Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28420 | 1 Leocaseiro | 1 Custom Options Plus | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1 versions. | |||||
| CVE-2023-46207 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2023-11-16 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6. | |||||
| CVE-2023-46636 | 1 Blackbam | 1 Custom Header Images | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in David Stöckl Custom Header Images plugin <= 1.2.1 versions. | |||||
| CVE-2023-46629 | 1 Themelocation | 1 Remove Add To Cart Woocommerce | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4. | |||||
| CVE-2023-46625 | 1 Daext | 1 Autolinks Manager | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions. | |||||
| CVE-2023-46620 | 1 Fluenx | 1 Deepl Api Translation | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions. | |||||
| CVE-2023-33207 | 1 Wielogorski | 1 Stop Referrer Spam | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielogórski Stop Referrer Spam plugin <= 1.3.0 versions. | |||||
| CVE-2023-32588 | 1 Brandbrilliance | 1 Post State Tags | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions. | |||||
| CVE-2023-32583 | 1 Walkeprashant | 1 Wp All Backup | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions. | |||||
| CVE-2023-47230 | 1 Cimatti | 1 Wordpress Contact Forms | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. | |||||
| CVE-2023-46638 | 1 Webcodin | 1 Wcp Openweather | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. | |||||
| CVE-2023-34384 | 1 Kebo Twitter Feed Project | 1 Kebo Twitter Feed | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions. | |||||
| CVE-2023-34378 | 1 Scriptburn | 1 Wp Hide Post | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions. | |||||
| CVE-2023-28419 | 1 Strangerstudios | 1 Force Display Name | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions. | |||||
| CVE-2023-6069 | 1 Froxlor | 1 Froxlor | 2023-11-16 | N/A | 8.8 HIGH |
| Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. | |||||
| CVE-2022-45835 | 1 Phonepe | 1 Phonepe | 2023-11-16 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | |||||
| CVE-2023-29975 | 1 Pfsense | 1 Pfsense | 2023-11-16 | N/A | 7.2 HIGH |
| An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. | |||||
| CVE-2023-28173 | 1 Digitalinspiration | 1 Google Xml Sitemap For Images | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions. | |||||
| CVE-2023-4379 | 1 Gitlab | 1 Gitlab | 2023-11-16 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. | |||||
| CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-11-16 | N/A | 8.8 HIGH |
| A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | |||||
| CVE-2023-5539 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-11-16 | N/A | 8.8 HIGH |
| A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | |||||
| CVE-2023-47163 | 1 Remarshal Project | 1 Remarshal | 2023-11-16 | N/A | 7.5 HIGH |
| Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition. | |||||
| CVE-2023-41285 | 1 Qnap | 1 Qumagie | 2023-11-16 | N/A | 8.8 HIGH |
| A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | |||||
| CVE-2023-39295 | 1 Qnap | 1 Qumagie | 2023-11-16 | N/A | 8.8 HIGH |
| An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later | |||||
| CVE-2023-41284 | 1 Qnap | 1 Qumagie | 2023-11-16 | N/A | 8.8 HIGH |
| A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | |||||
| CVE-2023-31077 | 1 Myrecorp | 1 Export Wp Page To Static Html\/css | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. | |||||
| CVE-2023-6076 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-11-16 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | |||||
| CVE-2023-47611 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 7.8 HIGH |
| A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system. | |||||
| CVE-2023-28694 | 1 Wbcomdesigns | 1 Buddypress Activity Social Share | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions. | |||||
| CVE-2023-28618 | 1 Infolific | 1 Enhanced Plugin Admin | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions. | |||||
| CVE-2023-28696 | 1 Themeist | 1 I Recommend This | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <= 3.9.0 versions. | |||||
| CVE-2023-47669 | 1 Cozmoslabs | 1 Profile Builder | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions. | |||||
| CVE-2023-28930 | 1 Robinphillips | 1 Mobile Banner | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions. | |||||
| CVE-2023-29425 | 1 Plainware | 1 Shiftcontroller | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions. | |||||
| CVE-2023-29238 | 1 Whydonate | 1 Wp Whydonate | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions. | |||||
| CVE-2023-28987 | 1 Wpmet | 1 Wp Ultimate Review | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. | |||||
| CVE-2023-47004 | 1 Redislabs | 1 Redisgraph | 2023-11-16 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. | |||||
| CVE-2023-48060 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-16 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add | |||||
| CVE-2023-45875 | 1 Couchbase | 1 Couchbase Server | 2023-11-16 | N/A | 7.5 HIGH |
| An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster. | |||||
| CVE-2023-48058 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-16 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run | |||||
| CVE-2023-47109 | 1 Prestashop | 1 Customer Reassurance Block | 2023-11-16 | N/A | 8.1 HIGH |
| PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4. | |||||
| CVE-2023-4632 | 1 Lenovo | 1 System Update | 2023-11-16 | N/A | 7.8 HIGH |
| An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | |||||
| CVE-2023-5760 | 1 Avast | 1 Avg Antivirus | 2023-11-16 | N/A | 7.0 HIGH |
| A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8. | |||||
| CVE-2023-47613 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 7.1 HIGH |
| A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system. | |||||
| CVE-2022-46821 | 1 Jackmail | 1 Jackmail | 2023-11-16 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22. | |||||
| CVE-2023-6001 | 1 Yugabyte | 1 Yugabytedb | 2023-11-16 | N/A | 7.5 HIGH |
| Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment. | |||||
| CVE-2023-31419 | 1 Elastic | 1 Elasticsearch | 2023-11-16 | N/A | 7.5 HIGH |
| A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | |||||
| CVE-2023-38552 | 1 Nodejs | 1 Node.js | 2023-11-16 | N/A | 7.5 HIGH |
| When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. | |||||
| CVE-2023-36478 | 2 Eclipse, Jenkins | 2 Jetty, Jenkins | 2023-11-16 | N/A | 7.5 HIGH |
| Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | |||||
| CVE-2023-44466 | 1 Linux | 1 Linux Kernel | 2023-11-16 | N/A | 8.8 HIGH |
| An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. | |||||