Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5637 | 1 Arslansoft Education Portal Project | 1 Arslansoft Education Portal | 2023-12-06 | N/A | 7.5 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1. | |||||
| CVE-2023-5635 | 1 Arslansoft Education Portal Project | 1 Arslansoft Education Portal | 2023-12-06 | N/A | 7.5 HIGH |
| Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting.This issue affects Education Portal: before v1.1. | |||||
| CVE-2023-45168 | 1 Ibm | 2 Aix, Vios | 2023-12-06 | N/A | 7.8 HIGH |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966. | |||||
| CVE-2023-5226 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. | |||||
| CVE-2023-4518 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2023-12-06 | N/A | 7.5 HIGH |
| A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured. | |||||
| CVE-2023-48813 | 1 Slims | 1 Senayan Library Management System Bulian | 2023-12-06 | N/A | 8.8 HIGH |
| Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. | |||||
| CVE-2023-5995 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects. | |||||
| CVE-2023-46690 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-06 | N/A | 8.8 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | |||||
| CVE-2023-46956 | 1 Oretnom23 | 1 Packers And Movers Management System | 2023-12-06 | N/A | 7.2 HIGH |
| SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. | |||||
| CVE-2023-47279 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-06 | N/A | 7.5 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | |||||
| CVE-2023-48016 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-12-06 | N/A | 7.5 HIGH |
| Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. | |||||
| CVE-2023-49083 | 1 Cryptography Project | 1 Cryptography | 2023-12-06 | N/A | 7.5 HIGH |
| cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. | |||||
| CVE-2023-49087 | 1 Simplesamlphp | 2 Saml2, Xml-security | 2023-12-06 | N/A | 7.5 HIGH |
| xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13. | |||||
| CVE-2023-4770 | 2 4d, Microsoft | 3 4d, Server, Windows | 2023-12-06 | N/A | 7.8 HIGH |
| An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | |||||
| CVE-2023-5965 | 1 Espocrm | 1 Espocrm | 2023-12-06 | N/A | 7.2 HIGH |
| An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | |||||
| CVE-2023-5966 | 1 Espocrm | 1 Espocrm | 2023-12-06 | N/A | 7.2 HIGH |
| An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | |||||
| CVE-2023-6375 | 1 Tylertech | 1 Court Case Management Plus | 2023-12-06 | N/A | 7.5 HIGH |
| Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials. | |||||
| CVE-2023-47452 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | |||||
| CVE-2023-47453 | 1 Sohu | 1 Video Player | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. | |||||
| CVE-2023-47454 | 1 Netease | 1 Cloudmusic | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. | |||||
| CVE-2023-47870 | 1 Gvectors | 1 Wpforo Forum | 2023-12-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6. | |||||
| CVE-2023-6401 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-12-06 | N/A | 7.8 HIGH |
| A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6402 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-06 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423. | |||||
| CVE-2020-12965 | 1 Amd | 126 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 123 more | 2023-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. | |||||
| CVE-2023-47875 | 1 Perfmatters | 1 Perfmatters | 2023-12-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6. | |||||
| CVE-2023-6136 | 1 Bowo | 1 Debug Log Manager | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. | |||||
| CVE-2023-37972 | 1 Multivendorx | 1 Product Stock Manager \& Notifier For Woocommerce | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1. | |||||
| CVE-2023-40211 | 1 Pickplugins | 1 Post Grid Combo | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. | |||||
| CVE-2023-40600 | 1 Ewww | 1 Image Optimizer | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0. | |||||
| CVE-2023-40662 | 1 Followmedarling | 1 Cookies And Content Security Policy | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15. | |||||
| CVE-2023-41735 | 1 Gopiplus | 1 Email Posts To Subscribers | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2. | |||||
| CVE-2023-44150 | 1 Properfraction | 1 Profilepress | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2. | |||||
| CVE-2023-45066 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | |||||
| CVE-2023-37928 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-06 | N/A | 8.8 HIGH |
| A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-37927 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-06 | N/A | 8.8 HIGH |
| The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-5803 | 1 Businessdirectoryplugin | 1 Business Directory | 2023-12-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10. | |||||
| CVE-2023-48754 | 1 Wapnepal | 1 Delete Post Revisions | 2023-12-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6. | |||||
| CVE-2023-48328 | 1 Imagely | 1 Nextgen Gallery | 2023-12-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37. | |||||
| CVE-2023-2264 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-06 | N/A | 7.8 HIGH |
| An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2015-8751 | 1 Jasper Project | 1 Jasper | 2023-12-05 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | |||||
| CVE-2023-6378 | 1 Qos | 1 Logback | 2023-12-05 | N/A | 7.5 HIGH |
| A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. | |||||
| CVE-2023-36685 | 1 Brainstormforce | 1 Cartflows | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12. | |||||
| CVE-2023-48963 | 1 Tenda | 2 I6, I6 Firmware | 2023-12-05 | N/A | 7.5 HIGH |
| Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. | |||||
| CVE-2023-48964 | 1 Tenda | 2 I6, I6 Firmware | 2023-12-05 | N/A | 7.5 HIGH |
| Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. | |||||
| CVE-2023-48281 | 1 Superblogme | 1 Broken Link Checker For Youtube | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery.This issue affects Broken Link Checker for YouTube: from n/a through 1.3. | |||||
| CVE-2023-48913 | 1 Iteachyou | 1 Dreamer Cms | 2023-12-05 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. | |||||
| CVE-2023-48742 | 1 Wpexperts | 1 License Manager For Woocommerce | 2023-12-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection.This issue affects License Manager for WooCommerce: from n/a through 2.2.10. | |||||
| CVE-2023-48914 | 1 Iteachyou | 1 Dreamer Cms | 2023-12-05 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. | |||||
| CVE-2023-48912 | 1 Iteachyou | 1 Dreamer Cms | 2023-12-05 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. | |||||
| CVE-2023-48279 | 1 S-sols | 1 Seraphinite Post .docx Source | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6. | |||||