Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26423 | 1 Microsoft | 5 .net, .net Core, Powershell Core and 2 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-50249 | 1 Sentry | 1 Astro | 2023-12-28 | N/A | 7.5 HIGH |
| Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0. | |||||
| CVE-2023-46686 | 1 Gallagher | 1 Command Centre | 2023-12-28 | N/A | 7.1 HIGH |
| A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)). | |||||
| CVE-2023-46116 | 1 Tuta | 1 Tutanota | 2023-12-28 | N/A | 8.8 HIGH |
| Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue. | |||||
| CVE-2023-46147 | 1 Themify | 1 Themify Ultra | 2023-12-28 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2023-12-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | |||||
| CVE-2023-6562 | 1 Kakadusoftware | 1 Kakadu Sdk | 2023-12-28 | N/A | 7.5 HIGH |
| JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker. | |||||
| CVE-2023-46262 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 7.5 HIGH |
| An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | |||||
| CVE-2023-34382 | 1 Wedevs | 1 Dokan | 2023-12-28 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. | |||||
| CVE-2023-44991 | 1 Meowapps | 1 Media File Renamer - Auto \& Manual Rename | 2023-12-28 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9. | |||||
| CVE-2023-44983 | 1 Aruba | 1 Aruba Hispeed Cache | 2023-12-28 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6. | |||||
| CVE-2023-3453 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2023-12-28 | N/A | 8.1 HIGH |
| ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition. | |||||
| CVE-2022-24037 | 1 Karmasis | 1 Infraskope Siem\+ | 2023-12-28 | N/A | 8.2 HIGH |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | |||||
| CVE-2022-24036 | 1 Karmasis | 1 Infraskope Siem\+ | 2023-12-28 | N/A | 8.6 HIGH |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | |||||
| CVE-2022-41607 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2023-12-28 | N/A | 7.5 HIGH |
| All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more. | |||||
| CVE-2022-3697 | 1 Redhat | 2 Ansible, Ansible Collection | 2023-12-28 | N/A | 7.5 HIGH |
| A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. | |||||
| CVE-2021-3583 | 1 Redhat | 3 Ansible Automation Platform, Ansible Engine, Ansible Tower | 2023-12-28 | 3.6 LOW | 7.1 HIGH |
| A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
| CVE-2022-3801 | 1 Ibax | 1 Go-ibax | 2023-12-28 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability. | |||||
| CVE-2023-6913 | 1 Imoulife | 1 Imou Life | 2023-12-28 | N/A | 8.1 HIGH |
| A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks. | |||||
| CVE-2023-6711 | 1 Hitachienergy | 2 Rtu500, Rtu500 Firmware | 2023-12-28 | N/A | 7.5 HIGH |
| Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. | |||||
| CVE-2023-6280 | 1 52north | 1 Wps | 2023-12-28 | N/A | 7.5 HIGH |
| An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network. | |||||
| CVE-2020-7122 | 1 Arubanetworks | 12 Cx 6200f, Cx 6200f Firmware, Cx 6300 and 9 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000. | |||||
| CVE-2020-7121 | 1 Arubanetworks | 12 Cx 6200f, Cx 6200f Firmware, Cx 6300 and 9 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021. | |||||
| CVE-2023-45794 | 1 Siemens | 1 Mendix | 2023-12-28 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. | |||||
| CVE-2021-20678 | 1 Strangerstudios | 1 Paid Memberships Pro | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2023-6691 | 1 Cambiumnetworks | 2 Epmp Force 300-25, Epmp Force 300-25 Firmware | 2023-12-28 | N/A | 7.8 HIGH |
| Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | |||||
| CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2023-12-28 | N/A | 8.8 HIGH |
| Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | |||||
| CVE-2014-9940 | 2 Google, Linux | 2 Android, Linux Kernel | 2023-12-28 | 7.6 HIGH | 7.0 HIGH |
| The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. | |||||
| CVE-2023-39548 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-12-28 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-50835 | 1 Saurabhspeaks | 1 Advanced Category Template | 2023-12-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.This issue affects Advanced Category Template: from n/a through 0.1. | |||||
| CVE-2023-48764 | 1 Guardgiant | 1 Guardgiant | 2023-12-28 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5. | |||||
| CVE-2023-49736 | 1 Apache | 1 Superset | 2023-12-28 | N/A | 8.8 HIGH |
| A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. | |||||
| CVE-2023-6730 | 1 Huggingface | 1 Transformers | 2023-12-28 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | |||||
| CVE-2023-23845 | 1 Solarwinds | 1 Orion Platform | 2023-12-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-23840 | 1 Solarwinds | 1 Orion Platform | 2023-12-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-33225 | 1 Solarwinds | 1 Solarwinds Platform | 2023-12-28 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2023-4295 | 1 Arm | 2 Mali Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2023-12-28 | N/A | 7.8 HIGH |
| A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | |||||
| CVE-2023-1514 | 1 Hitachienergy | 1 Rtu500 Scripting Interface | 2023-12-28 | N/A | 7.5 HIGH |
| A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. | |||||
| CVE-2023-49148 | 1 Affiliatebooster | 1 Affiliate Booster | 2023-12-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5. | |||||
| CVE-2022-3549 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. | |||||
| CVE-2022-42232 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. | |||||
| CVE-2022-42250 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. | |||||
| CVE-2022-42249 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. | |||||
| CVE-2022-42243 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. | |||||
| CVE-2022-42242 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. | |||||
| CVE-2022-42241 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. | |||||
| CVE-2021-28117 | 1 Kde | 1 Discover | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) | |||||
| CVE-2023-2680 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2023-12-28 | N/A | 8.2 HIGH |
| This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750. | |||||
| CVE-2021-43209 | 1 Microsoft | 1 3d Viewer | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability | |||||
| CVE-2021-43208 | 1 Microsoft | 1 3d Viewer | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability | |||||