| Vulners.com -- Update Chrome now! Google patches another actively exploited vulnerability |
| Vulners.com -- CVE-2023-43014 |
| Vulners.com -- CVE-2023-5185 |
| Vulners.com -- CVE-2023-43013 |
| Vulners.com -- CVE-2023-43226 |
| Vulners.com -- CVE-2023-30415 |
| Vulners.com -- CVE-2023-43869 |
| Vulners.com -- JetBrains TeamCity Unauthenticated Remote Code Execution |
| Vulners.com -- CVE-2023-43115 |
| Vulners.com -- Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server |
| Vulners.com -- [SECURITY] Fedora 38 Update: emacs-28.3-0.rc1.fc38 |
| Vulners.com -- CVE-2023-4863 |
| Vulners.com -- CVE-2023-41449 |
| Vulners.com -- CVE-2023-41452 |
| CVE-2022-35908 -- Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. |
| CVE-2023-0989 -- An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with |
| CVE-2023-0989 -- An information disclosure issue in GitLab CE/EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD co |
| CVE-2023-2233 -- An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to l |
| CVE-2023-26146 -- All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered |
| CVE-2023-26147 -- All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject |
| CVE-2023-26148 -- All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent. |
| CVE-2023-26218 -- The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute script |
| CVE-2023-3024 -- Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
|
| CVE-2023-30591 -- Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object typ |
| CVE-2023-3115 -- An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members access |
| CVE-2023-3413 -- An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fo |
| CVE-2023-3775 -- A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault En |
| CVE-2023-3906 -- An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.
|
| CVE-2023-3914 -- A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projec |
| CVE-2023-3917 -- Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.
|
| CVE-2023-3920 -- An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship b |
| CVE-2023-3922 -- An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI |
| CVE-2023-39308 -- Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7 versions. |
| CVE-2023-39410 -- When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
|
| CVE-2023-3979 -- An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on |
| CVE-2023-41655 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <= 2.5.9 versions. |
| CVE-2023-41657 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions. |
| CVE-2023-41658 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions. |
| CVE-2023-41661 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. |
| CVE-2023-41662 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. |
| CVE-2023-41663 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions. |
| CVE-2023-41666 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions. |
| CVE-2023-41687 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions. |
| CVE-2023-41691 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions. |
| CVE-2023-43655 -- Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` |
| CVE-2023-43909 -- Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. |
| CVE-2023-43944 -- A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list. |
| CVE-2023-44270 -- An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
|
| CVE-2023-44464 -- pretix before 2023.7.2 allows Pillow to parse EPS files. |
| CVE-2023-44466 -- An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted leng |
| CVE-2023-44469 -- A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770 |
| CVE-2023-4532 -- An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects whic |
| CVE-2023-5077 -- The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. |
| CVE-2023-5159 -- Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
|
| CVE-2023-5193 -- Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.
|
| CVE-2023-5194 -- Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager
|
| CVE-2023-5195 -- Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
|
| CVE-2023-5196 -- Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming te |
| CVE-2023-5198 -- An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches us |
| CVE-2023-5257 -- A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traver |
| CVE-2023-5258 -- A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. |
| CVE-2023-5259 -- A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit h |
| CVE-2023-5260 -- A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection. |
| CVE-2023-5261 -- A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exp |
| CVE-2023-5262 -- A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. T |
| CVE-2023-5263 -- A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be |
| CVE-2023-5264 -- A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remote |
| CVE-2023-5265 -- A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql in |
| CVE-2023-5266 -- A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. Th |
| CVE-2023-5267 -- A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been |
| CVE-2023-5268 -- A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated |
| CVE-2023-5269 -- A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s lead |
| CVE-2023-5270 -- A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql inje |
| CVE-2023-5271 -- A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. |
| CVE-2023-5272 -- A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql i |
| CVE-2023-5273 -- A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The |
| CVE-2023-5276 -- A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be ini |
| CVE-2023-5277 -- A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted uploa |
| CVE-2023-5278 -- A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to |
| CVE-2023-5279 -- A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id le |
| CVE-2023-5280 -- A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack ma |
| CVE-2023-5281 -- A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to i |
| CVE-2023-5282 -- A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. Th |
| CVE-2023-5283 -- A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. |
| CVE-2023-5284 -- A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is po |
| CVE-2023-5285 -- A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. T |
| CVE-2023-5286 -- A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the arg |
| CVE-2023-5287 -- ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of |
| CVE-2023-5289 -- Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. |
| CVE-2023-5293 -- A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The e |
| CVE-2023-5294 -- A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launche |
| CVE-2023-5296 -- A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak pass |
| CVE-2023-5297 -- A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is po |
| Vulners.com -- CVE-2023-41450 |
| Vulners.com -- libwebp vulnerability |
| Vulners.com -- Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability |
| Vulners.com -- CVE-2023-2315 |
| Vulners.com -- CVE-2023-35074 |
| Vulners.com -- CVE-2023-38586 |
| Vulners.com -- CVE-2023-39375 |
| Vulners.com -- CVE-2023-43610 |
| CVE-2022-47186 -- There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory. |
| CVE-2022-47187 -- There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file |
| CVE-2023-26145 -- This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original sou |
| CVE-2023-26149 -- Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function.
|
| CVE-2023-30415 -- Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. |
| CVE-2023-38870 -- A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection. |
| CVE-2023-38871 -- The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allo |
| CVE-2023-38872 -- An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. |
| CVE-2023-38873 -- The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a butto |
| CVE-2023-38874 -- A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwa |
| CVE-2023-38877 -- A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once cl |
| CVE-2023-39195 -- ** REJECT ** CVE-2023-39195 was found to be a duplicate of CVE-2023-42755. Please see https://access.redhat.com/security/cve/CVE-2023-42755 for more information.
|
| CVE-2023-40307 -- An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow read |
| CVE-2023-40375 -- Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating s |
| CVE-2023-41444 -- An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. |
| CVE-2023-41446 -- Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
|
| CVE-2023-41447 -- Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. |
| CVE-2023-41911 -- Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). |
| CVE-2023-42222 -- WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. |
| CVE-2023-42756 -- A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the |
| CVE-2023-43013 -- Asset Management System v1.0 is vulnerable to an
|
| CVE-2023-43014 -- Asset Management System v1.0 is vulnerable to
|
| CVE-2023-43044 -- IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.
|
| CVE-2023-4316 -- Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails
|
| CVE-2023-43226 -- An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2023-43323 -- mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[ |
| CVE-2023-43654 -- TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be take |
| CVE-2023-43657 -- discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Havi |
| CVE-2023-43662 -- ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverIm |
| CVE-2023-43663 -- PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f |
| CVE-2023-43664 -- PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has b |
| CVE-2023-43739 -- The 'bookisbn' parameter of the cart.php resource
|
| CVE-2023-43740 -- Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of
|
| CVE-2023-43740 -- [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR] |
| CVE-2023-43860 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function. |
| CVE-2023-43861 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function. |
| CVE-2023-43862 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function. |
| CVE-2023-43863 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function. |
| CVE-2023-43864 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function. |
| CVE-2023-43865 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function. |
| CVE-2023-43866 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function. |
| CVE-2023-43867 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function. |
| CVE-2023-43868 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function. |
| CVE-2023-43869 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 Function. |
| CVE-2023-43871 -- A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
|
| CVE-2023-43872 -- A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). |
| CVE-2023-43873 -- A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.
|
| CVE-2023-43874 -- Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
|
| CVE-2023-43876 -- A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
|
| CVE-2023-43878 -- Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.
|
| CVE-2023-43879 -- Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. |
| CVE-2023-43884 -- A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter. |
| CVE-2023-44163 -- The 'search' parameter of the process_search.php resource
|
| CVE-2023-44164 -- The 'Email' parameter of the process_login.php resource
|
| CVE-2023-44165 -- The 'Password' parameter of the process_login.php resource
|
| CVE-2023-44166 -- The 'age' parameter of the process_registration.php resource
|
| CVE-2023-44167 -- The 'name' parameter of the process_registration.php resource
|
| CVE-2023-44168 -- The 'phone' parameter of the process_registration.php resource
|
| CVE-2023-44173 -- Online Movie Ticket Booking System v1.0 is vulnerable to
|
| CVE-2023-44273 -- Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. |
| CVE-2023-44275 -- OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. |
| CVE-2023-44276 -- OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. |
| CVE-2023-5053 -- Hospital management system version 378c157 allows to bypass authentication.
|
| CVE-2023-5185 -- Gym Management System Project v1.0 is vulnerable to
|
| CVE-2023-5186 -- Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) |
| CVE-2023-5187 -- Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-5215 -- A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the |
| CVE-2023-5217 -- Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-5230 -- The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user suppli |
| CVE-2023-5232 -- The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it |
| CVE-2023-5233 -- The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This make |
| CVE-2023-5244 -- Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. |
| CVE-2023-5256 -- In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.
|
| Vulners.com -- CVE-2023-44014 |
| Vulners.com -- CVE-2023-44019 |
| Vulners.com -- CVE-2023-44023 |
| Vulners.com -- CVE-2023-44018 |
| Vulners.com -- CVE-2023-44021 |
| Vulners.com -- CVE-2023-39434 |
| Vulners.com -- CVE-2023-35071 |
| Vulners.com -- CVE-2023-44172 |
| Vulners.com -- CVE-2023-44170 |
| Vulners.com -- CVE-2023-43216 |
| Vulners.com -- CVE-2023-44169 |
| Vulners.com -- CVE-2023-44171 |
| Vulners.com -- CVE-2023-43222 |
| Vulners.com -- Cisco IOS XE Software Web UI Command Injection Vulnerability |
| Vulners.com -- Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability |
| Vulners.com -- Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability |
| Vulners.com -- Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability |
| Vulners.com -- Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability |
| Vulners.com -- Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability |
| Vulners.com -- CVE-2023-4737 |
| Vulners.com -- CVE-2023-4934 |
| Vulners.com -- CVE-2023-41993 |
| Vulners.com -- Puma vulnerability |
| Vulners.com -- Cisco DNA Center API Insufficient Access Control Vulnerability |
| Vulners.com -- Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability |
| Vulners.com -- ReadyMedia vulnerabilities |
| Vulners.com -- Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score |
