Weekly Vulnerabilities Reports > December 25 to 31, 2023
Overview
442 new vulnerabilities reported during this period, including 92 critical vulnerabilities and 190 high severity vulnerabilities. This weekly summary report vulnerabilities in 323 products from 253 vendors including Hihonor, Code Projects, Weseek, Tenda, and Sesami. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Improper Privilege Management", and "OS Command Injection".
- 377 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 107 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 239 reported vulnerabilities are exploitable by an anonymous user.
- Hihonor has the most reported vulnerabilities, with 30 reported vulnerabilities.
- Tenda has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
92 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-12-31 | CVE-2023-51423 | Saleswonder | Unspecified vulnerability in Saleswonder Webinarignition Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. | 9.8 |
2023-12-31 | CVE-2023-51469 | Mestresdowp | Unspecified vulnerability in Mestresdowp Checkout Mestres WP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6. | 9.8 |
2023-12-31 | CVE-2023-52181 | Presslabs | Unspecified vulnerability in Presslabs Theme PER User 1.0/1.0.1 Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1. | 9.8 |
2023-12-30 | CVE-2023-52262 | Outdoorbits | Unspecified vulnerability in Outdoorbits Little Backup BOX outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. | 9.8 |
2023-12-30 | CVE-2023-50589 | Embras | SQL Injection vulnerability in Embras Geosiap ERP 2.2.167.02 Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. | 9.8 |
2023-12-30 | CVE-2023-50651 | Totolink | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | 9.8 |
2023-12-30 | CVE-2023-50578 | Mingsoft | SQL Injection vulnerability in Mingsoft Mcms 5.2.9 Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. | 9.8 |
2023-12-30 | CVE-2023-51133 | Totolink | Out-of-bounds Write vulnerability in Totolink X2000R Firmware 1.0.0B20230221.0948.Web TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | 9.8 |
2023-12-30 | CVE-2023-51135 | Totolink | Out-of-bounds Write vulnerability in Totolink X2000R Firmware 1.0.0B20230221.0948.Web TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | 9.8 |
2023-12-30 | CVE-2023-51136 | Totolink | Out-of-bounds Write vulnerability in Totolink X2000R Firmware 1.0.0B20230221.0948.Web TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | 9.8 |
2023-12-30 | CVE-2023-7175 | Campcodes | Unspecified vulnerability in Campcodes Online College Library System 1.0 A vulnerability was found in Campcodes Online College Library System 1.0. | 9.8 |
2023-12-30 | CVE-2023-52252 | Unifiedremote | XXE vulnerability in Unifiedremote Unified Remote 3.13.0 Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. | 9.8 |
2023-12-30 | CVE-2023-41544 | Jeecg | Code Injection vulnerability in Jeecg Boot SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. | 9.8 |
2023-12-30 | CVE-2023-41542 | Jeecg | SQL Injection vulnerability in Jeecg Boot SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. | 9.8 |
2023-12-30 | CVE-2023-41543 | Jeecg | SQL Injection vulnerability in Jeecg Boot SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. | 9.8 |
2023-12-29 | CVE-2023-50035 | Small CRM Project | SQL Injection vulnerability in Small CRM Project Small CRM 3.0 PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. | 9.8 |
2023-12-29 | CVE-2023-51411 | Dynamiapps | Unspecified vulnerability in Dynamiapps Frontend Admin Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. | 9.8 |
2023-12-29 | CVE-2023-51412 | Piotnet | Unspecified vulnerability in Piotnet Forms Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. | 9.8 |
2023-12-29 | CVE-2023-51419 | Bertha | Unrestricted Upload of File with Dangerous Type vulnerability in Bertha AI Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. | 9.8 |
2023-12-29 | CVE-2023-51468 | Boiteasite | Unspecified vulnerability in Boiteasite Download Rencontre - Dating Site 3.10.1 Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | 9.8 |
2023-12-29 | CVE-2023-51473 | Pixelemu | Unspecified vulnerability in Pixelemu Terraclassifieds Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. | 9.8 |
2023-12-29 | CVE-2023-51475 | Wpmlmsoftware | Unspecified vulnerability in Wpmlmsoftware WP MLM Unilevel 4.0 Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0. | 9.8 |
2023-12-29 | CVE-2023-51414 | Donweb | Unspecified vulnerability in Donweb Envialosimple:Email Marketing Y Newsletters Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1. | 9.8 |
2023-12-29 | CVE-2023-51505 | Pluginus | Deserialization of Untrusted Data vulnerability in Pluginus Woot Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. | 9.8 |
2023-12-29 | CVE-2023-25054 | Carrcommunications | Unspecified vulnerability in Carrcommunications Rsvpmaker Improper Control of Generation of Code ('Code Injection') vulnerability in David F. | 9.8 |
2023-12-29 | CVE-2023-7161 | Netentsec | Unspecified vulnerability in Netentsec Application Security Gateway Firmware 6.3.1 A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. | 9.8 |
2023-12-29 | CVE-2023-23634 | Documize | SQL Injection vulnerability in Documize 5.4.2 SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | 9.8 |
2023-12-29 | CVE-2023-7158 | Micropython | Out-of-bounds Write vulnerability in Micropython 1.21.0 A vulnerability was found in MicroPython up to 1.21.0. | 9.8 |
2023-12-29 | CVE-2023-7159 | Masterlab | Unspecified vulnerability in Masterlab A vulnerability was found in gopeak MasterLab up to 3.3.10. | 9.8 |
2023-12-29 | CVE-2023-7156 | Campcodes | Unspecified vulnerability in Campcodes Online College Library System 1.0 A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. | 9.8 |
2023-12-29 | CVE-2023-7157 | Mayurik | Unspecified vulnerability in Mayurik Free and Open Source Inventory Management System 1.0 A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. | 9.8 |
2023-12-29 | CVE-2023-7152 | Micropython | Unspecified vulnerability in Micropython 1.21.0/1.22.0 A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. | 9.8 |
2023-12-29 | CVE-2023-52173 | Xnview | Out-of-bounds Write vulnerability in Xnview Classic XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. | 9.8 |
2023-12-29 | CVE-2023-52174 | Xnview | Out-of-bounds Write vulnerability in Xnview Classic XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. | 9.8 |
2023-12-29 | CVE-2023-23424 | Hihonor | Unspecified vulnerability in Hihonor Nth-An00 Firmware Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution | 9.8 |
2023-12-29 | CVE-2023-7147 | Masterlab | Unspecified vulnerability in Masterlab A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. | 9.8 |
2023-12-29 | CVE-2023-7145 | Masterlab | Unspecified vulnerability in Masterlab A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. | 9.8 |
2023-12-29 | CVE-2023-7146 | Masterlab | Unspecified vulnerability in Masterlab A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. | 9.8 |
2023-12-29 | CVE-2023-7144 | Masterlab | SQL Injection vulnerability in Masterlab A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. | 9.8 |
2023-12-29 | CVE-2023-50104 | Zzcms | Unrestricted Upload of File with Dangerous Type vulnerability in Zzcms 2023 ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. | 9.8 |
2023-12-29 | CVE-2023-7141 | Code Projects | Unspecified vulnerability in Code-Projects Client Details System 1.0 A vulnerability was found in code-projects Client Details System 1.0. | 9.8 |
2023-12-29 | CVE-2023-7142 | Code Projects | Unspecified vulnerability in Code-Projects Client Details System 1.0 A vulnerability was found in code-projects Client Details System 1.0. | 9.8 |
2023-12-28 | CVE-2023-7139 | Code Projects | Unspecified vulnerability in Code-Projects Client Details System 1.0 A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. | 9.8 |
2023-12-28 | CVE-2023-7140 | Code Projects | Unspecified vulnerability in Code-Projects Client Details System 1.0 A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. | 9.8 |
2023-12-28 | CVE-2023-50839 | Wiselyhub | Unspecified vulnerability in Wiselyhub JS Help Desk Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.1. | 9.8 |
2023-12-28 | CVE-2023-7134 | Oretnom23 | Path Traversal vulnerability in Oretnom23 Medicine Tracker System 1.0 A vulnerability was found in SourceCodester Medicine Tracking System 1.0. | 9.8 |
2023-12-28 | CVE-2023-7131 | Carmelogarcia | SQL Injection vulnerability in Carmelogarcia Intern Membership Management System 2.0 A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. | 9.8 |
2023-12-28 | CVE-2023-52082 | Lycheeorg | Unspecified vulnerability in Lycheeorg Lychee Lychee is a free photo-management tool. | 9.8 |
2023-12-28 | CVE-2023-7163 | Dlink | Unspecified vulnerability in Dlink D-View 8 2.0.2.89 A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. | 9.8 |
2023-12-28 | CVE-2023-7127 | Code Projects | Unspecified vulnerability in Code-Projects Automated Voting System 1.0 A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. | 9.8 |
2023-12-28 | CVE-2023-32513 | Givewp | Unspecified vulnerability in Givewp Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3. | 9.8 |
2023-12-28 | CVE-2023-4671 | Talentyazilim | Unspecified vulnerability in Talentyazilim Ecop 32255 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.This issue affects ECOP: before 32255. | 9.8 |
2023-12-28 | CVE-2023-7123 | Oretnom | Unspecified vulnerability in Oretnom Medicine Tracker System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. | 9.8 |
2023-12-27 | CVE-2023-6879 | Aomedia Fedoraproject | Out-of-bounds Write vulnerability in multiple products Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). | 9.8 |
2023-12-27 | CVE-2023-49000 | Artistscope | Code Injection vulnerability in Artistscope Artisbrowser An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. | 9.8 |
2023-12-27 | CVE-2023-49001 | Indibrowser | Code Injection vulnerability in Indibrowser Indi Browser 12.11.23 An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. | 9.8 |
2023-12-27 | CVE-2023-43481 | TCL | Code Injection vulnerability in TCL Browser TV web - Browsehere 6.65.022Dab24Cc6231221Gp An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. | 9.8 |
2023-12-27 | CVE-2023-43955 | Fedirtsapana | Code Injection vulnerability in Fedirtsapana TV BRO The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. | 9.8 |
2023-12-27 | CVE-2023-47883 | Vladymix | Code Injection vulnerability in Vladymix TV Browser The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. | 9.8 |
2023-12-27 | CVE-2023-51084 | Yavijava | Out-of-bounds Write vulnerability in Yavijava 6.0.07.1 hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. | 9.8 |
2023-12-27 | CVE-2023-52077 | Nexryai | Unspecified vulnerability in Nexryai Nexkey 12.23Q4.4 Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. | 9.8 |
2023-12-27 | CVE-2023-51700 | Jamieblomerus | Unspecified vulnerability in Jamieblomerus Unofficial Mobile Bankid Integration 1.0.0 Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. | 9.8 |
2023-12-27 | CVE-2023-51664 | TJ Actions | Command Injection vulnerability in Tj-Actions Changed-Files tj-actions/changed-files is a Github action to retrieve all files and directories. | 9.8 |
2023-12-27 | CVE-2023-7116 | Datax WEB Project | Unspecified vulnerability in Datax-Web Project Datax-Web 2.1.2 A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. | 9.8 |
2023-12-27 | CVE-2023-6190 | Ikcu | Unspecified vulnerability in Ikcu University Information Management System Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Izmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023. | 9.8 |
2023-12-26 | CVE-2023-5991 | Motopress | Path Traversal vulnerability in Motopress Hotel Booking Lite The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server | 9.8 |
2023-12-26 | CVE-2023-51090 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. | 9.8 |
2023-12-26 | CVE-2023-51091 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. | 9.8 |
2023-12-26 | CVE-2023-51092 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. | 9.8 |
2023-12-26 | CVE-2023-51093 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. | 9.8 |
2023-12-26 | CVE-2023-51094 | Tenda | OS Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | 9.8 |
2023-12-26 | CVE-2023-51097 | Tenda | Out-of-bounds Write vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. | 9.8 |
2023-12-26 | CVE-2023-51098 | Tenda | OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | 9.8 |
2023-12-26 | CVE-2023-51099 | Tenda | OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | 9.8 |
2023-12-26 | CVE-2023-51100 | Tenda | OS Command Injection vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | 9.8 |
2023-12-26 | CVE-2023-51101 | Tenda | Out-of-bounds Write vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. | 9.8 |
2023-12-26 | CVE-2023-51102 | Tenda | Out-of-bounds Write vulnerability in Tenda W9 Firmware 1.0.0.7(4456)Cn Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. | 9.8 |
2023-12-26 | CVE-2023-51095 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. | 9.8 |
2023-12-26 | CVE-2023-51467 | Apache | Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code | 9.8 |
2023-12-26 | CVE-2023-7111 | Fabianros | Unspecified vulnerability in Fabianros Library Management System 2.0 A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. | 9.8 |
2023-12-25 | CVE-2022-34267 | RWS | Improper Authentication vulnerability in RWS Worldserver An issue was discovered in RWS WorldServer before 11.7.3. | 9.8 |
2023-12-25 | CVE-2022-34268 | RWS | Deserialization of Untrusted Data vulnerability in RWS Worldserver An issue was discovered in RWS WorldServer before 11.7.3. | 9.8 |
2023-12-25 | CVE-2023-31224 | Jamf | Improper Authentication vulnerability in Jamf There is broken access control during authentication in Jamf Pro Server before 10.46.1. | 9.8 |
2023-12-25 | CVE-2023-49954 | 3CX | SQL Injection vulnerability in 3CX The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. | 9.8 |
2023-12-25 | CVE-2023-48654 | Oneidentity | Unspecified vulnerability in Oneidentity Password Manager One Identity Password Manager before 5.13.1 allows Kiosk Escape. | 9.8 |
2023-12-25 | CVE-2023-51771 | Starnight | Classic Buffer Overflow vulnerability in Starnight Micro Http Server In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI. | 9.8 |
2023-12-25 | CVE-2023-7099 | Phpgurukul | Unspecified vulnerability in PHPgurukul Nipah Virus Testing Management System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. | 9.8 |
2023-12-25 | CVE-2023-7100 | Phpgurukul | Unspecified vulnerability in PHPgurukul Restaurant Table Booking System 1.0 A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. | 9.8 |
2023-12-25 | CVE-2023-7097 | Fabianros | SQL Injection vulnerability in Fabianros Water Billing System 1.0 A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. | 9.8 |
2023-12-25 | CVE-2023-7095 | Totolink | Unspecified vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. | 9.8 |
2023-12-25 | CVE-2023-7096 | Carmelogarcia | Unspecified vulnerability in Carmelogarcia Faculty Management System 1.0 A vulnerability was found in code-projects Faculty Management System 1.0. | 9.8 |
2023-12-29 | CVE-2023-52139 | Misskey | Unspecified vulnerability in Misskey Misskey is an open source, decentralized social media platform. | 9.6 |
190 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-12-31 | CVE-2023-52133 | Whiletrue | Unspecified vulnerability in Whiletrue Most and Least Read Posts Widget 2.5.16 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.16. | 8.8 |
2023-12-31 | CVE-2023-7190 | S CMS | Unspecified vulnerability in S-Cms 1.0/1.5/2.0 A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. | 8.8 |
2023-12-31 | CVE-2023-7191 | S CMS | Unspecified vulnerability in S-Cms 1.0/1.5/2.0 A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. | 8.8 |
2023-12-31 | CVE-2023-7189 | S CMS | Unspecified vulnerability in S-Cms 1.0/1.5/2.0 A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. | 8.8 |
2023-12-31 | CVE-2023-7187 | Totolink | Unspecified vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. | 8.8 |
2023-12-31 | CVE-2023-7186 | 7 Card | Unspecified vulnerability in 7-Card Fakabao 1.0 A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. | 8.8 |
2023-12-31 | CVE-2023-7185 | 7 Card | Unspecified vulnerability in 7-Card Fakabao 1.0 A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. | 8.8 |
2023-12-31 | CVE-2023-49777 | Yithemes | Unspecified vulnerability in Yithemes Yith Woocommerce Product Add-Ons Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0. | 8.8 |
2023-12-31 | CVE-2023-7183 | 7 Card | Unspecified vulnerability in 7-Card Fakabao 1.0 A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. | 8.8 |
2023-12-31 | CVE-2023-7184 | 7 Card | Unspecified vulnerability in 7-Card Fakabao 1.0 A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. | 8.8 |
2023-12-31 | CVE-2023-39157 | Crocoblock | Unspecified vulnerability in Crocoblock Jetelements Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. | 8.8 |
2023-12-31 | CVE-2023-52182 | ARI Soft | Deserialization of Untrusted Data vulnerability in Ari-Soft ARI Stream Quiz Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0. | 8.8 |
2023-12-31 | CVE-2023-7130 | Carmelogarcia | Unspecified vulnerability in Carmelogarcia College Notes Gallery 2.0 A vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. | 8.8 |
2023-12-30 | CVE-2023-49299 | Apache | Unspecified vulnerability in Apache Dolphinscheduler Improper Input Validation vulnerability in Apache DolphinScheduler. | 8.8 |
2023-12-30 | CVE-2023-7179 | Online College Library System Project | SQL Injection vulnerability in Online College Library System Project Online College Library System 1.0 A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. | 8.8 |
2023-12-30 | CVE-2023-7176 | Online College Library System Project | Unspecified vulnerability in Online College Library System Project Online College Library System 1.0 A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. | 8.8 |
2023-12-30 | CVE-2023-7177 | Online College Library System Project | Unspecified vulnerability in Online College Library System Project Online College Library System 1.0 A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. | 8.8 |
2023-12-30 | CVE-2018-25096 | Petrk94 | Unspecified vulnerability in Petrk94 Ownhealthrecord A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. | 8.8 |
2023-12-29 | CVE-2023-50070 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Customer Support System 1.0 Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. | 8.8 |
2023-12-29 | CVE-2023-50071 | Customer Support System Project | SQL Injection vulnerability in Customer Support System Project Customer Support System 1.0 Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. | 8.8 |
2023-12-29 | CVE-2023-52137 | TJ Actions | Command Injection vulnerability in Tj-Actions Verify-Changed-Files The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. | 8.8 |
2023-12-29 | CVE-2023-47804 | Apache | Argument Injection or Modification vulnerability in Apache Openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. | 8.8 |
2023-12-29 | CVE-2023-51410 | Wpvibes | Unspecified vulnerability in Wpvibes WP Mail LOG Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. | 8.8 |
2023-12-29 | CVE-2023-51417 | Jorisvm | Unspecified vulnerability in Jorisvm JVM Gutenberg Rich Text Icons Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. | 8.8 |
2023-12-29 | CVE-2023-51421 | Soft8Soft | Unspecified vulnerability in Soft8Soft Verge3D Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | 8.8 |
2023-12-29 | CVE-2023-50878 | Inspireui | Unspecified vulnerability in Inspireui Mstore API Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1. | 8.8 |
2023-12-29 | CVE-2023-50902 | Wpexperts | Unspecified vulnerability in Wpexperts NEW User Approve Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1. | 8.8 |
2023-12-29 | CVE-2023-51354 | Webba Booking | Unspecified vulnerability in Webba-Booking Webba Booking Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking: from n/a through 4.5.33. | 8.8 |
2023-12-29 | CVE-2023-51358 | Brightplugins | Unspecified vulnerability in Brightplugins Block IPS for Gravity Forms 0.1/1.0.0/1.0.1 Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1. | 8.8 |
2023-12-29 | CVE-2023-51378 | Eaglevisionit | Unspecified vulnerability in Eaglevisionit Rise Blocks Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1. | 8.8 |
2023-12-29 | CVE-2023-51422 | Saleswonder | Unspecified vulnerability in Saleswonder Webinarignition Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. | 8.8 |
2023-12-29 | CVE-2023-51470 | Boiteasite | Unspecified vulnerability in Boiteasite Rencontre Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. | 8.8 |
2023-12-29 | CVE-2023-51545 | Themehigh | Unspecified vulnerability in Themehigh JOB Manager & Career Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4. | 8.8 |
2023-12-29 | CVE-2023-7114 | Mattermost | Path Traversal vulnerability in Mattermost Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. | 8.8 |
2023-12-29 | CVE-2023-44088 | Pandorafms | SQL Injection vulnerability in Pandorafms Pandora FMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. | 8.8 |
2023-12-29 | CVE-2023-51402 | Brainstormforce | Unspecified vulnerability in Brainstormforce Ultimate Addons for Wpbakery Page Builder Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17. | 8.8 |
2023-12-29 | CVE-2023-49830 | Brainstormforce | Unspecified vulnerability in Brainstormforce Astra Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. | 8.8 |
2023-12-29 | CVE-2023-51420 | Soft8Soft | Unspecified vulnerability in Soft8Soft Verge3D Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | 8.8 |
2023-12-29 | CVE-2023-22676 | Andersthorborg | Unspecified vulnerability in Andersthorborg Advanced Custom Fields:Image Crop Add-On 1.4.12 Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12. | 8.8 |
2023-12-29 | CVE-2023-22677 | Binarystash | Unspecified vulnerability in Binarystash WP Booklet 2.1.8 Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8. | 8.8 |
2023-12-29 | CVE-2023-32095 | Milandinic | Unspecified vulnerability in Milandinic Rename Media Files 1.0.1 Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinic Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. | 8.8 |
2023-12-29 | CVE-2023-46623 | Wpvnteam | Unspecified vulnerability in Wpvnteam WP Extra Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2. | 8.8 |
2023-12-29 | CVE-2023-47840 | Qodeinteractive | Unspecified vulnerability in Qodeinteractive Qode Essential Addons 1.5.2 Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | 8.8 |
2023-12-29 | CVE-2023-7155 | Mayurik | Unspecified vulnerability in Mayurik Free and Open Source Inventory Management System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. | 8.8 |
2023-12-29 | CVE-2023-7150 | Campcodes | Unspecified vulnerability in Campcodes Chic Beauty Salon 20230703 A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. | 8.8 |
2023-12-28 | CVE-2023-7137 | Code Projects | Unspecified vulnerability in Code-Projects Client Details System 1.0 A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. | 8.8 |
2023-12-28 | CVE-2023-7138 | Code Projects | Unspecified vulnerability in Code-Projects Client Details System 1.0 A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. | 8.8 |
2023-12-28 | CVE-2023-50840 | Oplugins | Unspecified vulnerability in Oplugins Booking Manager Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through 2.1.5. | 8.8 |
2023-12-28 | CVE-2023-50841 | Reputeinfosystems | Unspecified vulnerability in Reputeinfosystems Bookingpress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.72. | 8.8 |
2023-12-28 | CVE-2023-50842 | MF GIG Calendar Project | Unspecified vulnerability in MF GIG Calendar Project MF GIG Calendar Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1. | 8.8 |
2023-12-28 | CVE-2023-7129 | Code Projects | Unspecified vulnerability in Code-Projects Voting System 1.0 A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. | 8.8 |
2023-12-28 | CVE-2023-46987 | Seacms | Code Injection vulnerability in Seacms 12.9 SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | 8.8 |
2023-12-28 | CVE-2023-7128 | Code Projects | Unspecified vulnerability in Code-Projects Voting System 1.0 A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. | 8.8 |
2023-12-28 | CVE-2023-7126 | Code Projects | Unspecified vulnerability in Code-Projects Automated Voting System 1.0 A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. | 8.8 |
2023-12-28 | CVE-2023-36381 | Gesundheit Bewegt | Unspecified vulnerability in Gesundheit-Bewegt Zippy Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5. | 8.8 |
2023-12-28 | CVE-2023-50858 | Billminozzi | Unspecified vulnerability in Billminozzi Anti Hacker 4.34 Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34. | 8.8 |
2023-12-28 | CVE-2023-50873 | Infolific | Unspecified vulnerability in Infolific ADD ANY Extension to Pages Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4. | 8.8 |
2023-12-28 | CVE-2023-50038 | Textpattern | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.8 There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. | 8.8 |
2023-12-28 | CVE-2023-50692 | Jizhicms | Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.5 File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | 8.8 |
2023-12-28 | CVE-2023-49230 | Peplink | Missing Authorization vulnerability in Peplink Balance TWO Firmware 8.1.0 An issue was discovered in Peplink Balance Two before 8.4.0. | 8.8 |
2023-12-27 | CVE-2023-40038 | Arris | Improper Authentication vulnerability in Arris Dg1670A Firmware and Dg860A Firmware Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. | 8.8 |
2023-12-26 | CVE-2023-5645 | Wpvibes | SQL Injection vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | 8.8 |
2023-12-26 | CVE-2023-5673 | Wpvibes | Unrestricted Upload of File with Dangerous Type vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. | 8.8 |
2023-12-26 | CVE-2023-5674 | Wpvibes | SQL Injection vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. | 8.8 |
2023-12-26 | CVE-2023-5931 | Rtcamp | Unrestricted Upload of File with Dangerous Type vulnerability in Rtcamp Rtmedia The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. | 8.8 |
2023-12-26 | CVE-2012-10017 | Bestwebsoft | Unspecified vulnerability in Bestwebsoft Portfolio A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. | 8.8 |
2023-12-25 | CVE-2023-28872 | NCP E | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15/12.22 Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | 8.8 |
2023-12-25 | CVE-2022-39818 | Nokia | OS Command Injection vulnerability in Nokia Network Functions Manager for Transport 19.9 In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. | 8.8 |
2023-12-25 | CVE-2022-39822 | Nokia | SQL Injection vulnerability in Nokia Network Functions Manager for Transport 19.9 In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. | 8.8 |
2023-12-25 | CVE-2023-51772 | Oneidentity | Insufficient Session Expiration vulnerability in Oneidentity Password Manager One Identity Password Manager before 5.13.1 allows Kiosk Escape. | 8.8 |
2023-12-31 | CVE-2023-7193 | Mtab | Unspecified vulnerability in Mtab Bookmark A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. | 8.1 |
2023-12-31 | CVE-2023-7188 | Fahuo100 | SQL Injection vulnerability in Fahuo100 1.1 A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. | 8.1 |
2023-12-31 | CVE-2023-52180 | Really Simple Plugins | Unspecified vulnerability in Really-Simple-Plugins Recipe Maker for Your Food Blog From ZIP Recipes Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.1.0. | 8.1 |
2023-12-29 | CVE-2023-7078 | Cloudflare | Server-Side Request Forgery (SSRF) vulnerability in Cloudflare Miniflare 3.20230821.0 Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. | 8.1 |
2023-12-29 | CVE-2023-7148 | Shifuml | Unspecified vulnerability in Shifuml Shifu 0.12.0 A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. | 8.1 |
2023-12-26 | CVE-2023-52086 | Startutorial | Unrestricted Upload of File with Dangerous Type vulnerability in Startutorial PHP Backend for Resumable.Js 0.1.4 resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. | 8.1 |
2023-12-26 | CVE-2023-49949 | Passwork | Incorrect Authorization vulnerability in Passwork 4.6.13/5.0.9 Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. | 8.1 |
2023-12-29 | CVE-2023-7080 | Cloudflare | Unspecified vulnerability in Cloudflare Wrangler The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. | 8.0 |
2023-12-31 | CVE-2023-52277 | Royalapps | Out-of-bounds Write vulnerability in Royalapps Royaltsx Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. | 7.8 |
2023-12-30 | CVE-2022-46487 | Scontain | Improper Initialization vulnerability in Scontain Scone Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. | 7.8 |
2023-12-29 | CVE-2023-50571 | Jeasy | Unspecified vulnerability in Jeasy Easy Rules 4.1.0 easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. | 7.8 |
2023-12-29 | CVE-2023-51434 | Hihonor | Classic Buffer Overflow vulnerability in Hihonor Magic UI Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. | 7.8 |
2023-12-28 | CVE-2023-46989 | Innovadeluxe | SQL Injection vulnerability in Innovadeluxe Quick Order SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file. | 7.8 |
2023-12-28 | CVE-2023-50445 | GL Inet | OS Command Injection vulnerability in Gl-Inet products Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. | 7.8 |
2023-12-27 | CVE-2023-50255 | Deepin | Unspecified vulnerability in Deepin Deepin-Compressor Deepin-Compressor is the default archive manager of Deepin Linux OS. | 7.8 |
2023-12-26 | CVE-2023-5180 | Opendesign | Out-of-bounds Write vulnerability in Opendesign Drawings SDK An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. | 7.8 |
2023-12-26 | CVE-2023-46681 | Buffalo | Argument Injection or Modification vulnerability in Buffalo Vr-S1000 Firmware Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. | 7.8 |
2023-12-25 | CVE-2023-43064 | IBM | Unspecified vulnerability in IBM I Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. | 7.8 |
2023-12-25 | CVE-2023-7093 | Kylinos | Unspecified vulnerability in Kylinos Kylin-System-Updater A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. | 7.8 |
2023-12-30 | CVE-2023-6998 | Coolkit | Unspecified vulnerability in Coolkit Ewelink Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0. | 7.7 |
2023-12-29 | CVE-2023-4468 | Poly | Unspecified vulnerability in Poly Lens, Trio 8800 Firmware and Trio C60 A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. | 7.6 |
2023-12-26 | CVE-2023-5644 | Wpvibes | Incorrect Authorization vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. | 7.6 |
2023-12-31 | CVE-2023-51503 | Automattic | Unspecified vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | 7.5 |
2023-12-31 | CVE-2023-52185 | Everestthemes | Unspecified vulnerability in Everestthemes Everest Backup Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9. | 7.5 |
2023-12-31 | CVE-2021-46901 | Cetic | Out-of-bounds Write vulnerability in Cetic Cetic-6Lbr 1.5.0 examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network. | 7.5 |
2023-12-31 | CVE-2023-52286 | Tencent | Unspecified vulnerability in Tencent Distributed SQL 1.8.5 Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. | 7.5 |
2023-12-31 | CVE-2021-46900 | Sympa | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sympa Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. | 7.5 |
2023-12-31 | CVE-2023-52266 | Hongliuliao | Use After Free vulnerability in Hongliuliao Ehttp 1.0.6 ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. | 7.5 |
2023-12-31 | CVE-2023-52267 | Hongliuliao | Out-of-bounds Read vulnerability in Hongliuliao Ehttp 1.0.6 ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. | 7.5 |
2023-12-30 | CVE-2023-50110 | Testlink | Unspecified vulnerability in Testlink TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. | 7.5 |
2023-12-29 | CVE-2023-51527 | Aipower | Unspecified vulnerability in Aipower Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2. | 7.5 |
2023-12-29 | CVE-2023-51687 | Implecode | Unspecified vulnerability in Implecode Product Catalog Simple Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6. | 7.5 |
2023-12-29 | CVE-2023-51688 | Implecode | Unspecified vulnerability in Implecode Ecommerce Product Catalog Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26. | 7.5 |
2023-12-29 | CVE-2022-44589 | Miniorange | Unspecified vulnerability in Miniorange Google Authenticator Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. | 7.5 |
2023-12-29 | CVE-2023-4463 | Poly | Unspecified vulnerability in Poly products A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. | 7.5 |
2023-12-29 | CVE-2023-31295 | Sesami | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | 7.5 |
2023-12-29 | CVE-2023-31300 | Sesami | Cleartext Transmission of Sensitive Information vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. | 7.5 |
2023-12-29 | CVE-2023-23427 | Hihonor | Improper Privilege Management vulnerability in Hihonor Magic OS Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 7.5 |
2023-12-29 | CVE-2023-23428 | Hihonor | Improper Privilege Management vulnerability in Hihonor Magic OS Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 7.5 |
2023-12-29 | CVE-2023-23429 | Hihonor | Improper Privilege Management vulnerability in Hihonor Magic OS Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 7.5 |
2023-12-29 | CVE-2023-23430 | Hihonor | Improper Privilege Management vulnerability in Hihonor Magichome Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 7.5 |
2023-12-29 | CVE-2023-31294 | Sesami | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | 7.5 |
2023-12-28 | CVE-2023-52152 | Cybergarage | Out-of-bounds Read vulnerability in Cybergarage Mupnp for C mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. | 7.5 |
2023-12-28 | CVE-2022-36399 | Boxystudio | Unspecified vulnerability in Boxystudio Booked Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4. | 7.5 |
2023-12-28 | CVE-2023-27447 | Veronalabs | Unspecified vulnerability in Veronalabs WP SMS Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4. | 7.5 |
2023-12-28 | CVE-2023-51006 | Zhwnl | Unspecified vulnerability in Zhwnl Chinese Perpetual Calendar 9.0.0 An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors. | 7.5 |
2023-12-27 | CVE-2023-49002 | Xenomtechnologies | Unspecified vulnerability in Xenomtechnologies Phone Dialer-Voice Call Dialer 1.2.5 An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity. | 7.5 |
2023-12-27 | CVE-2023-51075 | Hutool | Infinite Loop vulnerability in Hutool 5.8.23 hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. | 7.5 |
2023-12-27 | CVE-2023-51080 | Hutool | Out-of-bounds Write vulnerability in Hutool 5.8.23 The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. | 7.5 |
2023-12-27 | CVE-2023-52075 | Revanced | Unspecified vulnerability in Revanced 20231125 ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. | 7.5 |
2023-12-27 | CVE-2023-51665 | Audiobookshelf | Unspecified vulnerability in Audiobookshelf Audiobookshelf is a self-hosted audiobook and podcast server. | 7.5 |
2023-12-27 | CVE-2023-51697 | Audiobookshelf | Unspecified vulnerability in Audiobookshelf Audiobookshelf is a self-hosted audiobook and podcast server. | 7.5 |
2023-12-27 | CVE-2023-3171 | Redhat | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Jboss Enterprise Application Platform 7.4 A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. | 7.5 |
2023-12-26 | CVE-2023-52096 | Steve Community | SQL Injection vulnerability in Steve-Community Ocpp-Jaxb SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). | 7.5 |
2023-12-26 | CVE-2023-5203 | Swit | SQL Injection vulnerability in Swit WP Sessions Time Monitoring Full Automatic The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique. | 7.5 |
2023-12-26 | CVE-2023-6114 | Awesomemotive | Files or Directories Accessible to External Parties vulnerability in Awesomemotive Duplicator The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. | 7.5 |
2023-12-26 | CVE-2023-6250 | Bestwebsoft | Cleartext Storage of Sensitive Information vulnerability in Bestwebsoft Like & Share The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | 7.5 |
2023-12-26 | CVE-2023-51103 | Artifex | Divide By Zero vulnerability in Artifex Mupdf 1.23.4 A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c. | 7.5 |
2023-12-26 | CVE-2023-51104 | Artifex | Divide By Zero vulnerability in Artifex Mupdf 1.23.4 A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. | 7.5 |
2023-12-26 | CVE-2023-51105 | Artifex | Divide By Zero vulnerability in Artifex Mupdf 1.23.4 A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c. | 7.5 |
2023-12-26 | CVE-2023-51106 | Artifex | Divide By Zero vulnerability in Artifex Mupdf 1.23.4 A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero. | 7.5 |
2023-12-26 | CVE-2023-51107 | Artifex | Divide By Zero vulnerability in Artifex Mupdf 1.23.4 A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. | 7.5 |
2023-12-26 | CVE-2023-50968 | Apache | Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue. | 7.5 |
2023-12-26 | CVE-2023-28616 | Stormshield | Cleartext Transmission of Sensitive Information vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. | 7.5 |
2023-12-25 | CVE-2023-38321 | Sierrawireless | NULL Pointer Dereference vulnerability in Sierrawireless Aleos OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. | 7.5 |
2023-12-25 | CVE-2023-37185 | C Blosc2 Project | NULL Pointer Dereference vulnerability in C-Blosc2 Project C-Blosc2 C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. | 7.5 |
2023-12-25 | CVE-2023-37186 | C Blosc2 Project | NULL Pointer Dereference vulnerability in C-Blosc2 Project C-Blosc2 C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. | 7.5 |
2023-12-25 | CVE-2023-37187 | C Blosc2 Project | NULL Pointer Dereference vulnerability in C-Blosc2 Project C-Blosc2 C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. | 7.5 |
2023-12-25 | CVE-2023-37188 | C Blosc2 Project | NULL Pointer Dereference vulnerability in C-Blosc2 Project C-Blosc2 C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. | 7.5 |
2023-12-25 | CVE-2023-47091 | Stormshield | Classic Buffer Overflow vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. | 7.5 |
2023-12-25 | CVE-2023-31289 | Pexip | Improper Input Validation vulnerability in Pexip Infinity Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. | 7.5 |
2023-12-25 | CVE-2023-31455 | Pexip | Improper Input Validation vulnerability in Pexip Infinity Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. | 7.5 |
2023-12-25 | CVE-2023-49880 | IBM | Unspecified vulnerability in IBM Financial Transaction Manager 3.2.4 In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. | 7.5 |
2023-12-25 | CVE-2023-7094 | Netentsec | Unspecified vulnerability in Netentsec Application Security Gateway 6.3 A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. | 7.5 |
2023-12-29 | CVE-2023-7104 | Sqlite Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. | 7.3 |
2023-12-31 | CVE-2023-51547 | Wpmanageninja | Unspecified vulnerability in Wpmanageninja Fluent Support Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6. | 7.2 |
2023-12-31 | CVE-2023-52131 | Wpzinc | Unspecified vulnerability in Wpzinc Page Generator Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator.This issue affects Page Generator: from n/a through 1.7.1. | 7.2 |
2023-12-31 | CVE-2023-52132 | Wpadminify | Unspecified vulnerability in Wpadminify WP Adminify Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6. | 7.2 |
2023-12-31 | CVE-2023-52134 | Geomywp | Unspecified vulnerability in Geomywp GEO MY Wordpress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2. | 7.2 |
2023-12-30 | CVE-2023-7181 | Dedebiz | Unspecified vulnerability in Dedebiz A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. | 7.2 |
2023-12-30 | CVE-2023-7178 | Online College Library System Project | Unspecified vulnerability in Online College Library System Project Online College Library System 1.0 A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. | 7.2 |
2023-12-30 | CVE-2023-7172 | Phpgurukul | Unspecified vulnerability in PHPgurukul Hospital Management System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. | 7.2 |
2023-12-29 | CVE-2023-50837 | Webfactoryltd | Unspecified vulnerability in Webfactoryltd WP Login Lockdown 2.06 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06. | 7.2 |
2023-12-29 | CVE-2023-52135 | Westguardsolutions | Unspecified vulnerability in Westguardsolutions WS Form Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170. | 7.2 |
2023-12-29 | CVE-2023-4464 | Poly | Unspecified vulnerability in Poly products A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. | 7.2 |
2023-12-29 | CVE-2023-40606 | Kanbanwp | Code Injection vulnerability in Kanbanwp Kanban Boards for Wordpress Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | 7.2 |
2023-12-29 | CVE-2023-45751 | Posimyth | Unspecified vulnerability in Posimyth Nexter Extension 2.0.3 Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. | 7.2 |
2023-12-28 | CVE-2023-50838 | Basixonline | Unspecified vulnerability in Basixonline Nex-Forms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5. | 7.2 |
2023-12-28 | CVE-2023-50843 | Mediaburst | Unspecified vulnerability in Mediaburst Clockwork SMS Notfications Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a through 3.0.4. | 7.2 |
2023-12-28 | CVE-2023-50844 | Jamesward | Unspecified vulnerability in Jamesward WP Mail Catcher Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3. | 7.2 |
2023-12-28 | CVE-2023-50845 | Ayecode | Unspecified vulnerability in Ayecode Geodirectory Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or Classified Directory: from n/a through 2.3.28. | 7.2 |
2023-12-28 | CVE-2023-50846 | Metagauss | SQL Injection vulnerability in Metagauss Registrationmagic Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. | 7.2 |
2023-12-28 | CVE-2023-50847 | Collne | Unspecified vulnerability in Collne Welcart E-Commerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. | 7.2 |
2023-12-28 | CVE-2023-50848 | Ajexperience | Unspecified vulnerability in Ajexperience 404 Solution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.34.0. | 7.2 |
2023-12-28 | CVE-2023-50849 | E2Pdf | Unspecified vulnerability in E2Pdf Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23. | 7.2 |
2023-12-28 | CVE-2023-50851 | Nsqua | Unspecified vulnerability in Nsqua Simply Schedule Appointments Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N Squared Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin.This issue affects Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin: from n/a before 1.6.6.1. | 7.2 |
2023-12-28 | CVE-2023-50852 | Stylemixthemes | Unspecified vulnerability in Stylemixthemes Bookit Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. | 7.2 |
2023-12-28 | CVE-2023-50853 | Advancedformintegration | Unspecified vulnerability in Advancedformintegration Advanced Form Integration Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.This issue affects Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0. | 7.2 |
2023-12-28 | CVE-2023-50854 | Squirrly | Unspecified vulnerability in Squirrly SEO Plugin BY Squirrly SEO 2.3.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a through 2.3.8. | 7.2 |
2023-12-28 | CVE-2023-50855 | Samperrow | Unspecified vulnerability in Samperrow PRE Party Resource Hints 1.8.18 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.This issue affects Pre* Party Resource Hints: from n/a through 1.8.18. | 7.2 |
2023-12-28 | CVE-2023-32795 | Woocommerce | Unspecified vulnerability in Woocommerce Product Addons 6.1.3 Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | 7.2 |
2023-12-28 | CVE-2023-50856 | Funnelkit | Unspecified vulnerability in Funnelkit Funnel Builder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3. | 7.2 |
2023-12-28 | CVE-2023-50857 | Funnelkit | SQL Injection vulnerability in Funnelkit Automations Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit: from n/a through 2.6.1. | 7.2 |
2023-12-26 | CVE-2023-5939 | Rtcamp | Unspecified vulnerability in Rtcamp Rtmedia The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. | 7.2 |
2023-12-25 | CVE-2023-36485 | Ilias | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 7.2 |
2023-12-25 | CVE-2023-36486 | Ilias | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 7.2 |
2023-12-25 | CVE-2023-49226 | Peplink | Command Injection vulnerability in Peplink Balance TWO Firmware 8.1.0 An issue was discovered in Peplink Balance Two before 8.4.0. | 7.2 |
2023-12-25 | CVE-2023-49328 | Wolterskluwer | Injection vulnerability in Wolterskluwer B.Point 23.70.00 On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module. | 7.2 |
2023-12-29 | CVE-2023-23442 | Hihonor | Type Confusion vulnerability in Hihonor Magic OS Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 7.1 |
2023-12-29 | CVE-2023-23443 | Hihonor | Type Confusion vulnerability in Hihonor Magic OS Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 7.1 |
2023-12-29 | CVE-2023-51426 | Hihonor | Type Confusion vulnerability in Hihonor Magic OS Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 7.1 |
2023-12-29 | CVE-2023-51427 | Hihonor | Type Confusion vulnerability in Hihonor Magic OS Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 7.1 |
2023-12-29 | CVE-2023-51428 | Hihonor | Type Confusion vulnerability in Hihonor Magic OS Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | 7.1 |
2023-12-29 | CVE-2023-51435 | Hihonor | Improper Privilege Management vulnerability in Hihonor Magic UI Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 7.1 |
2023-12-29 | CVE-2023-23431 | Hihonor | Improper Verification of Cryptographic Signature vulnerability in Hihonor Nth-An00 Firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | 7.1 |
2023-12-29 | CVE-2023-23432 | Hihonor | Improper Verification of Cryptographic Signature vulnerability in Hihonor Nth-An00 Firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | 7.1 |
2023-12-29 | CVE-2023-23433 | Hihonor | Improper Verification of Cryptographic Signature vulnerability in Hihonor Nth-An00 Firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | 7.1 |
2023-12-29 | CVE-2023-23435 | Hihonor | Improper Verification of Cryptographic Signature vulnerability in Hihonor Magic OS Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file | 7.1 |
2023-12-29 | CVE-2023-23436 | Hihonor | Improper Verification of Cryptographic Signature vulnerability in Hihonor Magic OS Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file | 7.1 |
2023-12-27 | CVE-2023-47882 | Kamivision | Unspecified vulnerability in Kamivision YI IOT 4.1.920231127 The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. | 7.1 |
159 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-12-26 | CVE-2023-45741 | Buffalo | OS Command Injection vulnerability in Buffalo Vr-S1000 Firmware VR-S1000 firmware Ver. | 6.8 |
2023-12-25 | CVE-2023-49944 | Beyondtrust | Unspecified vulnerability in Beyondtrust Privilege Management for Windows The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. | 6.7 |
2023-12-29 | CVE-2023-4467 | Poly | Unspecified vulnerability in Poly Trio 8800 Firmware 7.2.6.0019 A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. | 6.6 |
2023-12-29 | CVE-2023-51676 | Wedevs | Unspecified vulnerability in Wedevs Happy Addons for Elementor Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. | 6.5 |
2023-12-29 | CVE-2023-4465 | Poly | Unspecified vulnerability in Poly products A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. | 6.5 |
2023-12-28 | CVE-2023-50448 | Activeadmin | Improper Neutralization of Formula Elements in a CSV File vulnerability in Activeadmin In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | 6.5 |
2023-12-28 | CVE-2023-52079 | Kriszyp | Uncontrolled Recursion vulnerability in Kriszyp Msgpackr msgpackr is a fast MessagePack NodeJS/JavaScript implementation. | 6.5 |
2023-12-28 | CVE-2023-45701 | Hcltechsw | Information Exposure Through an Error Message vulnerability in Hcltechsw HCL Launch HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 6.5 |
2023-12-28 | CVE-2023-34829 | TP Link | Cleartext Transmission of Sensitive Information vulnerability in Tp-Link Tapo 2.11.44/2.8.14 Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | 6.5 |
2023-12-26 | CVE-2023-5672 | Wpvibes | Path Traversal vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. | 6.5 |
2023-12-26 | CVE-2023-50294 | Weseek | Cleartext Storage of Sensitive Information vulnerability in Weseek Growi The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. | 6.5 |
2023-12-26 | CVE-2023-50332 | Weseek | Unspecified vulnerability in Weseek Growi Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. | 6.5 |
2023-12-26 | CVE-2023-51363 | Buffalo | Unspecified vulnerability in Buffalo Vr-S1000 Firmware VR-S1000 firmware Ver. | 6.5 |
2023-12-25 | CVE-2022-39820 | Nokia | Insufficiently Protected Credentials vulnerability in Nokia Network Functions Manager for Transport 19.9 In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. | 6.5 |
2023-12-25 | CVE-2022-41760 | Nokia | Path Traversal vulnerability in Nokia Network Functions Manager for Transport 19.9 An issue was discovered in NOKIA NFM-T R19.9. | 6.5 |
2023-12-25 | CVE-2022-41761 | Nokia | Path Traversal vulnerability in Nokia Network Functions Manager for Transport 19.9 An issue was discovered in NOKIA NFM-T R19.9. | 6.5 |
2023-12-28 | CVE-2023-49228 | Peplink | Use of Hard-coded Credentials vulnerability in Peplink Balance TWO Firmware 8.1.0 An issue was discovered in Peplink Balance Two before 8.4.0. | 6.4 |
2023-12-27 | CVE-2023-46919 | Fedirtsapana | Use of Hard-coded Credentials vulnerability in Fedirtsapana Simple Http Server and Simple Http Server Plus Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. | 6.3 |
2023-12-31 | CVE-2023-6093 | Moxa | Improper Restriction of Rendered UI Layers or Frames vulnerability in Moxa Oncell G3150A-Lte Firmware 1.3 A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. | 6.1 |
2023-12-30 | CVE-2023-52264 | Thirtybees | Cross-site Scripting vulnerability in Thirtybees Bees Blog The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. | 6.1 |
2023-12-30 | CVE-2023-52263 | Brave | Open Redirect vulnerability in Brave Browser Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. | 6.1 |
2023-12-30 | CVE-2023-52257 | Logobee | Cross-site Scripting vulnerability in Logobee 0.2 LogoBee 0.2 allows updates.php?id= XSS. | 6.1 |
2023-12-29 | CVE-2023-52240 | Kantega SSO | Cross-site Scripting vulnerability in Kantega-Sso Kantega Saml SSO Oidc Kerberos Single Sign-On The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. | 6.1 |
2023-12-29 | CVE-2023-50069 | Wiremock | Cross-site Scripting vulnerability in Wiremock 3.0.4/3.1.0/3.2.0 WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. | 6.1 |
2023-12-29 | CVE-2023-7113 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client. | 6.1 |
2023-12-29 | CVE-2023-41813 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. | 6.1 |
2023-12-29 | CVE-2023-41814 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). | 6.1 |
2023-12-29 | CVE-2023-41815 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. | 6.1 |
2023-12-29 | CVE-2023-44089 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774. | 6.1 |
2023-12-29 | CVE-2023-50892 | Codex Themes | Unspecified vulnerability in Codex-Themes Thegem Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1. | 6.1 |
2023-12-29 | CVE-2023-50893 | Upsolution | Unspecified vulnerability in Upsolution Impreza 8.17.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4. | 6.1 |
2023-12-29 | CVE-2023-50901 | Hasthemes | Unspecified vulnerability in Hasthemes HT Mega Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8. | 6.1 |
2023-12-29 | CVE-2023-51373 | Nakunakifi | Unspecified vulnerability in Nakunakifi Google Photos Gallery With Shortcodes 4.0.2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2. | 6.1 |
2023-12-29 | CVE-2023-28786 | Solidwp | Unspecified vulnerability in Solidwp Solid Security URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. | 6.1 |
2023-12-29 | CVE-2023-31095 | Crmperks | Unspecified vulnerability in Crmperks Database for Contact Form 7, Wpforms, Elementor Forms URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | 6.1 |
2023-12-29 | CVE-2023-31229 | Wpdirectorykit | Open Redirect vulnerability in Wpdirectorykit WP Directory KIT URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9. | 6.1 |
2023-12-29 | CVE-2023-31237 | Zephyr Project Manager Project | Unspecified vulnerability in Zephyr Project Manager Project Zephyr Project Manager URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9. | 6.1 |
2023-12-29 | CVE-2023-32101 | Pexlechris | Unspecified vulnerability in Pexlechris Library Viewer URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6. | 6.1 |
2023-12-29 | CVE-2023-32517 | Ibericode | Unspecified vulnerability in Ibericode Mailchimp URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | 6.1 |
2023-12-29 | CVE-2023-7160 | Janobe | Unspecified vulnerability in Janobe Engineers Online Portal 1.0 A vulnerability was found in SourceCodester Engineers Online Portal 1.0. | 6.1 |
2023-12-29 | CVE-2023-31302 | Sesami | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. | 6.1 |
2023-12-29 | CVE-2023-31299 | Sesami | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. | 6.1 |
2023-12-29 | CVE-2023-7149 | Code Projects | Unspecified vulnerability in Code-Projects QR Code Generator 1.0 A vulnerability was found in code-projects QR Code Generator 1.0. | 6.1 |
2023-12-29 | CVE-2023-31301 | Sesami | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. | 6.1 |
2023-12-28 | CVE-2023-7133 | Ruoyi | Unspecified vulnerability in Ruoyi 4.7.8 A vulnerability was found in y_project RuoYi 4.7.8. | 6.1 |
2023-12-28 | CVE-2023-51501 | Undsgn | Unspecified vulnerability in Undsgn Uncode Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6. | 6.1 |
2023-12-28 | CVE-2023-49469 | Shaarli Project | Cross-site Scripting vulnerability in Shaarli Project Shaarli 0.12.2 Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function. | 6.1 |
2023-12-28 | CVE-2023-7124 | Fabianros | Unspecified vulnerability in Fabianros E-Commerce Site 1.0 A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. | 6.1 |
2023-12-26 | CVE-2023-48003 | Aspnetzero | Open Redirect vulnerability in Aspnetzero Asp.Net Zero An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages. | 6.1 |
2023-12-26 | CVE-2023-49438 | Flask Security TOO Project | Open Redirect vulnerability in Flask-Security-Too Project Flask-Security-Too An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | 6.1 |
2023-12-26 | CVE-2023-6166 | AYS PRO | Cross-site Scripting vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 6.1 |
2023-12-26 | CVE-2023-6268 | Json Content Importer | Cross-site Scripting vulnerability in Json-Content-Importer Json Content Importer The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-12-26 | CVE-2015-10127 | Bestwebsoft | Unspecified vulnerability in Bestwebsoft Pluscaptcha A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. | 6.1 |
2023-12-26 | CVE-2014-125109 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Portfolio A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. | 6.1 |
2023-12-26 | CVE-2023-50297 | Alfasado | Open Redirect vulnerability in Alfasado Powercms Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | 6.1 |
2023-12-25 | CVE-2023-38826 | Follettlearning | Cross-site Scripting vulnerability in Follettlearning Solutions Destiny 20.01U A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. | 6.1 |
2023-12-25 | CVE-2022-41762 | Nokia | Cross-site Scripting vulnerability in Nokia Network Functions Manager for Transport 19.9 An issue was discovered in NOKIA NFM-T R19.9. | 6.1 |
2023-12-25 | CVE-2022-43675 | Nokia | Cross-site Scripting vulnerability in Nokia Network Functions Manager for Transport 19.9 An issue was discovered in NOKIA NFM-T R19.9. | 6.1 |
2023-12-25 | CVE-2023-37225 | Pexip | Cross-site Scripting vulnerability in Pexip Infinity Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. | 6.1 |
2023-12-25 | CVE-2021-38927 | IBM | Unspecified vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. | 6.1 |
2023-12-29 | CVE-2023-4462 | Poly | Unspecified vulnerability in Poly products A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. | 5.9 |
2023-12-27 | CVE-2023-51443 | Freeswitch | Unspecified vulnerability in Freeswitch FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. | 5.9 |
2023-12-29 | CVE-2023-7079 | Cloudflare | Improper Authentication vulnerability in Cloudflare Wrangler Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. | 5.7 |
2023-12-31 | CVE-2023-52284 | Bytecodealliance | Double Free vulnerability in Bytecodealliance Webassembly Micro Runtime Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled. | 5.5 |
2023-12-30 | CVE-2022-46486 | Scontain | Release of Invalid Pointer or Reference vulnerability in Scontain Scone A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information. | 5.5 |
2023-12-30 | CVE-2023-38021 | Fortanix | Unspecified vulnerability in Fortanix Confidential Computing Manager 3.29 An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. | 5.5 |
2023-12-30 | CVE-2023-38022 | Fortanix | Unspecified vulnerability in Fortanix Confidential Computing Manager An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. | 5.5 |
2023-12-30 | CVE-2023-38023 | Scontain | Unspecified vulnerability in Scontain Scone An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. | 5.5 |
2023-12-30 | CVE-2023-50559 | Openxiangshan | Unspecified vulnerability in Openxiangshan Xiangshan 2.1 An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | 5.5 |
2023-12-29 | CVE-2023-50570 | Seancfoley | Infinite Loop vulnerability in Seancfoley Ipaddress 5.1.0 An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. | 5.5 |
2023-12-29 | CVE-2023-50572 | Jline | Out-of-bounds Write vulnerability in Jline 3.24.1 An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | 5.5 |
2023-12-29 | CVE-2023-23441 | Hihonor | Out-of-bounds Read vulnerability in Hihonor Magic UI Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 5.5 |
2023-12-29 | CVE-2023-51429 | Hihonor | Improper Privilege Management vulnerability in Hihonor Magic OS Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 5.5 |
2023-12-29 | CVE-2023-51430 | Hihonor | Improper Privilege Management vulnerability in Hihonor Magic UI Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 5.5 |
2023-12-29 | CVE-2023-51431 | Hihonor | Unspecified vulnerability in Hihonor Phoneservice Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 5.5 |
2023-12-29 | CVE-2023-51432 | Hihonor | Out-of-bounds Read vulnerability in Hihonor Magic UI Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | 5.5 |
2023-12-29 | CVE-2023-51433 | Hihonor | Improper Privilege Management vulnerability in Hihonor Magic UI Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | 5.5 |
2023-12-29 | CVE-2023-6939 | Hihonor | Type Confusion vulnerability in Hihonor Magic UI Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service. | 5.5 |
2023-12-29 | CVE-2023-23426 | Hihonor | Unspecified vulnerability in Hihonor Fri-An00 Firmware Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. | 5.5 |
2023-12-29 | CVE-2023-23437 | Hihonor | Unspecified vulnerability in Hihonor Vmall Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak | 5.5 |
2023-12-29 | CVE-2023-23438 | Hihonor | Improper Privilege Management vulnerability in Hihonor Lge-An00 Firmware Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions | 5.5 |
2023-12-29 | CVE-2023-23439 | Hihonor | Unspecified vulnerability in Hihonor Lge-An00 Firmware Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 5.5 |
2023-12-29 | CVE-2023-23440 | Hihonor | Unspecified vulnerability in Hihonor Lge-An00 Firmware Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 5.5 |
2023-12-29 | CVE-2023-23434 | Hihonor | Unspecified vulnerability in Hihonor Honorboardapp Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 5.5 |
2023-12-29 | CVE-2023-31292 | Sesami | Improper Authentication vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. | 5.5 |
2023-12-28 | CVE-2023-45702 | Hcltechsw | Unspecified vulnerability in Hcltechsw HCL Launch An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. | 5.5 |
2023-12-27 | CVE-2023-4641 | Shadow Maint Redhat | Improper Authentication vulnerability in multiple products A flaw was found in shadow-utils. | 5.5 |
2023-12-26 | CVE-2023-51654 | Brother | Link Following vulnerability in Brother Iprint&Scan 11.0.0 Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. | 5.5 |
2023-12-30 | CVE-2023-52265 | Idurarapp | Cross-site Scripting vulnerability in Idurarapp Idurar 1.0.0/2.0.0/2.0.1 IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. | 5.4 |
2023-12-30 | CVE-2023-50550 | Layui | Cross-site Scripting vulnerability in Layui layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. | 5.4 |
2023-12-30 | CVE-2023-7173 | Phpgurukul | Unspecified vulnerability in PHPgurukul Hospital Management System 1.0 A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. | 5.4 |
2023-12-29 | CVE-2023-51517 | Codepeople | Unspecified vulnerability in Codepeople Calculated Fields Form URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28. | 5.4 |
2023-12-29 | CVE-2023-51675 | Vasyltech | Unspecified vulnerability in Vasyltech Advanced Access Manager URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. | 5.4 |
2023-12-29 | CVE-2023-50879 | Automattic | Unspecified vulnerability in Automattic Wordpress.Com Editing Toolkit Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. | 5.4 |
2023-12-29 | CVE-2023-50880 | Buddypress | Unspecified vulnerability in Buddypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1. | 5.4 |
2023-12-29 | CVE-2023-50881 | Vasyltech | Unspecified vulnerability in Vasyltech Advanced Access Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15. | 5.4 |
2023-12-29 | CVE-2023-50889 | Fastlinemedia | Unspecified vulnerability in Fastlinemedia Beaver Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. | 5.4 |
2023-12-29 | CVE-2023-50891 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Zoho Forms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | 5.4 |
2023-12-29 | CVE-2023-51396 | Brizy | Unspecified vulnerability in Brizy Brizy-Page Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS.This issue affects Brizy – Page Builder: from n/a through 2.4.29. | 5.4 |
2023-12-29 | CVE-2023-51397 | Brainstormforce | Unspecified vulnerability in Brainstormforce WP Remote Site Search 1.0.4 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4. | 5.4 |
2023-12-29 | CVE-2023-51399 | Wpfactory | Unspecified vulnerability in Wpfactory Back Button Widget Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3. | 5.4 |
2023-12-29 | CVE-2023-51541 | Urosevic | Cross-site Scripting vulnerability in Urosevic Stock Ticker Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševic Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4. | 5.4 |
2023-12-29 | CVE-2023-7166 | Xxyopen | Unspecified vulnerability in Xxyopen Novel-Plus A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. | 5.4 |
2023-12-29 | CVE-2023-52085 | Wintercms | Unspecified vulnerability in Wintercms Winter Winter is a free, open-source content management system. | 5.4 |
2023-12-28 | CVE-2023-52084 | Wintercms | Unspecified vulnerability in Wintercms Winter Winter is a free, open-source content management system. | 5.4 |
2023-12-28 | CVE-2023-7135 | Code Projects | Unspecified vulnerability in Code-Projects Record Management System 1.0 A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. | 5.4 |
2023-12-28 | CVE-2023-7136 | Code Projects | Unspecified vulnerability in Code-Projects Record Management System 1.0 A vulnerability classified as problematic was found in code-projects Record Management System 1.0. | 5.4 |
2023-12-28 | CVE-2023-7132 | Carmelogarcia | Unspecified vulnerability in Carmelogarcia Intern Membership Management System 2.0 A vulnerability was found in code-projects Intern Membership Management System 2.0. | 5.4 |
2023-12-28 | CVE-2023-50470 | Seacms | Cross-site Scripting vulnerability in Seacms 12.8 A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
2023-12-28 | CVE-2023-50859 | Themeum | Cross-site Scripting vulnerability in Themeum WP Crowdfunding Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through 2.1.6. | 5.4 |
2023-12-28 | CVE-2023-50860 | TMS Outsource | Unspecified vulnerability in Tms-Outsource Amelia Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85. | 5.4 |
2023-12-28 | CVE-2023-50874 | Connekthq | Unspecified vulnerability in Connekthq Ajax Load More Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a through 6.1.0.1. | 5.4 |
2023-12-26 | CVE-2023-42436 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. | 5.4 |
2023-12-26 | CVE-2023-45737 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. | 5.4 |
2023-12-26 | CVE-2023-45740 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. | 5.4 |
2023-12-26 | CVE-2023-47215 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. | 5.4 |
2023-12-26 | CVE-2023-49119 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. | 5.4 |
2023-12-26 | CVE-2023-49598 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. | 5.4 |
2023-12-26 | CVE-2023-49779 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. | 5.4 |
2023-12-26 | CVE-2023-49807 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. | 5.4 |
2023-12-26 | CVE-2023-50175 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. | 5.4 |
2023-12-26 | CVE-2023-50339 | Weseek | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. | 5.4 |
2023-12-26 | CVE-2023-49117 | Alfasado | Cross-site Scripting vulnerability in Alfasado Powercms PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. | 5.4 |
2023-12-26 | CVE-2023-27150 | Opencrx | Cross-site Scripting vulnerability in Opencrx 5.2.0 openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. | 5.4 |
2023-12-31 | CVE-2023-6094 | Moxa | Cleartext Transmission of Sensitive Information vulnerability in Moxa Oncell G3150A-Lte Firmware 1.3 A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. | 5.3 |
2023-12-29 | CVE-2023-51663 | Hail | Unspecified vulnerability in Hail Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. | 5.3 |
2023-12-29 | CVE-2023-31296 | Sesami | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | 5.3 |
2023-12-28 | CVE-2023-52081 | Ewen LBH | Injection vulnerability in Ewen-Lbh Firefox CSS 0.1.0/0.1.1/0.1.2 ffcss is a CLI interface to apply and configure Firefox CSS themes. | 5.3 |
2023-12-28 | CVE-2023-51010 | QD Metro | Unspecified vulnerability in Qd-Metro Qingdao Metro 4.2.2 An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. | 5.3 |
2023-12-27 | CVE-2023-49003 | Simplemobiletools | Missing Authorization vulnerability in Simplemobiletools Simple Dialer 5.18.1 An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. | 5.3 |
2023-12-27 | CVE-2023-51074 | Json Path | Unspecified vulnerability in Json-Path Jayway Jsonpath 2.8.0 json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. | 5.3 |
2023-12-27 | CVE-2023-51079 | Mvel | Unspecified vulnerability in Mvel 2.5.0 A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. | 5.3 |
2023-12-26 | CVE-2023-6155 | AYS PRO | Improper Authentication vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. | 5.3 |
2023-12-25 | CVE-2023-40236 | Pexip | Use of Hard-coded Credentials vulnerability in Pexip Virtual Meeting Rooms In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | 5.3 |
2023-12-25 | CVE-2023-7098 | Easyimages2 0 Project | Unspecified vulnerability in Easyimages2.0 Project Easyimages2.0 2.8.3 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. | 5.3 |
2023-12-29 | CVE-2023-4466 | Poly | Unspecified vulnerability in Poly products A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. | 4.9 |
2023-12-25 | CVE-2023-30451 | Typo3 | Path Traversal vulnerability in Typo3 11.5.24 In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. | 4.9 |
2023-12-31 | CVE-2023-52269 | Mdaemon | Cross-site Scripting vulnerability in Mdaemon Securitygateway 9.0.3 MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. | 4.8 |
2023-12-29 | CVE-2023-7171 | Xxyopen | Unspecified vulnerability in Xxyopen Novel-Plus A vulnerability was found in Novel-Plus up to 4.2.0. | 4.8 |
2023-12-29 | CVE-2023-50896 | Weformspro | Unspecified vulnerability in Weformspro Weforms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17. | 4.8 |
2023-12-29 | CVE-2023-51361 | Gingerplugins | Unspecified vulnerability in Gingerplugins Sticky Chat Widget Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: from n/a through 1.1.8. | 4.8 |
2023-12-29 | CVE-2023-51371 | Bitapps | Unspecified vulnerability in Bitapps BIT Assist 1.1.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS.This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9. | 4.8 |
2023-12-29 | CVE-2023-51372 | Hasthemes | Unspecified vulnerability in Hasthemes Hashbar Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1. | 4.8 |
2023-12-29 | CVE-2023-51374 | Zerobounce | Unspecified vulnerability in Zerobounce Email Verification & Validation 1.0.11 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS.This issue affects ZeroBounce Email Verification & Validation: from n/a through 1.0.11. | 4.8 |
2023-12-29 | CVE-2023-31298 | Sesami | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. | 4.8 |
2023-12-29 | CVE-2023-7143 | Code Projects | Unspecified vulnerability in Code-Projects Client Details System 1.0 A vulnerability was found in code-projects Client Details System 1.0. | 4.8 |
2023-12-28 | CVE-2023-52083 | Wintercms | Unspecified vulnerability in Wintercms Winter Winter is a free, open-source content management system. | 4.8 |
2023-12-28 | CVE-2023-50836 | Ibericode | Unspecified vulnerability in Ibericode Html Forms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28. | 4.8 |
2023-12-26 | CVE-2023-5980 | Bannersky | Cross-site Scripting vulnerability in Bannersky BSK Forms Blacklist The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-12-25 | CVE-2023-31297 | Sesami | Cross-site Scripting vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. | 4.8 |
2023-12-27 | CVE-2023-46918 | Fedirtsapana | Use of Hard-coded Credentials vulnerability in Fedirtsapana Simple Http Server Plus 1.8.1Plus Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. | 4.6 |
2023-12-26 | CVE-2023-46711 | Buffalo | Use of Hard-coded Credentials vulnerability in Buffalo Vr-S1000 Firmware VR-S1000 firmware Ver. | 4.6 |
2023-12-30 | CVE-2023-7180 | Tongda2000 | Unspecified vulnerability in Tongda2000 Office Anywhere 2017 11.9 A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. | 4.3 |
2023-12-29 | CVE-2023-31293 | Sesami | Unspecified vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. | 4.3 |
2023-12-28 | CVE-2023-50267 | Metersphere | Authorization Bypass Through User-Controlled Key vulnerability in Metersphere MeterSphere is a one-stop open source continuous testing platform. | 4.3 |
2023-12-28 | CVE-2023-49229 | Peplink | Missing Authorization vulnerability in Peplink Balance TWO Firmware 8.1.0 An issue was discovered in Peplink Balance Two before 8.4.0. | 4.3 |
2023-12-26 | CVE-2023-46699 | Weseek | Cross-Site Request Forgery (CSRF) vulnerability in Weseek Growi Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. | 4.3 |
2023-12-25 | CVE-2023-48652 | Concretecms | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. | 4.3 |
2023-12-25 | CVE-2023-47247 | Sysaid | Unspecified vulnerability in Sysaid In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-12-31 | CVE-2023-52275 | Tecno Mobile | Missing Authorization vulnerability in Tecno-Mobile Camon X Firmware Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. | 2.1 |