Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46871 | 1 Gpac | 1 Gpac | 2023-12-12 | N/A | 5.3 MEDIUM |
| GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. | |||||
| CVE-2023-42327 | 1 Netgate | 1 Pfsense | 2023-12-12 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | |||||
| CVE-2023-42325 | 1 Netgate | 1 Pfsense | 2023-12-12 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | |||||
| CVE-2023-6615 | 1 Typecho | 1 Typecho | 2023-12-12 | N/A | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6616 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-12 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability. | |||||
| CVE-2023-6613 | 1 Typecho | 1 Typecho | 2023-12-12 | N/A | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-36880 | 1 Microsoft | 1 Edge Chromium | 2023-12-12 | N/A | 4.8 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-23372 | 1 Qnap | 2 Qts, Quts Hero | 2023-12-12 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later | |||||
| CVE-2023-38174 | 1 Microsoft | 1 Edge Chromium | 2023-12-12 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-6459 | 1 Mattermost | 1 Mattermost Server | 2023-12-12 | N/A | 5.3 MEDIUM |
| Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs. | |||||
| CVE-2023-41171 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). | |||||
| CVE-2023-41170 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 6.1 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. | |||||
| CVE-2023-41169 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). | |||||
| CVE-2023-41168 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). | |||||
| CVE-2020-16212 | 1 Philips | 1 Patient Information Center Ix | 2023-12-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. | |||||
| CVE-2023-6588 | 1 Devolutions | 1 Workspace | 2023-12-12 | N/A | 6.5 MEDIUM |
| Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline. | |||||
| CVE-2023-6273 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-12 | N/A | 5.3 MEDIUM |
| Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-49493 | 1 Dedecms | 1 Dedecms | 2023-12-12 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | |||||
| CVE-2023-49492 | 1 Dedecms | 1 Dedecms | 2023-12-12 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | |||||
| CVE-2023-41172 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). | |||||
| CVE-2023-41905 | 1 Netscout | 1 Ngeniusone | 2023-12-12 | N/A | 5.4 MEDIUM |
| NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. | |||||
| CVE-2023-47440 | 1 Gladysassistant | 1 Gladys Assistant | 2023-12-12 | N/A | 6.5 MEDIUM |
| Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. | |||||
| CVE-2023-6599 | 1 Microweber | 1 Microweber | 2023-12-12 | N/A | 4.3 MEDIUM |
| Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-6146 | 1 Qualys | 1 Private Cloud Platform | 2023-12-12 | N/A | 5.4 MEDIUM |
| A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details. | |||||
| CVE-2023-49487 | 1 Jfinalcms Project | 1 Jfinalcms | 2023-12-12 | N/A | 5.4 MEDIUM |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. | |||||
| CVE-2023-49486 | 1 Jfinalcms Project | 1 Jfinalcms | 2023-12-12 | N/A | 5.4 MEDIUM |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. | |||||
| CVE-2023-49485 | 1 Jfinalcms Project | 1 Jfinalcms | 2023-12-12 | N/A | 5.4 MEDIUM |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. | |||||
| CVE-2023-5808 | 2 Hitachi, Microsoft | 2 Vantara Hitachi Network Attached Storage, Windows | 2023-12-12 | N/A | 6.5 MEDIUM |
| SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role. | |||||
| CVE-2023-48928 | 1 Franklin-electric | 1 System Sentinel Anyware | 2023-12-12 | N/A | 6.1 MEDIUM |
| Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-46641 | 1 Code4recovery | 1 12 Step Meeting List | 2023-12-12 | N/A | 5.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24. | |||||
| CVE-2023-43102 | 1 Zimbra | 1 Collaboration | 2023-12-12 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. | |||||
| CVE-2023-43103 | 1 Zimbra | 1 Collaboration | 2023-12-12 | N/A | 6.1 MEDIUM |
| An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. | |||||
| CVE-2023-46857 | 1 Squidex.io | 1 Squidex | 2023-12-12 | N/A | 5.4 MEDIUM |
| Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation. | |||||
| CVE-2023-49225 | 1 Ruckuswireless | 74 C110, C110 Firmware, E510 and 71 more | 2023-12-12 | N/A | 6.1 MEDIUM |
| A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. | |||||
| CVE-2022-24403 | 1 Midnightblue | 1 Tetra\ | 2023-12-12 | N/A | 4.3 MEDIUM |
| The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs. | |||||
| CVE-2023-46916 | 1 Maximawatches | 2 Maxima Max Pro Power, Maxima Max Pro Power Firmware | 2023-12-12 | N/A | 4.3 MEDIUM |
| Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor. | |||||
| CVE-2022-45362 | 1 Paytm | 1 Payment Gateway | 2023-12-12 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | |||||
| CVE-2023-41804 | 1 Brainstormforce | 1 Starter Templates | 2023-12-12 | N/A | 5.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. | |||||
| CVE-2023-49746 | 1 Softaculous | 1 Speedycache | 2023-12-12 | N/A | 4.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2. | |||||
| CVE-2023-45762 | 1 Michaeluno | 1 Responsive Column Widgets | 2023-12-12 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7. | |||||
| CVE-2023-48325 | 1 Pluginops | 1 Landing Page Builder | 2023-12-12 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. | |||||
| CVE-2023-47779 | 1 Crmperks | 1 Integration For Constant Contact And Contact Form 7\, Wpforms\, Elementor\, Ninja | 2023-12-12 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | |||||
| CVE-2023-35909 | 1 Ninjaforms | 1 Ninja Forms | 2023-12-12 | N/A | 5.3 MEDIUM |
| Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25. | |||||
| CVE-2023-45084 | 1 Softiron | 1 Hypercloud | 2023-12-12 | N/A | 6.1 MEDIUM |
| An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3. | |||||
| CVE-2023-45083 | 1 Softiron | 1 Hypercloud | 2023-12-12 | N/A | 4.4 MEDIUM |
| An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1. | |||||
| CVE-2023-39326 | 1 Golang | 1 Go | 2023-12-12 | N/A | 5.3 MEDIUM |
| A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. | |||||
| CVE-2023-6393 | 1 Redhat | 1 Build Of Quarkus | 2023-12-12 | N/A | 5.3 MEDIUM |
| A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data. | |||||
| CVE-2023-28586 | 1 Qualcomm | 626 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 623 more | 2023-12-12 | N/A | 6.5 MEDIUM |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | |||||
| CVE-2023-6566 | 1 Microweber | 1 Microweber | 2023-12-12 | N/A | 6.5 MEDIUM |
| Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-28017 | 1 Hcltech | 1 Connections | 2023-12-12 | N/A | 5.4 MEDIUM |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | |||||