Vulnerability Summary for the Week of November 27, 2023

 High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can’t upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file “` management:   endpoints:     web:       exposure:         include: health,metrics,prometheus “` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. 2023-11-24 7.5 CVE-2023-48796
 
apache — dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the meantime, we recommend you make sure the logs are only available to trusted operators. 2023-11-27 7.5 CVE-2023-49068
 
apache — superset Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset’s metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data. 2023-11-27 8.8 CVE-2023-40610
 
arcserve — udp Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files. 2023-11-27 9.8 CVE-2023-41998
arslansoft — education_portal Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1. 2023-12-01 9.8 CVE-2023-5634
arslansoft — education_portal Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1. 2023-12-01 9.8 CVE-2023-5636
arslansoft — education_portal Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting. This issue affects Education Portal: before v1.1. 2023-12-01 7.5 CVE-2023-5635
arslansoft — education_portal Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable. This issue affects Education Portal: before v1.1. 2023-12-01 7.5 CVE-2023-5637
chamilo — chamilo_lms Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS 2023-11-28 8.8 CVE-2023-4221

 

chamilo — chamilo_lms Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS 2023-11-28 8.8 CVE-2023-4222

 

chamilo — chamilo_lms Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS 2023-11-28 8.8 CVE-2023-4223

 

chamilo — chamilo_lms Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS 2023-11-28 8.8 CVE-2023-4224

 

chamilo — chamilo_lms Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS 2023-11-28 8.8 CVE-2023-4225

 

chamilo — chamilo_lms Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS 2023-11-28 8.8 CVE-2023-4226

 

clastix — capsule-proxy capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you’re relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade. 2023-11-24 9.8 CVE-2023-48312
 
controlid — idsecure An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a “passwordCustom” option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. 2023-11-27 9.8 CVE-2023-6329
cszcms — cszcms A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file viewstemplates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-27 7.2 CVE-2023-6302

 

dell — rvtools RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users’ system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. 2023-11-24 7.5 CVE-2023-44303
eskom_computer — e-municipality_module Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105. 2023-11-28 7.2 CVE-2023-6150
eskom_computer — e-municipality_module Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105. 2023-11-28 7.2 CVE-2023-6151
f-secure — linux_protection Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. 2023-11-27 7.5 CVE-2023-49322
foxit_software — foxit_reader A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. 2023-11-27 8.8 CVE-2023-32616
foxit_software — foxit_reader An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted malicious site if the browser plugin extension is enabled. 2023-11-27 8.8 CVE-2023-35985
foxit_software — foxit_reader A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. 2023-11-27 8.8 CVE-2023-38573
foxit_software — foxit_reader A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. 2023-11-27 8.8 CVE-2023-39542
foxit_software — foxit_reader An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. 2023-11-27 8.8 CVE-2023-40194
foxit_software — foxit_reader A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. 2023-11-27 8.8 CVE-2023-41257
frhed — frhed Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers. 2023-11-27 9.8 CVE-2023-4590
google — chrome Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) 2023-11-29 9.6 CVE-2023-6345

 

google — chrome Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-11-29 8.8 CVE-2023-6346

 

google — chrome Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-11-29 8.8 CVE-2023-6347

 

google — chrome Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) 2023-11-29 8.8 CVE-2023-6350

 

ibm — qradar_wincollect IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. 2023-11-24 7.8 CVE-2023-26279
 
jeecg — jimureport A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-27 9.8 CVE-2023-6307

 

jfinal_cms — jfinal_cms An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. 2023-11-28 9.8 CVE-2023-47503
kingsoft — wps_office An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 2023-11-27 7.8 CVE-2023-31275
klive — klive SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. 2023-11-27 7.5 CVE-2023-49030

 

layer5 — meshery A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter. 2023-11-24 9.8 CVE-2023-46575

 

mattermost — mattermost Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string.  2023-11-27 7.5 CVE-2023-40703
mattermost — mattermost Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb). 2023-11-27 7.5 CVE-2023-48268
moses-smt — mosesdecoder A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135. 2023-11-27 9.8 CVE-2023-6309

 

nodejs — node.js A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the “msiexec.exe” process, running under the NT AUTHORITYSYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user’s registry. The issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the “msiexec.exe” process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations. The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or “non-privileged”) users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged “msiexec.exe” process. This manipulation can result in the creation of folders in unintended and potentially malicious locations. It is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. Users who opt for other installation methods are not affected by this particular issue. 2023-11-28 7.5 CVE-2023-30585
openlink_software — virtuoso An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. 2023-11-29 7.5 CVE-2023-48946
openlink_software — virtuoso An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. 2023-11-29 7.5 CVE-2023-48947
openlink_software — virtuoso An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. 2023-11-29 7.5 CVE-2023-48948
openlink_software — virtuoso An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. 2023-11-29 7.5 CVE-2023-48949
openlink_software — virtuoso An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. 2023-11-29 7.5 CVE-2023-48950
openlink_software — virtuoso An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. 2023-11-29 7.5 CVE-2023-48951
openlink_software — virtuoso An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. 2023-11-29 7.5 CVE-2023-48952
openzfs — openzfs OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. 2023-11-24 7.5 CVE-2023-49298

 

otrs — otrs A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37. 2023-11-27 7.5 CVE-2023-6254
owncast — owncast An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. 2023-11-27 9.8 CVE-2023-46480
 
phpseclib — phpseclib In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service. 2023-11-27 7.5 CVE-2023-49316
 
plesk — plesk Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. 2023-11-27 7.8 CVE-2023-4931
 
precision_bridge — precision_bridge Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. 2023-11-26 9.1 CVE-2023-49312
 
prestashop — prestashop In the module “Product Catalog (CSV, Excel) Export/Update” (updateproducts) 2023-11-27 9.8 CVE-2023-46349
prestashop — prestashop SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. 2023-11-27 9.8 CVE-2023-48188
redhat — enterprise_linux A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. 2023-11-27 7.5 CVE-2023-5871

 

sapplica — sentrifugo In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. 2023-11-28 8.8 CVE-2023-29770
 
sequelize-typescript — sequelize-typescript Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. 2023-11-24 7.1 CVE-2023-6293
 
solarwinds_ — solarwinds_platform SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account. 2023-11-28 8 CVE-2023-40056
 
sourcecodester — free_and_open_source_inventory_management_system A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246132. 2023-11-27 9.8 CVE-2023-6306

 

sourcecodester — loan_management_system A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function delete_borrower of the file deleteBorrower.php. The manipulation of the argument borrower_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246136. 2023-11-27 7.2 CVE-2023-6310

 

sourcecodester — loan_management_system A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical. This issue affects the function delete_ltype of the file delete_ltype.php of the component Loan Type Page. The manipulation of the argument ltype_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246137 was assigned to this vulnerability. 2023-11-27 7.2 CVE-2023-6311

 

sourcecodester– loan_management_system A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246138 is the identifier assigned to this vulnerability. 2023-11-27 7.2 CVE-2023-6312

 

sourcecodester — free_and_open_source_inventory_management_system A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246131. 2023-11-27 9.8 CVE-2023-6305

 

tecno-mobile — tr118_firmware A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-27 8 CVE-2023-6304

 

tenda — ac10_firmware Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098. 2023-11-29 9.8 CVE-2023-45479
 
tenda — ac10_firmware Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878. 2023-11-29 9.8 CVE-2023-45480
 
tenda — ac10_firmware Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. 2023-11-29 9.8 CVE-2023-45481
 
tenda — ac10_firmware Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. 2023-11-29 9.8 CVE-2023-45482
 
tenda — ac10_firmware Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. 2023-11-29 9.8 CVE-2023-45483
 
tenda — ac10_firmware Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic. 2023-11-29 9.8 CVE-2023-45484
 
tenda — ax1803_firmware An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. 2023-11-27 9.8 CVE-2023-49040
tenda — ax1803_firmware Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. 2023-11-27 9.8 CVE-2023-49042
tenda — ax1803_firmware Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. 2023-11-27 9.8 CVE-2023-49043
tenda — ax1803_firmware Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. 2023-11-27 9.8 CVE-2023-49044
tenda — ax1803_firmware Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. 2023-11-27 9.8 CVE-2023-49046
tenda — ax1803_firmware Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. 2023-11-27 7.5 CVE-2023-49047
tongda2000 — tongda_oa A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability. 2023-11-24 7.5 CVE-2023-6276

 

trellix — application_and_change_control An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. 2023-11-27 7.2 CVE-2023-5607
univera_computer_system — panorama Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Univera Computer System Panorama allows Command Injection. This issue affects Panorama: before 8.0. 2023-11-28 9.9 CVE-2023-6201
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6410
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6411
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6412
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6413
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6414
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6415
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6416
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6417
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. 2023-11-30 7.5 CVE-2023-6418
warp-tech — warpgate Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user’s account. Limited users can impersonate another user’s account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-11-24 8.8 CVE-2023-48712
 
wordpress — wordpress The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. 2023-11-27 9.8 CVE-2023-4922
wordpress — wordpress The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. 2023-11-27 9.8 CVE-2023-5604
wordpress — wordpress The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. 2023-11-27 9.8 CVE-2023-5974
wordpress — wordpress The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. 2023-11-27 9.1 CVE-2023-5559
wordpress — wordpress The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. 2023-11-27 7.5 CVE-2023-5239
wordpress — wordpress The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission. 2023-11-27 7.5 CVE-2023-5906
wordpress — wordpress The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the ‘bookingpress_process_upload’ function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2023-11-28 7.2 CVE-2023-6219

 

xiamen_four-faith — video_surveillance_management_system A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-27 8.8 CVE-2023-6308

 

zyxel — nas326/nas542 A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. 2023-11-30 9.8 CVE-2023-35138
zyxel — nas326/nas542 A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. 2023-11-30 9.8 CVE-2023-4473
zyxel — nas326/nas542 The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. 2023-11-30 9.8 CVE-2023-4474
zyxel — nas326/nas542 The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. 2023-11-30 8.8 CVE-2023-37927
zyxel — nas326/nas542 A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. 2023-11-30 8.8 CVE-2023-37928

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — nifi Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation. 2023-11-27 5.4 CVE-2023-49145

 

apache — superset Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart’s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2.  Users are recommended to upgrade to version 2.1.2, which fixes this issue. 2023-11-27 5.4 CVE-2023-43701
 
apache — superset Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. 2023-11-27 4.3 CVE-2023-42501
 
bigprof — online_clinic_management_system A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6422
bigprof — online_clinic_management_system A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6423
bigprof — online_clinic_management_system A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6424
bigprof — online_clinic_management_system A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6425
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6426
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6427
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6428
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6429
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6430
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6431
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6432
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6433
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6434
bigprof — online_invoicing_system A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. 2023-11-30 5.4 CVE-2023-6435
bluetooth — bluetooth_core_specification Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS. 2023-11-28 6.8 CVE-2023-24023
 
busybox — busybox A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. 2023-11-27 5.5 CVE-2023-42363
busybox — busybox A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. 2023-11-27 5.5 CVE-2023-42364
busybox — busybox A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. 2023-11-27 5.5 CVE-2023-42365
busybox — busybox A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. 2023-11-27 5.5 CVE-2023-42366
codeigniter — shield CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-11-24 6.5 CVE-2023-48707
 
codeigniter — shield CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user’s authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files. 2023-11-24 6.5 CVE-2023-48708

 

cszcms — cszcms A vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/ of the component Site Settings Page. The manipulation of the argument Additional Meta Tag with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-27 4.8 CVE-2023-6303

 

f-secure — linux_protection Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. 2023-11-27 5.3 CVE-2023-49321
franklin_electric_fueling_systems — colibri_firmware The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. 2023-11-27 6.5 CVE-2023-5885

 

grupo_alumne — alumne_lms A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the ‘localidad’ parameter to inject a custom JavaScript payload and partially take over another user’s browser session, due to the lack of proper sanitization of the ‘localidad’ field on the /users/editmy page. 2023-11-28 6.1 CVE-2023-6359
itext — itext A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-26 6.5 CVE-2023-6298

 

itext — itext A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25, 2023 prior to the disclosure. 2023-11-26 6.5 CVE-2023-6299

 

knative — serving Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0. 2023-11-28 5.3 CVE-2023-48713

 

libtiff — libtiff An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. 2023-11-24 6.5 CVE-2023-6277

 

mattermost — mattermost Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked “Back to Mattermost” after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to= 2023-11-27 6.1 CVE-2023-47168
mattermost — mattermost Mattermost fails to use  innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim’s page by create a channel name that is valid HTML. No XSS is possible though.  2023-11-27 5.4 CVE-2023-35075
mattermost — mattermost Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log. 2023-11-27 5.3 CVE-2023-48369
mattermost — mattermost Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.  2023-11-27 4.3 CVE-2023-43754
mattermost — mattermost Mattermost fails to properly validate the “Show Full Name” option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.  2023-11-27 4.3 CVE-2023-45223
mattermost — mattermost Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled 2023-11-27 4.3 CVE-2023-47865
mattermost — mattermost Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards. 2023-11-27 4.3 CVE-2023-6202
naver — whale_browser The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via ‘Open in Whale’ feature. 2023-11-27 5.5 CVE-2023-25632
oro_inc — client_relationship_management OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1. 2023-11-28 5 CVE-2023-32063

 

oro_inc — orocommerce OroCommerce package with customer portal and non-authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1. 2023-11-28 4.3 CVE-2023-32064
oro_inc — orocommerce OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1. 2023-11-28 5.8 CVE-2023-32065
oro_inc — oroplatform OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1. 2023-11-27 4.3 CVE-2023-32062

 

oscommerce — oscommerce A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq”>zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-26 6.1 CVE-2023-6296

 

pachno — pachno A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script. 2023-11-28 5.4 CVE-2023-47437
 
phpgurukul — nipah_virus_testing_management_system A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123. 2023-11-26 6.1 CVE-2023-6297

 

prestashop — prestashop Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. 2023-11-28 6.1 CVE-2023-48042
 
prestashop — prestashop In the module “CSV Feeds PRO” (csvfeeds) 2023-11-27 5.3 CVE-2023-46355
smpn1smg — absis Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file. 2023-11-27 6.1 CVE-2023-49029

 

smpn1smg — absis Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file. 2023-11-27 5.4 CVE-2023-49028

 

sourcecodester — url_shortener A vulnerability was found in SourceCodester URL Shortener 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Long URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246139. 2023-11-27 6.1 CVE-2023-6313

 

sourcecodester– best_courier_management_system A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability. 2023-11-27 6.1 CVE-2023-6300

 

sourcecodester– best_courier_management_system A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127. 2023-11-27 6.1 CVE-2023-6301

 

sysaid — sysaid SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. 2023-11-24 6.5 CVE-2023-33706
tribe29 — checkmk_appliance Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. 2023-11-27 5.5 CVE-2023-6287
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. 2023-11-30 6.1 CVE-2023-6419
voovi — voovi A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. 2023-11-30 6.1 CVE-2023-6420
wordpress — wordpress The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS 2023-11-27 6.1 CVE-2023-5325
wordpress — wordpress The WP-UserOnline WordPress plugin before 2.88.3 does not sanitize and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks. 2023-11-27 6.1 CVE-2023-5560
wordpress — wordpress The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2023-11-27 6.1 CVE-2023-5641
wordpress — wordpress The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. 2023-11-27 6.1 CVE-2023-5958
wordpress — wordpress The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. 2023-11-27 5.9 CVE-2023-4642
wordpress — wordpress The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-11-27 5.4 CVE-2023-4514
wordpress — wordpress The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. 2023-11-27 5.4 CVE-2023-5620
wordpress — wordpress The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. 2023-11-27 5.4 CVE-2023-5738
wordpress — wordpress The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-11-27 5.4 CVE-2023-5942
wordpress — wordpress The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. 2023-11-27 5.3 CVE-2023-4252
wordpress — wordpress The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them 2023-11-27 5.3 CVE-2023-5611
wordpress — wordpress The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags 2023-11-27 5.3 CVE-2023-5845
wordpress — wordpress The gAppointments WordPress plugin through 1.9.5.1 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-11-27 4.8 CVE-2023-2707
wordpress — wordpress The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-11-27 4.8 CVE-2023-5209
wordpress — wordpress The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. 2023-11-27 4.3 CVE-2023-4297
wordpress — wordpress The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. 2023-11-27 4.3 CVE-2023-5525
wordpress — wordpress The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. 2023-11-27 4.3 CVE-2023-5737
zyxel — zld An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device. 2023-11-28 5.5 CVE-2023-5960
zyxel — multiple_products An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device. 2023-11-28 5.5 CVE-2023-35136
zyxel — multiple_products An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device. 2023-11-28 5.5 CVE-2023-37925
zyxel — multiple_products A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device. 2023-11-28 5.5 CVE-2023-37926
zyxel — multiple_products An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device. 2023-11-28 5.5 CVE-2023-5650
zyxel — multiple_products An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device. 2023-11-28 5.5 CVE-2023-5797
zyxel — multiple_products A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs. 2023-11-28 5.2 CVE-2023-35139
zyxel — multiple_products A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device. 2023-11-28 4.4 CVE-2023-4397

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google-translate-api-browser — google_translate_api_browser google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://translate.google.@127.0.0.1/…`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-11-24 3.7 CVE-2023-48711
 
tribe29 — checkmk Cross-site Request Forgery (CSRF) in Checkmk 2023-11-24 3.5 CVE-2023-6251

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acer — wireless_keyboard An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. 2023-11-27 not yet calculated CVE-2023-48034
aio-libs — aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. 2023-11-30 not yet calculated CVE-2023-49081
 
aio-libs — aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0. 2023-11-29 not yet calculated CVE-2023-49082
 
anyscale — ray Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment 2023-11-28 not yet calculated CVE-2023-48022
 
anyscale — ray
 
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment 2023-11-28 not yet calculated CVE-2023-48023
 
apache — activemq Once a user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke through refection. And then, RCE is able to be achieved via jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. 2023-11-28 not yet calculated CVE-2022-41678

 

apache — cocoon Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. 2023-11-30 not yet calculated CVE-2022-45135
 
apache — dolphinscheduler Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability 2023-11-30 not yet calculated CVE-2023-49620

 

apache — superset An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. 2023-11-28 not yet calculated CVE-2023-42502
apache — superset An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0 2023-11-28 not yet calculated CVE-2023-42504
 
apache — superset An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection’s username. This issue affects Apache Superset before 3.0.0. 2023-11-28 not yet calculated CVE-2023-42505
 
apache — cocoon Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. 2023-11-30 not yet calculated CVE-2023-49733
 
apache — tomcat
 
Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. 2023-11-28 not yet calculated CVE-2023-46589
 
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. 2023-11-30 not yet calculated CVE-2023-42916

 

apple — multiple_products A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. 2023-11-30 not yet calculated CVE-2023-42917

 

aquaforest — tiff_server The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files. 2023-11-30 not yet calculated CVE-2023-6352

 

arcserve — arcserve_udp An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication. 2023-11-27 not yet calculated CVE-2023-41999
arcserve — arcserve_udp Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed. 2023-11-27 not yet calculated CVE-2023-42000
arm_ltd — bifrost_gpu_kernel_driver Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0. 2023-12-01 not yet calculated CVE-2023-5427
asana,_inc. — desktop_on_macos Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack. 2023-11-28 not yet calculated CVE-2023-49314

 

asr — falcon Memory Corruption in IMS while calling VoLTE Streamingmedia Interface 2023-11-30 not yet calculated CVE-2023-49699
asr — falcon Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large. 2023-11-30 not yet calculated CVE-2023-49700
asr — falcon Memory Corruption in SIM management while USIMPhase2init 2023-11-30 not yet calculated CVE-2023-49701
becton,_dickinson_and_company_(bd) — facschorus The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data. 2023-11-28 not yet calculated CVE-2023-29060
becton,_dickinson_and_company_(bd) — facschorus There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication. 2023-11-28 not yet calculated CVE-2023-29061
becton,_dickinson_and_company_(bd) — facschorus The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems. 2023-11-28 not yet calculated CVE-2023-29062
becton,_dickinson_and_company_(bd) — facschorus The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup. 2023-11-28 not yet calculated CVE-2023-29063
becton,_dickinson_and_company_(bd) — facschorus The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts. 2023-11-28 not yet calculated CVE-2023-29064
becton,_dickinson_and_company_(bd) — facschorus The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database. 2023-11-28 not yet calculated CVE-2023-29065
becton,_dickinson_and_company_(bd) — facschorus The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. 2023-11-28 not yet calculated CVE-2023-29066
bowo — debug_log_manager Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager. This issue affects Debug Log Manager: from n/a through 2.3.0. 2023-11-30 not yet calculated CVE-2023-6136
calendarinho — calendarinho Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. 2023-12-01 not yet calculated CVE-2023-49281

 

carrierwave — carrierwave CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5. 2023-11-29 not yet calculated CVE-2023-49090

 

catalis — cms360 Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. 2023-11-30 not yet calculated CVE-2023-6341

 

chamilo — chamilo_lms Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS 2023-11-28 not yet calculated CVE-2023-3368

 

chamilo — chamilo_lms Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS 2023-11-28 not yet calculated CVE-2023-3533

 

chamilo — chamilo_lms Improper sanitization in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS 2023-11-28 not yet calculated CVE-2023-3545

 

chamilo — chamilo_lms Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS 2023-11-28 not yet calculated CVE-2023-4220

 

collabora_online — collabora_online Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-01 not yet calculated CVE-2023-48314
cosmos-server — cosmos-server Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0. 2023-11-29 not yet calculated CVE-2023-49091
d-link — go-rt-ac750 D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. 2023-12-01 not yet calculated CVE-2023-48842
dell — rugged_control_center Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system. 2023-12-02 not yet calculated CVE-2023-39256
dell — rugged_control_center Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system. 2023-12-02 not yet calculated CVE-2023-39257
dell — rugged_control_center Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources. 2023-12-01 not yet calculated CVE-2023-43089
delta_electronics — infrasuite_device_master In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. 2023-11-30 not yet calculated CVE-2023-39226
delta_electronics — infrasuite_device_master In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. 2023-11-30 not yet calculated CVE-2023-46690
delta_electronics — infrasuite_device_master In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. 2023-11-30 not yet calculated CVE-2023-47207
delta_electronics — infrasuite_device_master In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. 2023-11-30 not yet calculated CVE-2023-47279
dpaste — dpaste dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user’s browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability. 2023-12-01 not yet calculated CVE-2023-49277
 
dreamer — cms Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. 2023-11-29 not yet calculated CVE-2023-46886
dreamer — cms In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. 2023-11-29 not yet calculated CVE-2023-46887
dreamer_cms — dreamer_cms Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. 2023-11-30 not yet calculated CVE-2023-48912
dreamer_cms — dreamer_cms Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. 2023-11-30 not yet calculated CVE-2023-48913
dreamer_cms — dreamer_cms Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. 2023-11-30 not yet calculated CVE-2023-48914
electron — electron Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically, this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron. 2023-12-01 not yet calculated CVE-2023-44402

 

espocrm — espocrm An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. 2023-11-30 not yet calculated CVE-2023-5965
espocrm — espocrm An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. 2023-11-30 not yet calculated CVE-2023-5966
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. 2023-11-29 not yet calculated CVE-2023-48880
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. 2023-11-29 not yet calculated CVE-2023-48881
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. 2023-11-29 not yet calculated CVE-2023-48882
ezviz — multiple_products An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices. 2023-11-28 not yet calculated CVE-2023-48121
facebook — katran Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f 2023-11-28 not yet calculated CVE-2023-49062
 
gesundheit_bewegt_gmbh — zippy Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy. This issue affects Zippy: from n/a through 1.6.1. 2023-11-30 not yet calculated CVE-2023-26533
getsentry — symbolicator Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2. 2023-11-30 not yet calculated CVE-2023-49094

 

gitkraken — gitlens An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component. 2023-11-28 not yet calculated CVE-2023-46944
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items. 2023-12-01 not yet calculated CVE-2023-3443
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects’ release descriptions via an atom endpoint when release access on the public was set to only project members. 2023-12-01 not yet calculated CVE-2023-3949
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings. 2023-12-01 not yet calculated CVE-2023-3964
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch. 2023-12-01 not yet calculated CVE-2023-4317
 
gitlab — gitlab An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. 2023-12-01 not yet calculated CVE-2023-5226
 
gitlab — gitlab_ce/ee Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim’s browser. 2023-12-01 not yet calculated CVE-2023-6033
 
gitlab — gitlab_ee An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group. 2023-12-01 not yet calculated CVE-2023-4658
 
gitlab — gitlab_ee An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input. 2023-12-01 not yet calculated CVE-2023-4912
 
gitlab — gitlab_ee An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects. 2023-12-01 not yet calculated CVE-2023-5995
 
gl.inet — ax1800 Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. 2023-11-29 not yet calculated CVE-2023-47462
gl.inet — ax1800 Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function. 2023-11-30 not yet calculated CVE-2023-47463
gl.inet — ax1800 Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. 2023-11-30 not yet calculated CVE-2023-47464
gnutls — gnutls A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. 2023-11-28 not yet calculated CVE-2023-5981

 

go-resty — go-resty A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn’t had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body. 2023-11-28 not yet calculated CVE-2023-45286

 

google — android Remote code execution 2023-11-29 not yet calculated CVE-2022-42536
google — android Remote code execution 2023-11-29 not yet calculated CVE-2022-42537
google — android Elevation of privilege 2023-11-29 not yet calculated CVE-2022-42538
google — android Information disclosure 2023-11-29 not yet calculated CVE-2022-42539
google — android Elevation of privilege 2023-11-29 not yet calculated CVE-2022-42540
google — android Remote code execution 2023-11-29 not yet calculated CVE-2022-42541
google — chrome Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-11-29 not yet calculated CVE-2023-6348

 

google — chrome Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) 2023-11-29 not yet calculated CVE-2023-6351

 

haproxy — haproxy HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. 2023-11-28 not yet calculated CVE-2023-45539

 

henschen_&_associates — court_document_management_software Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents. 2023-11-30 not yet calculated CVE-2023-6376

 

hitachi_energy — relion670 A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.  2023-12-01 not yet calculated CVE-2023-4518
huddly — huddlycameraservice DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. 2023-12-01 not yet calculated CVE-2023-45252
huddly — huddlycameraservice An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. 2023-12-01 not yet calculated CVE-2023-45253
ibm — aix IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966. 2023-12-01 not yet calculated CVE-2023-45168
 
ibm — i IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266. 2023-12-01 not yet calculated CVE-2023-42006
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. 2023-12-01 not yet calculated CVE-2023-38268
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. 2023-12-01 not yet calculated CVE-2023-40699
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504. 2023-12-01 not yet calculated CVE-2023-42009
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. 2023-12-01 not yet calculated CVE-2023-42019
 

ibm — infosphere_information_server

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938. 2023-12-01 not yet calculated CVE-2023-42022
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064. 2023-12-01 not yet calculated CVE-2023-43015
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. 2023-12-01 not yet calculated CVE-2023-43021
 
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506. 2023-12-01 not yet calculated CVE-2023-46174
 
ibm — planning_analytics_on_cloud_pak_for_data IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. 2023-12-01 not yet calculated CVE-2023-26024
 
ibm — security_guardium IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262. 2023-11-28 not yet calculated CVE-2023-42004
 
idemia — multiple_products The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface.  The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to  unauthorized access and data leakage 2023-11-28 not yet calculated CVE-2023-4667
interaxon — muse_2 InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a “false” brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal. 2023-12-02 not yet calculated CVE-2023-49914
 
jenkins — jenkins Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1. 2023-11-29 not yet calculated CVE-2023-49652
 
jenkins — jenkins Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. 2023-11-29 not yet calculated CVE-2023-49653
 
jenkins — jenkins Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. 2023-11-29 not yet calculated CVE-2023-49654
 
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. 2023-11-29 not yet calculated CVE-2023-49655
 
jenkins — jenkins Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-11-29 not yet calculated CVE-2023-49656
 
jenkins — jenkins A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. 2023-11-29 not yet calculated CVE-2023-49673
 
jenkins — jenkins A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. 2023-11-29 not yet calculated CVE-2023-49674
 
joomla! — joomla!_cms The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. 2023-11-29 not yet calculated CVE-2023-40626
jsherp — jsherp Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. 2023-11-30 not yet calculated CVE-2023-48894
jumpserver — gplv3 Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. 2023-11-28 not yet calculated CVE-2023-48193

 

jupiter — jupiter A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. 2023-12-01 not yet calculated CVE-2023-48887

 

libsyn — libsyn_publisher_hub Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub. This issue affects Libsyn Publisher Hub: from n/a through 1.3.2. 2023-11-30 not yet calculated CVE-2023-25057
logback — logback A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. 2023-11-29 not yet calculated CVE-2023-6378
loytec_electronics — gmbh_linx_configurator LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. 2023-11-30 not yet calculated CVE-2023-46383
 
loytec_electronics — gmbh_linx_configurator LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device. 2023-11-30 not yet calculated CVE-2023-46384
 
loytec_electronics — gmbh_linx_configurator LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. 2023-11-30 not yet calculated CVE-2023-46385
 
loytec_electronics — multiple_products LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. 2023-11-30 not yet calculated CVE-2023-46386
 
loytec_electronics — multiple_products LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. 2023-11-30 not yet calculated CVE-2023-46387
 
loytec_electronics — multiple_products LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. 2023-11-30 not yet calculated CVE-2023-46388
 
loytec_electronics — multiple_products LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. 2023-11-30 not yet calculated CVE-2023-46389
 
m-files — m-files_server Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object. 2023-11-28 not yet calculated CVE-2023-6239
mailcow — mailcow-dockerized Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11. 2023-11-30 not yet calculated CVE-2023-49077
 
microweber — microweber File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. 2023-11-30 not yet calculated CVE-2023-49052
 
minipaint — minipaint Cross-site Scripting (XSS) – Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. 2023-12-01 not yet calculated CVE-2023-6461
 
misskey — misskey Misskey is an open source, decentralized social media platform. Misskey’s missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1. 2023-11-29 not yet calculated CVE-2023-49079
mitsubishi_electric_corporation — gx_works2 Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. 2023-11-30 not yet calculated CVE-2023-5274

 

mitsubishi_electric_corporation — gx_works2 Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. 2023-11-30 not yet calculated CVE-2023-5275

 

mitsubishi_electric_corporation — gx_works3 Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition. 2023-11-30 not yet calculated CVE-2023-5247
 
nec_platforms,_ltd — itk-6dgs-1(bk)_tel An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allow an attacker to execute any command on the device. 2023-11-30 not yet calculated CVE-2023-3741
netease — cloudmusic An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. 2023-11-30 not yet calculated CVE-2023-47454
netgear — netgear_prosafe_network_management_system NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. 2023-11-29 not yet calculated CVE-2023-49693
 
netgear — netgear_prosafe_network_management_system A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. 2023-11-29 not yet calculated CVE-2023-49694
 
nettyrpc — nettyrpc A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. 2023-12-01 not yet calculated CVE-2023-48886
 
netwrix_corporation — usercube Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints). 2023-11-28 not yet calculated CVE-2023-41264
 
nexkey — nexkey nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2. 2023-11-30 not yet calculated CVE-2023-49095
 
node.js — node.js When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. 2023-11-28 not yet calculated CVE-2023-30588
node.js — node.js The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: “Generates private and public Diffie-Hellman key values”. The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. 2023-11-28 not yet calculated CVE-2023-30590
notepad++ — notepad++ An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. 2023-11-30 not yet calculated CVE-2023-47452
notepad++ — notepad++ A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-11-30 not yet calculated CVE-2023-6401
 
o2oa — o2oa Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. 2023-11-30 not yet calculated CVE-2023-47418
 
october_cms — october_cms October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15. 2023-12-01 not yet calculated CVE-2023-44381
october_cms — october_cms October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2. 2023-11-29 not yet calculated CVE-2023-44383
 
october_cms — october_cms October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15. 2023-12-01 not yet calculated CVE-2023-44382
openlink_software — virtuoso A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-11-29 not yet calculated CVE-2023-48945
oro_inc — platform OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `OroBundleGaufretteBundleFileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9. 2023-11-27 not yet calculated CVE-2022-41951
packers_and_movers_management_system — packers_and_movers_management_system SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. 2023-11-30 not yet calculated CVE-2023-46956
perl — perl In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a p{…} regular expression construct is mishandled. The earliest affected version is 5.30.0. 2023-12-02 not yet calculated CVE-2023-47100
phpems — phpems A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file appcontentclsapi.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability. 2023-12-02 not yet calculated CVE-2023-6472

 

phpgurukul — nipah_virus_testing_management_system A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423. 2023-11-30 not yet calculated CVE-2023-6402

 

phpgurukul — nipah_virus_testing_management_system A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability. 2023-11-30 not yet calculated CVE-2023-6442

 

phpgurukul — nipah_virus_testing_management_system A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615. 2023-12-02 not yet calculated CVE-2023-6465

 

phpmemcachedadmin — phpmemcachedadmin A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input. 2023-11-30 not yet calculated CVE-2023-6026
phpmemcachedadmin — phpmemcachedadmin A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the “/pmcadmin/configure.php” parameter. 2023-11-30 not yet calculated CVE-2023-6027
pimcore — pimcore The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundleSecurityPimcoreUserTwoFactorCondition` introduced in v11 disable the two-factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2. 2023-11-28 not yet calculated CVE-2023-49075

 

pimcore — pimcore Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5. 2023-11-30 not yet calculated CVE-2023-49076
 
posthog — posthog PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability. 2023-12-01 not yet calculated CVE-2023-46746
 
preh_gmbh — mib3_infotainment_unit The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III (3V3) – 2.0 TDI manufactured in 2022. 2023-12-01 not yet calculated CVE-2023-28895
preh_gmbh — mib3_infotainment_unit Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) – 2.0 TDI manufactured in 2022. 2023-12-01 not yet calculated CVE-2023-28896
progress_software_corporation — moveit_transfer In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.  An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser. 2023-11-29 not yet calculated CVE-2023-6217
 
progress_software_corporation — moveit_transfer In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group member’s permissions to the role of an organization administrator. 2023-11-29 not yet calculated CVE-2023-6218
 
ptc — kepserverex KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. 2023-11-30 not yet calculated CVE-2023-5908
ptc — kepserverex KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. 2023-11-30 not yet calculated CVE-2023-5909
pyca — cryptography cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. 2023-11-29 not yet calculated CVE-2023-49083

 

raptor-web — raptor-web raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user-controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of `raptor-web` on version `0.4.4`. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1. 2023-11-28 not yet calculated CVE-2023-49078
 
restaurant_table_booking_system — restaurant_table_booking_system Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. 2023-12-01 not yet calculated CVE-2023-48016
ruoyi — ruoyi RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. 2023-12-01 not yet calculated CVE-2023-49371
rustcrypto — rsa RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer. 2023-11-28 not yet calculated CVE-2023-49092
 
schweitzer_engineering_laboratories — sel-411l An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-2264
schweitzer_engineering_laboratories — sel-411l An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-2265
schweitzer_engineering_laboratories — sel-411l An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-2266
schweitzer_engineering_laboratories — sel-411l An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-2267
schweitzer_engineering_laboratories — sel-451 An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.  See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-31176
 
schweitzer_engineering_laboratories — sel-451 An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim’s system. See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-31177
 
schweitzer_engineering_laboratories — sel-451 An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-34388
 
schweitzer_engineering_laboratories — sel-451 An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-34389
 
schweitzer_engineering_laboratories — sel-451 An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details. 2023-11-30 not yet calculated CVE-2023-34390
 
senayan_library_management_systems — slims_9_bulian Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. 2023-12-01 not yet calculated CVE-2023-48813
 
senayan_library_management_systems — slims_9_bulian
 
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php. 2023-12-01 not yet calculated CVE-2023-48893
 
shenzhen_libituo_technology_co.,_ltd — lbt-t300-t310 Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter. 2023-11-30 not yet calculated CVE-2023-47307
sierra_wireless_inc. — aleos Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device. 2023-11-29 not yet calculated CVE-2023-40458
simplesamlphp — xml-security xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP’s canonicalization function) manages to manipulate the canonicalized version’s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13. 2023-11-30 not yet calculated CVE-2023-49087
 
sohu — video_player An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. 2023-11-30 not yet calculated CVE-2023-47453
sophos — sophos_email_appliance A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4. 2023-11-30 not yet calculated CVE-2021-36806
sourcecodester — book_borrower_system A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246443. 2023-11-30 not yet calculated CVE-2023-6440

 

sourcecodester — online_quiz_system A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639. 2023-12-02 not yet calculated CVE-2023-6473

 

sourcecodester — user_registration_and_login_system A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612. 2023-12-01 not yet calculated CVE-2023-6462

 

sourcecodester — user_registration_and_login_system A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability. 2023-12-01 not yet calculated CVE-2023-6463

 

sourcecodester — user_registration_and_login_system A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability. 2023-12-02 not yet calculated CVE-2023-6464

 

spring — reactor_netty In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled. 2023-11-28 not yet calculated CVE-2023-34054
spring — spring_boot In Spring Boot versions 2.7.0 – 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath 2023-11-28 not yet calculated CVE-2023-34055
spring — spring_framework In Spring Framework versions 6.0.0 – 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. 2023-11-28 not yet calculated CVE-2023-34053
systematica — radius Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter “file” in URL. Also: affected components in same product – HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25) 2023-11-30 not yet calculated CVE-2021-35975
tenda — i6 Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. 2023-11-30 not yet calculated CVE-2023-48963
tenda — i6 Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. 2023-11-30 not yet calculated CVE-2023-48964
thecosy — icecms A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability. 2023-11-30 not yet calculated CVE-2023-6438

 

thecosy — icecms A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616. 2023-12-02 not yet calculated CVE-2023-6466

 

thecosy — icecms A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability. 2023-12-02 not yet calculated CVE-2023-6467

 

totolink — x6000r An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. 2023-12-01 not yet calculated CVE-2023-43453
totolink — x6000r An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. 2023-12-01 not yet calculated CVE-2023-43454
totolink — x6000r An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. 2023-12-01 not yet calculated CVE-2023-43455
totolink — x6000r In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. 2023-12-01 not yet calculated CVE-2023-48801
 
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48802
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48803
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48804
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48805
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48806
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48807
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48808
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48810
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48811
totolink — x6000r In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. 2023-11-30 not yet calculated CVE-2023-48812
trellix — trellix_enterprise_security_manager A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn’t parse for invalid data 2023-11-29 not yet calculated CVE-2023-6070
trellix — trellix_enterprise_security_manager An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn’t correctly sanitized when adding a new data source. 2023-11-30 not yet calculated CVE-2023-6071
tyler_technologies — civil_and_criminal_electronic_filing Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx ‘enky’ parameter. 2023-11-30 not yet calculated CVE-2023-6353

 

tyler_technologies — court_case_management_plus Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the ‘CmWebSearchPfp/Login.aspx?xyzldk=’ and ‘payforprint_CM/Redirector.ashx?userid=’ parameters. The vulnerable “pay for print” feature was removed on or around 2023-11-01. 2023-11-30 not yet calculated CVE-2023-6342

 

tyler_technologies — court_case_management_plus Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx ‘FN’ and ‘PN’ parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. 2023-11-30 not yet calculated CVE-2023-6343

 

tyler_technologies — court_case_management_plus Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx ‘ifolder’ parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. 2023-11-30 not yet calculated CVE-2023-6344

 

tyler_technologies — magistrate_court_case_management_plus Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx ‘filename’ parameter. 2023-11-30 not yet calculated CVE-2023-6354

 

tyler_technologies — magistrate_court_case_management_plus Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials. 2023-11-30 not yet calculated CVE-2023-6375

 

uptime_kuma — uptime_kuma
 
Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-12-01 not yet calculated CVE-2023-49276
 
ureport — ureport An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. 2023-11-28 not yet calculated CVE-2023-48848
windows — multiple_products An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. 2023-11-30 not yet calculated CVE-2023-4770
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MonsterInsights Pro allows Stored XSS. This issue affects MonsterInsights Pro: from n/a through 8.14.1. 2023-11-30 not yet calculated CVE-2023-32291
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS). This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1. 2023-11-30 not yet calculated CVE-2023-33333
 
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS. This issue affects SoundCloud Shortcode: from n/a through 3.1.0. 2023-11-30 not yet calculated CVE-2023-34018
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery. This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7. 2023-11-30 not yet calculated CVE-2023-34030
 
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin. This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64. 2023-11-30 not yet calculated CVE-2023-36507
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link. This issue affects Email download link: from n/a through 3.7. 2023-11-30 not yet calculated CVE-2023-36523
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery. This issue affects Schema Pro: from n/a through 2.7.7. 2023-11-30 not yet calculated CVE-2023-36682
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery. This issue affects CartFlows Pro: from n/a through 1.11.12. 2023-11-30 not yet calculated CVE-2023-36685
wordpress — wordpress Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress. This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8. 2023-11-30 not yet calculated CVE-2023-37867
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO. This issue affects Premium Addons PRO: from n/a through 2.9.0. 2023-11-30 not yet calculated CVE-2023-37868
wordpress — wordpress Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers. This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88. 2023-11-30 not yet calculated CVE-2023-37890
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce. This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1. 2023-11-30 not yet calculated CVE-2023-37972
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kriesi Enfold – Responsive Multi-Purpose Theme allows Reflected XSS. This issue affects Enfold – Responsive Multi-Purpose Theme: from n/a through 5.6.4. 2023-11-30 not yet calculated CVE-2023-38400
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS. This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12. 2023-11-30 not yet calculated CVE-2023-38474
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS. This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through 4.6.19. 2023-11-30 not yet calculated CVE-2023-39921
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks. This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. 2023-11-30 not yet calculated CVE-2023-40211
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on. This issue affects EWWW Image Optimizer: from n/a through 7.2.0. 2023-11-30 not yet calculated CVE-2023-40600
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy. This issue affects Cookies and Content Security Policy: from n/a through 2.15. 2023-11-30 not yet calculated CVE-2023-40662
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS. This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118. 2023-11-30 not yet calculated CVE-2023-40674
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Yoast Yoast SEO allows Stored XSS. This issue affects Yoast SEO: from n/a through 21.0. 2023-11-30 not yet calculated CVE-2023-40680
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS. This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1. 2023-11-30 not yet calculated CVE-2023-41127
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS. This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8. 2023-11-30 not yet calculated CVE-2023-41128
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS. This issue affects Simple Long Form: from n/a through 2.2.2. 2023-11-30 not yet calculated CVE-2023-41136
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers. This issue affects Email posts to subscribers: from n/a through 6.2. 2023-11-30 not yet calculated CVE-2023-41735
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS. This issue affects Bamboo Columns: from n/a through 1.6.1. 2023-11-30 not yet calculated CVE-2023-44143
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS. This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1. 2023-11-30 not yet calculated CVE-2023-45050
 
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS. This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0. 2023-11-30 not yet calculated CVE-2023-45609
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub. This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. 2023-11-30 not yet calculated CVE-2023-45834
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS. This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. 2023-11-30 not yet calculated CVE-2023-46086
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop. This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0. 2023-11-30 not yet calculated CVE-2023-46820
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS). This issue affects Elementor: from n/a through 3.16.4. 2023-11-30 not yet calculated CVE-2023-47505
 
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS. This issue affects Q2W3 Post Order: from n/a through 1.2.8. 2023-11-30 not yet calculated CVE-2023-47521
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery. This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6. 2023-11-30 not yet calculated CVE-2023-47645
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS. This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1. 2023-11-30 not yet calculated CVE-2023-47777

 

wordpress — wordpress Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Events Addon for Elementor: from n/a through 2.1.3. 2023-11-30 not yet calculated CVE-2023-47827
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS. This issue affects Grab & Save: from n/a through 1.0.4. 2023-11-30 not yet calculated CVE-2023-47844
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tainacan.Org Tainacan allows Reflected XSS. This issue affects Tainacan: from n/a through 0.20.4. 2023-11-30 not yet calculated CVE-2023-47848
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS. This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0. 2023-11-30 not yet calculated CVE-2023-47850
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS. This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1. 2023-11-30 not yet calculated CVE-2023-47851
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS. This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1. 2023-11-30 not yet calculated CVE-2023-47853
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS. This issue affects Parallax Image: from n/a through 1.7.1. 2023-11-30 not yet calculated CVE-2023-47854
wordpress — wordpress Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to force all users log out. This issue affects wpForo Forum: from n/a through 2.2.6. 2023-11-30 not yet calculated CVE-2023-47870
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gVectors Team wpForo Forum allows Stored XSS. This issue affects wpForo Forum: from n/a through 2.2.3. 2023-11-30 not yet calculated CVE-2023-47872
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery. This issue affects Perfmatters: from n/a through 2.1.6. 2023-11-30 not yet calculated CVE-2023-47875
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Perfmatters allows Reflected XSS. This issue affects Perfmatters: from n/a through 2.1.6. 2023-11-30 not yet calculated CVE-2023-47876
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Perfmatters allows Stored XSS. This issue affects Perfmatters: from n/a before 2.2.0. 2023-11-30 not yet calculated CVE-2023-47877
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS. This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2. 2023-11-30 not yet calculated CVE-2023-48272
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS. This issue affects WP Forms Puzzle Captcha: from n/a through 4.1. 2023-11-30 not yet calculated CVE-2023-48278
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery. This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6. 2023-11-30 not yet calculated CVE-2023-48279
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery. This issue affects Broken Link Checker for YouTube: from n/a through 1.3. 2023-11-30 not yet calculated CVE-2023-48281
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery. This issue affects Taxonomy filter: from n/a through 2.2.9. 2023-11-30 not yet calculated CVE-2023-48282
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery. This issue affects Simple Testimonials Showcase: from n/a through 1.1.5. 2023-11-30 not yet calculated CVE-2023-48283
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery. This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7. 2023-11-30 not yet calculated CVE-2023-48284
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS. This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3. 2023-11-30 not yet calculated CVE-2023-48289
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS. This issue affects Display Custom Post: from n/a through 2.2.1. 2023-11-30 not yet calculated CVE-2023-48317
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebDorado SpiderVPlayer allows Stored XSS. This issue affects SpiderVPlayer: from n/a through 1.5.22. 2023-11-30 not yet calculated CVE-2023-48320
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS. This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1. 2023-11-30 not yet calculated CVE-2023-48321
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS. This issue affects eDoc Employee Job Application – Best WordPress Job Manager for Employees: from n/a through 1.13. 2023-11-30 not yet calculated CVE-2023-48322
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery. This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4. 2023-11-30 not yet calculated CVE-2023-48323
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pixelite Events Manager allows Reflected XSS. This issue affects Events Manager: from n/a through 6.4.5. 2023-11-30 not yet calculated CVE-2023-48326
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery. This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37. 2023-11-30 not yet calculated CVE-2023-48328
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeBard Fast Custom Social Share by CodeBard allows Stored XSS. This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.1. 2023-11-30 not yet calculated CVE-2023-48329
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery. This issue affects Bulk Comment Remove: from n/a through 2. 2023-11-30 not yet calculated CVE-2023-48330
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery. This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4. 2023-11-30 not yet calculated CVE-2023-48331
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce. This issue affects Booster for WooCommerce: from n/a through 7.1.1. 2023-11-30 not yet calculated CVE-2023-48333
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery. This issue affects League Table: from n/a through 1.13. 2023-11-30 not yet calculated CVE-2023-48334
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cybernetikz Easy Social Icons allows Stored XSS. This issue affects Easy Social Icons: from n/a through 3.2.4. 2023-11-30 not yet calculated CVE-2023-48336
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS. This issue affects TriPay Payment Gateway: from n/a through 3.2.7. 2023-11-30 not yet calculated CVE-2023-48737
wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection. This issue affects License Manager for WooCommerce: from n/a through 2.2.10. 2023-11-30 not yet calculated CVE-2023-48742
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Menard Simply Exclude allows Reflected XSS. This issue affects Simply Exclude: from n/a through 2.0.6.6. 2023-11-30 not yet calculated CVE-2023-48743
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery. This issue affects Availability Calendar: from n/a through 1.2.6. 2023-11-30 not yet calculated CVE-2023-48744
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS. This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0. 2023-11-30 not yet calculated CVE-2023-48746
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme nectar Salient Core allows Reflected XSS. This issue affects Salient Core: from n/a through 2.0.2. 2023-11-30 not yet calculated CVE-2023-48748
wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments – Happyforms allows Reflected XSS. This issue affects Form builder to get in touch with visitors, grow your email list and collect payments – Happyforms: from n/a through 1.25.9. 2023-11-30 not yet calculated CVE-2023-48752
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery. This issue affects Delete Post Revisions In WordPress: from n/a through 4.6. 2023-11-30 not yet calculated CVE-2023-48754
wordpress — wordpress The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins 2023-11-27 not yet calculated CVE-2023-5653
wordpress — wordpress The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-11-30 not yet calculated CVE-2023-5772

 

wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery. This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10. 2023-11-30 not yet calculated CVE-2023-5803
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery. This issue affects Frontier Post: from n/a through 6.1. 2023-11-30 not yet calculated CVE-2023-6137
wordpress — wordpress The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-11-28 not yet calculated CVE-2023-6225

 

wordpress — wordpress The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user-controlled keys ‘key’ and ‘post_id’. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin. 2023-11-28 not yet calculated CVE-2023-6226

 

wordpress — wordpress The ‘My Calendar’ WordPress Plugin, version 2023-11-30 not yet calculated CVE-2023-6360
wordpress — wordpress The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘validate’ function and insufficient blocklisting on the ‘wpcf7_antiscript_file_name’ function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site’s server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion. 2023-12-01 not yet calculated CVE-2023-6449

 

wordpress — wordpress
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2. 2023-11-30 not yet calculated CVE-2023-44150
wordpress — wordpress
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme nectar Salient Core allows Stored XSS. This issue affects Salient Core: from n/a through 2.0.2. 2023-11-30 not yet calculated CVE-2023-48749
wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users. This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. 2023-11-30 not yet calculated CVE-2023-45066
xmachoviewer — xmachoviewer A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product’s processes, potentially leading to remote control and unauthorized access to sensitive user data. 2023-11-28 not yet calculated CVE-2023-49313
 
yokogawa_electric_corporation — stardom A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31. 2023-12-01 not yet calculated CVE-2023-5915

 

zentao_pms — zentao_pms A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439. 2023-11-30 not yet calculated CVE-2023-6439

 

zitadel — zitadel ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code can be retrieved and used to reset the users password and take over his account. Accounts with MFA or Passwordless enabled can not be taken over by this attack. This issue has been patched in versions 2.41.6, 2.40.10 and 2.39.9. 2023-11-30 not yet calculated CVE-2023-49097
zstack — cloud ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation. 2023-11-30 not yet calculated CVE-2023-46326
zumtobel — netlink_ccd_onboard Zumtobel Netlink CCD Onboard 3.74 – Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. 2023-11-29 not yet calculated CVE-2023-23324
 
zumtobel — netlink_ccd_onboard Zumtobel Netlink CCD Onboard 3.74 – Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. 2023-11-29 not yet calculated CVE-2023-23325
 
zumtobel — netlink_ccd_onboard Zumtobel Netlink CCD Onboard v3.74 – Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification. 2023-11-29 not yet calculated CVE-2023-24294
 
zyxel — atp_series_firmware An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet. 2023-11-28 not yet calculated CVE-2023-4398
zyxel — nas326/nas542 An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. 2023-11-30 not yet calculated CVE-2023-35137

Back to top