Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34534 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 5.1 MEDIUM | 6.8 MEDIUM |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2021-34532 | 1 Microsoft | 2 Asp.net Core, Visual Studio 2019 | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| ASP.NET Core and Visual Studio Information Disclosure Vulnerability | |||||
| CVE-2021-34485 | 1 Microsoft | 5 .net, .net Core, Powershell Core and 2 more | 2023-12-28 | 2.1 LOW | 5.0 MEDIUM |
| .NET Core and Visual Studio Information Disclosure Vulnerability | |||||
| CVE-2021-34480 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 6.8 MEDIUM | 6.8 MEDIUM |
| Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-26430 | 1 Microsoft | 1 Azure Sphere | 2023-12-28 | 2.1 LOW | 6.0 MEDIUM |
| Azure Sphere Denial of Service Vulnerability | |||||
| CVE-2021-26428 | 1 Microsoft | 1 Azure Sphere | 2023-12-28 | 2.1 LOW | 4.4 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability | |||||
| CVE-2023-51458 | 1 Adobe | 1 Experience Manager | 2023-12-28 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-51457 | 1 Adobe | 1 Experience Manager | 2023-12-28 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-47236 | 1 Ipages Flipbook Project | 1 Ipages Flipbook | 2023-12-28 | N/A | 4.9 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress.This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8. | |||||
| CVE-2023-46311 | 1 Gvectors | 1 Wpdiscuz | 2023-12-28 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | |||||
| CVE-2023-41796 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2023-12-28 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | |||||
| CVE-2023-38519 | 1 Mainwp | 1 Mainwp Dashboard | 2023-12-28 | N/A | 4.9 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3. | |||||
| CVE-2023-38513 | 1 Meowapps | 1 Photo Engine | 2023-12-28 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | |||||
| CVE-2023-49706 | 1 Linotp | 2 Linotp, Virtual Appliance | 2023-12-28 | N/A | 6.8 MEDIUM |
| Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal. | |||||
| CVE-2022-24038 | 1 Karmasis | 1 Infraskope Siem\+ | 2023-12-28 | N/A | 6.5 MEDIUM |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. | |||||
| CVE-2022-45375 | 1 Cyberchimps | 1 Ifeature Slider | 2023-12-28 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. | |||||
| CVE-2022-4014 | 1 Feehi | 1 Feehicms | 2023-12-28 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. | |||||
| CVE-2022-3968 | 1 Emlog | 1 Emlog | 2023-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547. | |||||
| CVE-2022-3950 | 1 Publiccms | 1 Publiccms | 2023-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456. | |||||
| CVE-2022-3941 | 1 Activity Log Project | 1 Activity Log | 2023-12-28 | N/A | 5.3 MEDIUM |
| A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. | |||||
| CVE-2023-25715 | 1 Gamipress | 1 Gamipress | 2023-12-28 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. | |||||
| CVE-2021-3620 | 1 Redhat | 9 Ansible Automation Platform Early Access, Ansible Engine, Enterprise Linux and 6 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-41342 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 6.8 MEDIUM | 6.8 MEDIUM |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2021-20191 | 2 Oracle, Redhat | 8 Virtualization, Ansible, Ansible Tower and 5 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. | |||||
| CVE-2021-20178 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible, Ansible Tower | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-3447 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible, Ansible Tower | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2. | |||||
| CVE-2019-10206 | 3 Debian, Opensuse, Redhat | 4 Debian Linux, Backports Sle, Leap and 1 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. | |||||
| CVE-2022-3812 | 1 Axiosys | 1 Bento4 | 2023-12-28 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3716 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | |||||
| CVE-2021-45475 | 1 Yordam | 1 Library Automation System | 2023-12-28 | N/A | 5.3 MEDIUM |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. | |||||
| CVE-2022-3497 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. VDB-210786 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3471 | 1 Oretnom23 | 1 Human Resource Management System | 2023-12-28 | N/A | 4.9 MEDIUM |
| A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715. | |||||
| CVE-2022-4830 | 1 Strangerstudios | 1 Paid Memberships Pro | 2023-12-28 | N/A | 5.4 MEDIUM |
| The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-45835 | 1 Libsyn | 1 Libsyn Publisher Hub | 2023-12-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions. | |||||
| CVE-2023-49092 | 1 Rustcrypto | 1 Rsa | 2023-12-28 | N/A | 5.9 MEDIUM |
| RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer. | |||||
| CVE-2023-22439 | 1 Gallagher | 4 Command Centre, Controller 6000, Controller 6000 Firmware and 1 more | 2023-12-28 | N/A | 4.3 MEDIUM |
| Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | |||||
| CVE-2023-6105 | 3 Linux, Microsoft, Zohocorp | 41 Linux Kernel, Windows, Manageengine Access Manager Plus and 38 more | 2023-12-28 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. | |||||
| CVE-2023-5641 | 1 Martinstools | 1 Free \& Easy Link Building | 2023-12-28 | N/A | 6.1 MEDIUM |
| The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-42183 | 1 Lockss | 1 Classic Lockss Daemon | 2023-12-28 | N/A | 5.3 MEDIUM |
| lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. | |||||
| CVE-2023-48231 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-12-28 | N/A | 4.3 MEDIUM |
| Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-46758 | 1 Amd | 122 Ryzen 3 4300u, Ryzen 3 4300u Firmware, Ryzen 3 5125c and 119 more | 2023-12-28 | N/A | 6.1 MEDIUM |
| Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. | |||||
| CVE-2023-47365 | 1 Linecorp | 1 Line | 2023-12-28 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
| CVE-2023-47364 | 1 Linecorp | 1 Line | 2023-12-28 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims | |||||
| CVE-2023-47363 | 1 Linecorp | 1 Line | 2023-12-28 | N/A | 6.5 MEDIUM |
| The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. | |||||
| CVE-2020-36754 | 1 Strangerstudios | 1 Paid Memberships Pro | 2023-12-28 | N/A | 4.3 MEDIUM |
| The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-47272 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2023-12-28 | N/A | 6.1 MEDIUM |
| Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | |||||
| CVE-2023-49734 | 1 Apache | 1 Superset | 2023-12-28 | N/A | 6.5 MEDIUM |
| An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue. | |||||
| CVE-2023-6945 | 1 Mayurik | 1 Online Student Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
| A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability. | |||||
| CVE-2023-40053 | 1 Solarwinds | 1 Serv-u | 2023-12-28 | N/A | 5.0 MEDIUM |
| A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | |||||
| CVE-2023-35185 | 1 Solarwinds | 1 Access Rights Manager | 2023-12-28 | N/A | 6.8 MEDIUM |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | |||||