Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5966 | 1 Espocrm | 1 Espocrm | 2023-12-06 | N/A | 7.2 HIGH |
| An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | |||||
| CVE-2023-6375 | 1 Tylertech | 1 Court Case Management Plus | 2023-12-06 | N/A | 7.5 HIGH |
| Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials. | |||||
| CVE-2023-6439 | 1 Easycorp | 1 Zentao | 2023-12-06 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439. | |||||
| CVE-2023-47452 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | |||||
| CVE-2023-47453 | 1 Sohu | 1 Video Player | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. | |||||
| CVE-2023-47454 | 1 Netease | 1 Cloudmusic | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. | |||||
| CVE-2023-6440 | 1 Rems | 1 Book Borrower System | 2023-12-06 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246443. | |||||
| CVE-2023-6442 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-06 | N/A | 5.4 MEDIUM |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability. | |||||
| CVE-2023-39226 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-06 | N/A | 9.8 CRITICAL |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | |||||
| CVE-2023-47870 | 1 Gvectors | 1 Wpforo Forum | 2023-12-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6. | |||||
| CVE-2023-6298 | 1 Itextpdf | 1 Itext | 2023-12-06 | N/A | 6.5 MEDIUM |
| A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified CWEs might not apply to the software. | |||||
| CVE-2023-32123 | 1 Dream-theme | 1 The7 | 2023-12-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. | |||||
| CVE-2023-31230 | 1 Baidu-tongji-generator Project | 1 Baidu-tongji-generator | 2023-12-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2. | |||||
| CVE-2023-39166 | 1 Tagdiv | 1 Tagdiv Composer | 2023-12-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4. | |||||
| CVE-2023-6401 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-12-06 | N/A | 7.8 HIGH |
| A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6402 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-06 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423. | |||||
| CVE-2023-6438 | 1 Thecosy | 1 Icecms | 2023-12-06 | N/A | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-48752 | 1 Happyforms | 1 Happyforms | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9. | |||||
| CVE-2023-48746 | 1 Peepso | 1 Peepso | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0. | |||||
| CVE-2023-48748 | 1 Themenectar | 1 Salient Core | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2. | |||||
| CVE-2023-48749 | 1 Themenectar | 1 Salient Core | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Stored XSS.This issue affects Salient Core: from n/a through 2.0.2. | |||||
| CVE-2023-28819 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. | |||||
| CVE-2023-28477 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 5.4 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. | |||||
| CVE-2023-28475 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 6.1 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | |||||
| CVE-2023-28473 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 3.3 LOW |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. | |||||
| CVE-2023-28472 | 1 Concretecms | 1 Concrete Cms | 2023-12-06 | N/A | 5.3 MEDIUM |
| Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. | |||||
| CVE-2023-48321 | 1 Magazine3 | 1 Amp For Wp | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1. | |||||
| CVE-2023-48320 | 1 Web-dorado | 1 Spidervplayer | 2023-12-06 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a through 1.5.22. | |||||
| CVE-2023-43789 | 3 Fedoraproject, Libxpm Project, Redhat | 3 Fedora, Libxpm, Enterprise Linux | 2023-12-06 | N/A | 5.5 MEDIUM |
| A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. | |||||
| CVE-2023-34872 | 1 Freedesktop | 1 Poppler | 2023-12-06 | N/A | 5.5 MEDIUM |
| A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. | |||||
| CVE-2020-12965 | 1 Amd | 126 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 123 more | 2023-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. | |||||
| CVE-2023-48317 | 1 Vikasvatsa | 1 Display Custom Post | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.This issue affects Display Custom Post: from n/a through 2.2.1. | |||||
| CVE-2023-48278 | 1 Nitinrathod | 1 Wp Forms Puzzle Captcha | 2023-12-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1. | |||||
| CVE-2023-48272 | 1 Wpmaspik | 1 Maspik | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2. | |||||
| CVE-2023-47877 | 1 Perfmatters | 1 Perfmatters | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0. | |||||
| CVE-2023-47876 | 1 Perfmatters | 1 Perfmatters | 2023-12-06 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6. | |||||
| CVE-2023-47875 | 1 Perfmatters | 1 Perfmatters | 2023-12-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6. | |||||
| CVE-2023-47872 | 1 Gvectors | 1 Wpforo Forum | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. | |||||
| CVE-2023-47853 | 1 Mycred | 1 Mycred | 2023-12-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1. | |||||
| CVE-2023-6026 | 1 Elijaa | 1 Phpmemcachedadmin | 2023-12-06 | N/A | 9.1 CRITICAL |
| A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input. | |||||
| CVE-2023-6027 | 1 Elijaa | 1 Phpmemcachedadmin | 2023-12-06 | N/A | 5.4 MEDIUM |
| A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter. | |||||
| CVE-2023-6136 | 1 Bowo | 1 Debug Log Manager | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. | |||||
| CVE-2023-37972 | 1 Multivendorx | 1 Product Stock Manager \& Notifier For Woocommerce | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1. | |||||
| CVE-2023-4474 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-06 | N/A | 9.8 CRITICAL |
| The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-4473 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-06 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-4459 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-06 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. | |||||
| CVE-2023-40211 | 1 Pickplugins | 1 Post Grid Combo | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. | |||||
| CVE-2023-40600 | 1 Ewww | 1 Image Optimizer | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0. | |||||
| CVE-2023-40662 | 1 Followmedarling | 1 Cookies And Content Security Policy | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15. | |||||
| CVE-2023-41735 | 1 Gopiplus | 1 Email Posts To Subscribers | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2. | |||||