Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50917 | 1 Mjdm | 1 Majordomo | 2023-12-20 | N/A | 9.8 CRITICAL |
| MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. | |||||
| CVE-2023-48375 | 1 Csharp | 1 Cws Collaborative Development Platform | 2023-12-20 | N/A | 8.8 HIGH |
| SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service. | |||||
| CVE-2023-48376 | 1 Csharp | 1 Cws Collaborative Development Platform | 2023-12-20 | N/A | 9.8 CRITICAL |
| SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | |||||
| CVE-2023-48381 | 1 Softnext | 1 Mail Sqr Expert | 2023-12-20 | N/A | 6.5 MEDIUM |
| Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | |||||
| CVE-2023-49179 | 1 Avecnous | 1 Event Post | 2023-12-20 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6. | |||||
| CVE-2023-49178 | 1 Hdwplayer | 1 Hdw Player | 2023-12-20 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0. | |||||
| CVE-2022-42003 | 4 Debian, Fasterxml, Netapp and 1 more | 4 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 1 more | 2023-12-20 | N/A | 7.5 HIGH |
| In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | |||||
| CVE-2023-49355 | 1 Jqlang | 1 Jq | 2023-12-20 | N/A | 7.5 HIGH |
| decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation. | |||||
| CVE-2023-49855 | 1 Binarycarpenter | 1 Menu Bar Cart Icon For Woocommerce | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3. | |||||
| CVE-2023-49854 | 1 Madebytribe | 1 Caddy | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7. | |||||
| CVE-2023-49844 | 1 Reviewsignal | 1 Wpperformancetester | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0. | |||||
| CVE-2023-49843 | 1 Quanticedge | 1 First Order Discount Woocommerce | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21. | |||||
| CVE-2023-49840 | 1 Palscode | 1 Multi Currency For Woocommerce | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5. | |||||
| CVE-2023-50372 | 1 Wpgogo | 1 Custom Post Type Page Template | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1. | |||||
| CVE-2023-49853 | 1 Paytr | 1 Paytr Taksit Tablosu - Woocommerce | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1. | |||||
| CVE-2023-49834 | 1 Pluginus | 1 Fox - Currency Switcher Professional For Woocommerce | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4. | |||||
| CVE-2023-49824 | 1 Pixelyoursite | 1 Product Catalog Feed | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1. | |||||
| CVE-2023-24380 | 1 Webbjocke | 1 Simple Wp Sitemap | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1. | |||||
| CVE-2023-49751 | 1 Getbutterfly | 1 Block For Font Awesome | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0. | |||||
| CVE-2023-49775 | 1 Wpcore | 1 Csv Importer | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8. | |||||
| CVE-2023-49769 | 1 Softlabbd | 1 Integrate Google Drive | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4. | |||||
| CVE-2023-48766 | 1 Svgator | 1 Svgator | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator – Add Animated SVG Easily.This issue affects SVGator – Add Animated SVG Easily: from n/a through 1.2.4. | |||||
| CVE-2023-48762 | 1 Crocoblock | 1 Jetelements For Elementor | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | |||||
| CVE-2023-46617 | 1 Wpfoxly | 1 Adfoxly | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. | |||||
| CVE-2023-6853 | 1 Kodcloud | 1 Kodexplorer | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability. | |||||
| CVE-2023-6852 | 1 Kodcloud | 1 Kodexplorer | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220. | |||||
| CVE-2023-6559 | 1 Web-soudan | 1 Mw Wp Form | 2023-12-20 | N/A | 9.8 CRITICAL |
| The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | |||||
| CVE-2023-6885 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6851 | 1 Kodcloud | 1 Kodexplorer | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219. | |||||
| CVE-2023-6850 | 1 Kodcloud | 1 Kodexplorer | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-49816 | 1 Whereyoursolutionis | 1 Fix My Feed Rss Repair | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4. | |||||
| CVE-2023-6896 | 1 Oretnom23 | 1 Simple Image Stack Website | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255. | |||||
| CVE-2023-6849 | 1 Kodcloud | 1 Kodbox | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6848 | 1 Kodcloud | 1 Kodbox | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability. | |||||
| CVE-2023-6898 | 1 Mayuri K | 1 Best Courier Management System | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256. | |||||
| CVE-2023-6909 | 1 Lfprojects | 1 Mlflow | 2023-12-20 | N/A | 7.5 HIGH |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
| CVE-2016-15032 | 1 Mh Httpbl Project | 1 Mh Httpbl | 2023-12-20 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is named a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-30122 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2023-12-20 | N/A | 7.5 HIGH |
| A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | |||||
| CVE-2023-29023 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 6.1 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-29024 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 6.5 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-29025 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 5.9 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | |||||
| CVE-2023-29031 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 7.1 HIGH |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2023-29030 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-12-20 | N/A | 7.1 HIGH |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | |||||
| CVE-2015-10105 | 1 Ip-finder | 1 Ip Blacklist Cloud | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability. | |||||
| CVE-2017-20180 | 1 Zerocoin | 1 Libzerocoin | 2023-12-20 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10102 | 1 Freshworks | 1 Freshdesk | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10087 | 1 Upthemes | 1 Designfolio-plus | 2023-12-20 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2015-10099 | 1 Codepeople | 1 Cp Appointment Calendar | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The patch is named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351. | |||||
| CVE-2015-10100 | 1 Qurl | 1 Dynamic Widgets | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability. | |||||
| CVE-2015-10101 | 1 Google Analytics Top Content Widget Project | 1 Google Analytics Top Content Widget | 2023-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The identifier of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability. | |||||