Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48204 | 1 Publiccms | 1 Publiccms | 2023-11-21 | N/A | 6.5 MEDIUM |
| An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. | |||||
| CVE-2023-44248 | 1 Fortinet | 1 Fortiedr | 2023-11-21 | N/A | 5.5 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | |||||
| CVE-2023-41676 | 1 Fortinet | 1 Fortisiem | 2023-11-21 | N/A | 6.5 MEDIUM |
| An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. | |||||
| CVE-2023-47657 | 1 Grandplugins | 1 Woo Quick View And Buy Now | 2023-11-21 | N/A | 4.8 MEDIUM |
| Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin <= 1.5.8 versions. | |||||
| CVE-2023-34375 | 1 10web | 1 Seo | 2023-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions. | |||||
| CVE-2023-32957 | 1 Dazzlersoft | 1 Team Members Showcase | 2023-11-21 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions. | |||||
| CVE-2023-32796 | 1 Mingocommerce | 1 Woocommerce Product Enquiry | 2023-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions. | |||||
| CVE-2023-47512 | 1 Wphive | 1 Product Enquiry For Woocommerce | 2023-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions. | |||||
| CVE-2023-47509 | 1 Ioannup | 1 Edit Woocommerce Templates | 2023-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup Edit WooCommerce Templates plugin <= 1.1.1 versions. | |||||
| CVE-2023-4689 | 1 Webtechstreet | 1 Elementor Addon Elements | 2023-11-21 | N/A | 4.3 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-48200 | 1 Grocy Project | 1 Grocy | 2023-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component. | |||||
| CVE-2023-48197 | 1 Grocy Project | 1 Grocy | 2023-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the QR code function in the manageapikeys component. | |||||
| CVE-2023-4690 | 1 Webtechstreet | 1 Elementor Addon Elements | 2023-11-21 | N/A | 4.3 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-39199 | 1 Zoom | 4 Meetings, Rooms, Virtual Desktop Infrastructure and 1 more | 2023-11-21 | N/A | 6.5 MEDIUM |
| Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | |||||
| CVE-2023-39202 | 1 Zoom | 2 Rooms, Virtual Desktop Infrastructure | 2023-11-21 | N/A | 5.5 MEDIUM |
| Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. | |||||
| CVE-2023-39205 | 1 Zoom | 4 Meetings, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more | 2023-11-21 | N/A | 6.5 MEDIUM |
| Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2023-47518 | 1 Vfbpro | 1 Restrict Categories | 2023-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions. | |||||
| CVE-2023-47517 | 1 Pressified | 1 Sendpress | 2023-11-21 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.23.11.6 versions. | |||||
| CVE-2023-43588 | 1 Zoom | 3 Meetings, Virtual Desktop Infrastructure, Zoom | 2023-11-21 | N/A | 6.5 MEDIUM |
| Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | |||||
| CVE-2023-5561 | 1 Wordpress | 1 Wordpress | 2023-11-20 | N/A | 5.3 MEDIUM |
| WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack | |||||
| CVE-2023-39999 | 1 Wordpress | 1 Wordpress | 2023-11-20 | N/A | 4.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | |||||
| CVE-2020-13920 | 3 Apache, Debian, Oracle | 4 Activemq, Debian Linux, Communications Diameter Signaling Router and 1 more | 2023-11-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. | |||||
| CVE-2023-38177 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2023-11-20 | N/A | 6.8 MEDIUM |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2023-28723 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-34431 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access | |||||
| CVE-2022-33945 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29262 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36396 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36374 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-24379 | 1 Intel | 4 Server Board M70klp2sb, Server Board M70klp2sb Firmware, Server System M70klp4s2uhh and 1 more | 2023-11-20 | N/A | 6.7 MEDIUM |
| Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22310 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 4.7 MEDIUM |
| Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-22305 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-25949 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-26589 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 5.5 MEDIUM |
| Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-47522 | 1 Photofeed | 1 Photo Feed | 2023-11-20 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin <= 2.2.1 versions. | |||||
| CVE-2023-47520 | 1 Michaeluno | 1 Responsive Column Widgets | 2023-11-20 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Uno (miunosoft) Responsive Column Widgets plugin <= 1.2.7 versions. | |||||
| CVE-2023-47528 | 1 Sajjad67 | 1 Wp Edit Username | 2023-11-20 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajjad Hossain Sagor WP Edit Username plugin <= 1.0.5 versions. | |||||
| CVE-2023-47524 | 1 Codebard | 1 Patron Button And Widgets For Patreon | 2023-11-20 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requires PHP 8.x) in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. | |||||
| CVE-2023-47532 | 1 Themeum | 1 Wp Crowdfunding | 2023-11-20 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions. | |||||
| CVE-2023-47544 | 1 Atarim | 1 Visual Collaboration | 2023-11-20 | N/A | 6.1 MEDIUM |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions. | |||||
| CVE-2023-47546 | 1 Walterpinem | 1 Oneclick Chat To Order | 2023-11-20 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Walter Pinem OneClick Chat to Order plugin <= 1.0.4.2 versions. | |||||
| CVE-2023-47545 | 1 Fatcatapps | 1 Forms For Mailchimp By Optin Cat | 2023-11-20 | N/A | 5.4 MEDIUM |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin <= 2.5.4 versions. | |||||
| CVE-2023-47549 | 1 Spider-themes | 1 Eazydocs | 2023-11-20 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions. | |||||
| CVE-2023-47547 | 1 Wpfactory | 1 Products\, Order \& Customers Export For Woocommerce | 2023-11-20 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions. | |||||
| CVE-2023-36413 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-11-20 | N/A | 6.5 MEDIUM |
| Microsoft Office Security Feature Bypass Vulnerability | |||||
| CVE-2023-36410 | 1 Microsoft | 1 Dynamics 365 | 2023-11-20 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-41366 | 1 Sap | 1 Netweaver Application Server Abap | 2023-11-20 | N/A | 5.3 MEDIUM |
| Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application. | |||||
| CVE-2023-36641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-11-20 | N/A | 6.5 MEDIUM |
| A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. | |||||
| CVE-2023-42480 | 1 Sap | 1 Netweaver Application Server Java | 2023-11-20 | N/A | 5.3 MEDIUM |
| The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability. | |||||
| CVE-2023-36398 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-11-20 | N/A | 6.5 MEDIUM |
| Windows NTFS Information Disclosure Vulnerability | |||||