbraco is an ASP.NET content management system (CMS).

5.4
2023-12-12 CVE-2023-49273 Umbraco Incorrect Authorization vulnerability in Umbraco CMS

Umbraco is an ASP.NET content management system (CMS).

5.4
2023-12-12 CVE-2023-36020 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

5.4
2023-12-12 CVE-2023-38694 Umbraco Cross-site Scripting vulnerability in Umbraco CMS

Umbraco is an ASP.NET content management system (CMS).

5.4
2023-12-12 CVE-2023-4932 SAS Cross-site Scripting vulnerability in SAS Integration Technologies 9.4

SAS application is vulnerable to Reflected Cross-Site Scripting (XSS).

5.4
2023-12-12 CVE-2023-6547 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook.

5.4
2023-12-12 CVE-2023-48642 Archerirm Cross-site Scripting vulnerability in Archerirm Archer

Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability.

5.4
2023-12-11 CVE-2023-48715 Enalean Cross-site Scripting vulnerability in Enalean Tuleap

Tuleap is an open source suite to improve management of software developments and collaboration.

5.4
2023-12-11 CVE-2023-50465 Monicahq Cross-site Scripting vulnerability in Monicahq Monica 0.4.0

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.

5.4
2023-12-16 CVE-2021-42794 Aveva Unspecified vulnerability in Aveva Edge 2020/8.1

An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior.

5.3
2023-12-15 CVE-2023-50266 Bazarr Server-Side Request Forgery (SSRF) vulnerability in Bazarr 1.2.4

Bazarr manages and downloads subtitles.

5.3
2023-12-15 CVE-2023-50720 Xwiki Unspecified vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

5.3
2023-12-15 CVE-2023-48441 Adobe Improper Access Control vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability.

5.3
2023-12-15 CVE-2023-6839 Wso2 Information Exposure Through an Error Message vulnerability in Wso2 API Manager

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.

5.3
2023-12-15 CVE-2023-6835 Wso2 Improper Input Validation vulnerability in Wso2 API Manager and IOT Server

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

5.3
2023-12-15 CVE-2023-48379 Softnext Server-Side Request Forgery (SSRF) vulnerability in Softnext Mail SQR Expert 230330

Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function.

5.3
2023-12-15 CVE-2023-42183 Lockss Improper Encoding or Escaping of Output vulnerability in Lockss Classic Lockss Daemon 1.75.9/1.76.5

lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.

5.3
2023-12-14 CVE-2023-0248 Johnsoncontrols Memory Leak vulnerability in Johnsoncontrols Iosmart GEN 1 Firmware

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.

5.3
2023-12-14 CVE-2023-6368 Progress Missing Authentication for Critical Function vulnerability in Progress Whatsup Gold 22.1.0

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism.

5.3
2023-12-14 CVE-2023-6595 Progress Missing Authentication for Critical Function vulnerability in Progress Whatsup Gold 22.1.0

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism.

5.3
2023-12-13 CVE-2023-50439 Primx Unspecified vulnerability in Primx Zed!, Zedmail and Zonecentral

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).

5.3
2023-12-13 CVE-2023-47536 Fortinet Improper Access Control vulnerability in Fortinet Fortios and Fortiproxy

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.

5.3
2023-12-13 CVE-2023-46713 Fortinet Improper Output Neutralization for Logs vulnerability in Fortinet Fortiweb

An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.

5.3
2023-12-12 CVE-2023-50263 Networktocode Missing Authentication for Critical Function vulnerability in Networktocode Nautobot

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database.

5.3
2023-12-12 CVE-2023-49274 Umbraco Information Exposure vulnerability in Umbraco CMS

Umbraco is an ASP.NET content management system (CMS).

5.3
2023-12-12 CVE-2023-49278 Umbraco Improper Restriction of Excessive Authentication Attempts vulnerability in Umbraco CMS

Umbraco is an ASP.NET content management system (CMS).

5.3
2023-12-12 CVE-2023-35619 Microsoft Unspecified vulnerability in Microsoft Office Long Term Servicing Channel 2021

Microsoft Outlook for Mac Spoofing Vulnerability

5.3
2023-12-12 CVE-2023-36012 Microsoft Unspecified vulnerability in Microsoft products

DHCP Server Service Information Disclosure Vulnerability

5.3
2023-12-12 CVE-2022-44543 In2Code Unspecified vulnerability in In2Code Femanager

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form).

5.3
2023-12-12 CVE-2023-31048 Opcfoundation Information Exposure Through an Error Message vulnerability in Opcfoundation Ua-.Netstandard

The OPC UA .NET Standard Reference Server before 1.4.371.86.

5.3
2023-12-12 CVE-2023-49990 Espeak NG Classic Buffer Overflow vulnerability in Espeak-Ng 1.52

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

5.3
2023-12-12 CVE-2023-49991 Espeak NG Out-of-bounds Write vulnerability in Espeak-Ng 1.52

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.

5.3
2023-12-12 CVE-2023-49992 Espeak NG Out-of-bounds Write vulnerability in Espeak-Ng 1.52

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.

5.3
2023-12-12 CVE-2023-49993 Espeak NG Classic Buffer Overflow vulnerability in Espeak-Ng 1.52

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

5.3
2023-12-12 CVE-2023-6193 Cloudflare Resource Exhaustion vulnerability in Cloudflare Quiche

quiche v.

5.3
2023-12-12 CVE-2023-46701 Mattermost Authorization Bypass Through User-Controlled Key vulnerability in Mattermost Server

Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID

5.3
2023-12-12 CVE-2023-46219 Haxx
Fedoraproject
Missing Encryption of Sensitive Data vulnerability in multiple products

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

5.3
2023-12-12 CVE-2023-42923 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed through improved state management.

5.3
2023-12-12 CVE-2023-49058 SAP Path Traversal vulnerability in SAP Master Data Governance

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs.

5.3
2023-12-11 CVE-2023-45292 Mojotv Insufficient Verification of Data Authenticity vulnerability in Mojotv Base64Captcha

When using the default implementation of Verify to check a Captcha, verification can be bypassed.

5.3
2023-12-11 CVE-2023-49796 Mindsdb Unspecified vulnerability in Mindsdb 23.7.4.1

MindsDB connects artificial intelligence models to real time data.

5.3
2023-12-11 CVE-2023-49795 Mindsdb Server-Side Request Forgery (SSRF) vulnerability in Mindsdb

MindsDB connects artificial intelligence models to real time data.

5.3
2023-12-14 CVE-2023-50713 Specklesystems Insufficient Granularity of Access Control vulnerability in Specklesystems Speckle Server

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform.

5.0
2023-12-15 CVE-2023-30867 Apache SQL Injection vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1

In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc.

4.9
2023-12-14 CVE-2023-48661 Dell Files or Directories Accessible to External Parties vulnerability in Dell products

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability.

4.9
2023-12-14 CVE-2023-5630 Schneider Electric Download of Code Without Integrity Check vulnerability in Schneider-Electric products

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.

4.9
2023-12-13 CVE-2023-43583 Zoom Unspecified vulnerability in Zoom

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.

4.9
2023-12-13 CVE-2023-6791 Paloaltonetworks Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.

4.9
2023-12-13 CVE-2023-47321 Silverpeas Unspecified vulnerability in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.

4.9
2023-12-15 CVE-2023-49189 Getsocial Cross-site Scripting vulnerability in Getsocial Social Share Buttons & Analytics

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A.

4.8
2023-12-15 CVE-2023-49190 Freehtmldesigns Cross-site Scripting vulnerability in Freehtmldesigns Site Offline

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.

4.8
2023-12-15 CVE-2023-49191 Supsystic Cross-site Scripting vulnerability in Supsystic Gdpr Cookie Consent

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.

4.8
2023-12-15 CVE-2023-49767 Biteship Cross-site Scripting vulnerability in Biteship

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.

4.8
2023-12-15 CVE-2023-49829 Themeum Cross-site Scripting vulnerability in Themeum Tutor LMS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4.

4.8
2023-12-15 CVE-2023-49180 Ternstyle Cross-site Scripting vulnerability in Ternstyle Automatic Youtube Video Posts

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2.

4.8
2023-12-15 CVE-2023-49188 Zealousweb Cross-site Scripting vulnerability in Zealousweb Track Geolocation of Users Using Contact Form 7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.

4.8
2023-12-14 CVE-2023-49157 Andreasmuench Cross-site Scripting vulnerability in Andreasmuench multiple Post Passwords

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1.

4.8
2023-12-14 CVE-2023-49842 Wpexperts Cross-site Scripting vulnerability in Wpexperts Rocket Maintenance Mode & Coming Soon Page

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3.

4.8
2023-12-14 CVE-2023-49195 Kylephillips Cross-site Scripting vulnerability in Kylephillips Nested Pages

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.

4.8
2023-12-14 CVE-2023-49770 Petersplugins Cross-site Scripting vulnerability in Petersplugins Smart External Link Click Monitor [Link Log]

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.

4.8
2023-12-14 CVE-2023-49841 Fancythemes Cross-site Scripting vulnerability in Fancythemes Optin Forms

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3.

4.8
2023-12-14 CVE-2023-49743 Plugin Planet Cross-site Scripting vulnerability in Plugin-Planet Dashboard Widget Suite

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1.

4.8
2023-12-13 CVE-2023-6789 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface.

4.8
2023-12-11 CVE-2023-5757 Themeum Cross-site Scripting vulnerability in Themeum WP Crowdfunding

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-12-11 CVE-2023-5940 Wpajans Cross-site Scripting vulnerability in Wpajans WP NOT Login Hide

The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-12-11 CVE-2023-5955 Codepeople Cross-site Scripting vulnerability in Codepeople Contact Form Email

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-12-16 CVE-2022-24351 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process.

4.7
2023-12-14 CVE-2023-6545 Beckhoff Open Redirect vulnerability in Beckhoff Authelia-Bhf

The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site.

4.7
2023-12-13 CVE-2023-6794 Paloaltonetworks Unrestricted Upload of File with Dangerous Type vulnerability in Paloaltonetworks Pan-Os

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

4.7
2023-12-13 CVE-2023-6795 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.

4.7
2023-12-13 CVE-2023-42483 Samsung Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Samsung products

A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system.

4.7
2023-12-13 CVE-2023-45864 Samsung Race Condition vulnerability in Samsung products

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas.

4.7
2023-12-12 CVE-2023-35625 Microsoft Unspecified vulnerability in Microsoft Azure Machine Learning Software Development KIT

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

4.7
2023-12-15 CVE-2023-27317 Netapp Unspecified vulnerability in Netapp Ontap 9.12.1/9.13.1

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion.

4.6
2023-12-13 CVE-2023-50443 Primx Unspecified vulnerability in Primx Cryhod 2020.2/2020.3/2021.2

Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened.

4.6
2023-12-13 CVE-2023-43122 Samsung Out-of-bounds Write vulnerability in Samsung products

Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader.

4.6
2023-12-12 CVE-2023-34064 Vmware Unspecified vulnerability in VMWare Workspace ONE Launcher

Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.

4.6
2023-12-12 CVE-2023-42897 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved checks.

4.6
2023-12-15 CVE-2023-5061 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2.

4.3
2023-12-15 CVE-2023-50871 Jetbrains Unspecified vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed

4.3
2023-12-15 CVE-2023-48393 Kaifa Information Exposure Through an Error Message vulnerability in Kaifa Webitr Attendance System 2.1.0.23

Kaifa Technology WebITR is an online attendance system.

4.3
2023-12-15 CVE-2023-50715 Home Assistant Unspecified vulnerability in Home-Assistant

Home Assistant is open source home automation software.

4.3
2023-12-15 CVE-2023-36878 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

4.3
2023-12-15 CVE-2023-6832 Microweber Business Logic Errors vulnerability in Microweber

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

4.3
2023-12-14 CVE-2023-50710 Hono Code Injection vulnerability in Hono

Hono is a web framework written in TypeScript.

4.3
2023-12-14 CVE-2023-44284 Dell SQL Injection vulnerability in Dell products

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability.

4.3
2023-12-13 CVE-2023-49877 IBM Information Exposure vulnerability in IBM products

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs.

4.3
2023-12-13 CVE-2023-49878 IBM Information Exposure Through an Error Message vulnerability in IBM products

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.3
2023-12-13 CVE-2023-50765 Jenkins Missing Authorization vulnerability in Jenkins Scriptler

A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.

4.3
2023-12-13 CVE-2023-50769 Jenkins Missing Authorization vulnerability in Jenkins Nexus Platform 3.18.003

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.3
2023-12-13 CVE-2023-50772 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Dingding Json Pusher

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

4.3
2023-12-13 CVE-2023-50773 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Dingding Json Pusher

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

4.3
2023-12-13 CVE-2023-50775 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Deployment Dashboard

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.

4.3
2023-12-13 CVE-2023-50776 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Paaslane Estimate 1.0.4

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

4.3
2023-12-13 CVE-2023-50777 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Paaslane Estimate 1.0.4

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

4.3
2023-12-13 CVE-2023-50779 Jenkins Missing Authorization vulnerability in Jenkins Paaslane Estimate 1.0.4

Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.

4.3
2023-12-13 CVE-2023-6762 Thecosy Permission Issues vulnerability in Thecosy Icecms 2.0.1

A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1.

4.3
2023-12-13 CVE-2023-6758 Thecosy Improper Access Control vulnerability in Thecosy Icecms 2.0.1

A vulnerability was found in Thecosy IceCMS 2.0.1.

4.3
2023-12-13 CVE-2023-47327 Silverpeas Unspecified vulnerability in Silverpeas

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators.

4.3
2023-12-12 CVE-2023-20275 Cisco Unspecified vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address.

4.3
2023-12-12 CVE-2023-48227 Umbraco Incorrect Authorization vulnerability in Umbraco CMS

Umbraco is an ASP.NET content management system (CMS).

4.3
2023-12-12 CVE-2023-6727 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions.

4.3
2023-12-12 CVE-2023-49874 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID.

4.3
2023-12-12 CVE-2023-41113 Enterprisedb Unspecified vulnerability in Enterprisedb Postgres Advanced Server

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.

4.3
2023-12-12 CVE-2023-41116 Enterprisedb Unspecified vulnerability in Enterprisedb Postgres Advanced Server

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0.

4.3
2023-12-12 CVE-2023-49584 SAP HTTP Request Smuggling vulnerability in SAP Fiori Launchpad

SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.

4.3
2023-12-12 CVE-2023-36652 Prolion SQL Injection vulnerability in Prolion Cryptospike 3.0.15

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter.

4.3

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-12-15 CVE-2023-3511 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2.

3.5
2023-12-15 CVE-2023-48608 Adobe Improper Input Validation vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability.

3.5
2023-12-13 CVE-2023-6766 Phpgurukul Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Teacher Subject Allocation Management System 1.0

A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0.

3.5
2023-12-12 CVE-2023-49578 SAP Unspecified vulnerability in SAP Cloud Connector 2.0

SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.

3.5
2023-12-13 CVE-2023-6793 Paloaltonetworks Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.

2.7
2023-12-12 CVE-2023-48429 Siemens Improper Check for Unusual or Exceptional Conditions vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2).

2.7
2023-12-12 CVE-2023-48430 Siemens Unspecified vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2).

2.7
2023-12-12 CVE-2023-42874 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved state management.

2.4