Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38786 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-11-25 | N/A | 7.8 HIGH |
| Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33898 | 1 Intel | 1 Nuc Watchdog Timer Utility | 2023-11-25 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-11448 | 1 Bell | 2 Home Hub 3000, Home Hub 3000 Firmware | 2023-11-25 | N/A | 6.1 MEDIUM |
| An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page. | |||||
| CVE-2023-46700 | 1 Luxsoft | 1 Luxcal Web Calendar | 2023-11-25 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database. | |||||
| CVE-2023-48024 | 1 Howerj | 1 Liblisp | 2023-11-25 | N/A | 6.5 MEDIUM |
| Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c | |||||
| CVE-2023-47175 | 1 Luxsoft | 1 Luxcal Web Calendar | 2023-11-25 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product. | |||||
| CVE-2023-6196 | 1 Myaudiomerchant | 1 Audio Merchant | 2023-11-25 | N/A | 8.8 HIGH |
| The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-6197 | 1 Myaudiomerchant | 1 Audio Merchant | 2023-11-25 | N/A | 5.4 MEDIUM |
| The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audio_merchant_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-48309 | 1 Nextauth.js | 1 Next-auth | 2023-11-25 | N/A | 5.3 MEDIUM |
| NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does not give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). `next-auth` `v4.24.5` contains a patch for the vulnerability. As a workaround, using a custom authorization callback for Middleware, developers can manually do a basic authentication. | |||||
| CVE-2023-48300 | 1 Epiph | 1 Embed Privacy | 2023-11-25 | N/A | 5.4 MEDIUM |
| The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue. | |||||
| CVE-2023-48078 | 1 Code-projects | 1 Simple Crud Functionality | 2023-11-25 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. | |||||
| CVE-2023-45382 | 1 Common-services | 1 Sonice Retour | 2023-11-25 | N/A | 7.5 HIGH |
| In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | |||||
| CVE-2023-47112 | 1 Pagerduty | 1 Rundeck | 2023-11-25 | N/A | 4.3 MEDIUM |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authorization checks. The output of these endpoints only exposes the name of job groups and the jobs contained within the specified project. The output is read-only and the access does not allow changes to the information. This vulnerability has been patched in version 4.17.3. Users are advised to upgrade. Users unable to upgrade may block access to the two URLs used in either Rundeck Open Source or Process Automation products at a load balancer level. | |||||
| CVE-2023-40314 | 1 Opennms | 2 Horizon, Meridian | 2023-11-25 | N/A | 6.1 MEDIUM |
| Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Moshe Apelbaum for reporting this issue. | |||||
| CVE-2023-41102 | 1 Opennds | 1 Opennds | 2023-11-25 | N/A | 7.5 HIGH |
| An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. | |||||
| CVE-2023-41101 | 1 Opennds | 1 Opennds | 2023-11-25 | N/A | 9.8 CRITICAL |
| An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution). | |||||
| CVE-2023-48031 | 1 Opensupports | 1 Opensupports | 2023-11-25 | N/A | 9.8 CRITICAL |
| OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation. | |||||
| CVE-2023-45387 | 1 Myprestamodules | 1 Exportproducts | 2023-11-25 | N/A | 9.8 CRITICAL |
| In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` | |||||
| CVE-2023-48017 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-25 | N/A | 8.8 HIGH |
| Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | |||||
| CVE-2023-48028 | 1 Kodcloud | 1 Kodbox | 2023-11-25 | N/A | 9.8 CRITICAL |
| kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | |||||
| CVE-2023-47757 | 1 Aweber | 1 Aweber | 2023-11-25 | N/A | 8.8 HIGH |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9. | |||||
| CVE-2023-6179 | 1 Honeywell | 1 Prowatch | 2023-11-25 | N/A | 7.8 HIGH |
| Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | |||||
| CVE-2023-47644 | 1 Metagauss | 1 Profilegrid | 2023-11-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. | |||||
| CVE-2023-4214 | 1 Apppresser | 1 Apppresser | 2023-11-25 | N/A | 9.8 CRITICAL |
| The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. | |||||
| CVE-2023-47649 | 1 Pricelisto | 1 Best Restaurant Menu | 2023-11-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1. | |||||
| CVE-2023-48222 | 1 Pagerduty | 1 Rundeck | 2023-11-25 | N/A | 5.4 MEDIUM |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-47642 | 1 Zulip | 1 Zulip Server | 2023-11-25 | N/A | 4.3 MEDIUM |
| Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream’s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-26535 | 1 Wppool | 1 Sheets To Wp Table Live Sync | 2023-11-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions. | |||||
| CVE-2023-5599 | 1 Dassault | 2 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 | 2023-11-25 | N/A | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code. | |||||
| CVE-2023-46935 | 1 Eyoucms | 1 Eyoucms | 2023-11-25 | N/A | 5.4 MEDIUM |
| eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. | |||||
| CVE-2023-46745 | 1 Librenms | 1 Librenms | 2023-11-25 | N/A | 7.5 HIGH |
| LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48295 | 1 Librenms | 1 Librenms | 2023-11-25 | N/A | 5.4 MEDIUM |
| LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-6188 | 1 Get-simple | 1 Getsimplecms | 2023-11-25 | N/A | 9.8 CRITICAL |
| A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735. | |||||
| CVE-2023-48025 | 1 Howerj | 1 Liblisp | 2023-11-25 | N/A | 8.1 HIGH |
| Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c | |||||
| CVE-2023-6014 | 1 Lfprojects | 1 Mlflow | 2023-11-24 | N/A | 9.8 CRITICAL |
| An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | |||||
| CVE-2023-46213 | 1 Splunk | 2 Cloud, Splunk | 2023-11-24 | N/A | 4.8 MEDIUM |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | |||||
| CVE-2023-6038 | 1 H2o | 1 H2o | 2023-11-24 | N/A | 7.5 HIGH |
| An attacker is able to read any file on the server hosting the H2O dashboard without any authentication. | |||||
| CVE-2023-48736 | 1 Color | 1 Demoiccmax | 2023-11-24 | N/A | 6.5 MEDIUM |
| In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read. | |||||
| CVE-2023-6187 | 1 Strangerstudios | 1 Paid Memberships Pro | 2023-11-24 | N/A | 8.8 HIGH |
| The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings. | |||||
| CVE-2023-47667 | 1 Paymentsplugin | 1 Wp Full Stripe Free | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 1.6.1. | |||||
| CVE-2023-47666 | 1 Code Snippets | 1 Code Snippets | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0. | |||||
| CVE-2023-47664 | 1 Plainviewplugins | 1 Plainview Protect Passwords | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4. | |||||
| CVE-2023-46734 | 1 Sensiolabs | 2 Symfony, Twig | 2023-11-24 | N/A | 6.1 MEDIUM |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. | |||||
| CVE-2023-47671 | 1 Gopiplus | 1 Vertical Scroll Recent Registered User | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0. | |||||
| CVE-2023-47670 | 1 Icansoft | 1 Korea Sns | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3. | |||||
| CVE-2023-47685 | 1 Nkb-bd | 1 Preloader Matrix | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1. | |||||
| CVE-2023-47672 | 1 Swashata | 1 Wp Category Post List Widget | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3. | |||||
| CVE-2023-47531 | 1 Droitthemes | 1 Droit Dark Mode | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.This issue affects Droit Dark Mode: from n/a through 1.1.2. | |||||
| CVE-2023-47519 | 1 Wcproducttable | 1 Woocommerce Product Table Lite | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2. | |||||
| CVE-2023-47243 | 1 Codemshop | 1 Mshop My Site | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? – MSHOP MY SITE.This issue affects ???? ????? – MSHOP MY SITE: from n/a through 1.1.6. | |||||