Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2330 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2023-11-15 | N/A | 6.5 MEDIUM |
| Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | |||||
| CVE-2023-46363 | 1 Jbig2enc Project | 1 Jbig2enc | 2023-11-15 | N/A | 5.5 MEDIUM |
| jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. | |||||
| CVE-2022-2310 | 1 Skyhighsecurity | 1 Secure Web Gateway | 2023-11-15 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG. | |||||
| CVE-2023-27445 | 1 Meril | 1 Blog Floating Button | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Floating Button plugin <= 1.4.12 versions. | |||||
| CVE-2023-27441 | 1 New Adman Project | 1 New Adman | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. | |||||
| CVE-2023-20273 | 1 Cisco | 124 Catalyst 3650, Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l and 121 more | 2023-11-15 | N/A | 7.2 HIGH |
| A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | |||||
| CVE-2023-27438 | 1 Yur4enko | 1 Wp Translitera | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions. | |||||
| CVE-2020-7331 | 1 Mcafee | 1 Endpoint Security | 2023-11-15 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | |||||
| CVE-2023-27436 | 1 Breakdance | 1 Elegant Custom Fonts | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions. | |||||
| CVE-2023-28498 | 1 Motopress | 1 Hotel Booking Lite | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions. | |||||
| CVE-2023-28497 | 1 Tribulant | 1 Slideshow Gallery | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. | |||||
| CVE-2022-0857 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in. | |||||
| CVE-2023-28495 | 1 Mythemeshop | 1 Wp Shortcode | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions. | |||||
| CVE-2021-31849 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2023-11-15 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension. | |||||
| CVE-2021-31844 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2023-11-15 | 4.6 MEDIUM | 7.3 HIGH |
| A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. | |||||
| CVE-2023-34031 | 1 Casier | 1 Bbpress Toolkit | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions. | |||||
| CVE-2023-29426 | 1 Spreadshop | 1 Spreadshop | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions. | |||||
| CVE-2023-32579 | 1 Designsandcode | 1 Forget About Shortcode Buttons | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions. | |||||
| CVE-2023-32512 | 1 Shortpixel | 1 Shortpixel Adaptive Images | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions. | |||||
| CVE-2023-29428 | 1 Superbthemes | 1 Superb Social Media Share Buttons And Follow Buttons | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions. | |||||
| CVE-2021-31841 | 1 Mcafee | 1 Mcafee Agent | 2023-11-15 | 6.9 MEDIUM | 7.3 HIGH |
| A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature. | |||||
| CVE-2023-29440 | 1 Presstigers | 1 Simple Job Board | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions. | |||||
| CVE-2023-30478 | 1 Tribulant | 1 Newsletters | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions. | |||||
| CVE-2023-36667 | 1 Couchbase | 1 Couchbase Server | 2023-11-15 | N/A | 7.5 HIGH |
| Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. | |||||
| CVE-2021-31837 | 1 Mcafee | 1 Getsusp | 2023-11-15 | 6.1 MEDIUM | 7.8 HIGH |
| Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD. | |||||
| CVE-2023-31078 | 1 Browserupdate | 1 Wp Browserupdate | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions. | |||||
| CVE-2021-31836 | 1 Mcafee | 1 Mcafee Agent | 2023-11-15 | 3.6 LOW | 7.1 HIGH |
| Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. | |||||
| CVE-2023-32739 | 1 Hamidrezasepehr | 1 Custom Cursors | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions. | |||||
| CVE-2021-31835 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-15 | 4.3 MEDIUM | 4.8 MEDIUM |
| Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized. | |||||
| CVE-2021-31831 | 1 Mcafee | 1 Database Security | 2023-11-15 | 6.5 MEDIUM | 5.5 MEDIUM |
| Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API. | |||||
| CVE-2023-32744 | 1 Woocommerce | 1 Product Recommendations | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions. | |||||
| CVE-2023-34025 | 1 Lws | 1 Lws Hide Login | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin <= 2.1.6 versions. | |||||
| CVE-2023-34024 | 1 Guillemantdavid | 1 Full Auto Tags Manager | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions. | |||||
| CVE-2023-32794 | 1 Woocommerce | 1 Product Addons | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions. | |||||
| CVE-2023-32745 | 1 Woocommerce | 1 Automatewoo | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions. | |||||
| CVE-2023-32602 | 1 Lokalyze | 1 Call Me Now | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions. | |||||
| CVE-2023-36527 | 1 Bestwebsoft | 1 Post To Csv | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | |||||
| CVE-2023-25983 | 1 Liquidweb | 1 Kb Support | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | |||||
| CVE-2023-23796 | 1 Web-settler | 1 Form Builder | 2023-11-15 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0. | |||||
| CVE-2021-23894 | 1 Mcafee | 1 Database Security | 2023-11-15 | 10.0 HIGH | 8.8 HIGH |
| Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | |||||
| CVE-2021-23886 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2023-11-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory. | |||||
| CVE-2023-46642 | 1 Sahu | 1 Sahu Tiktok Pixel For E-commerce | 2023-11-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin <= 1.2.2 versions. | |||||
| CVE-2023-23678 | 1 Wpeka | 1 Wp Cookie Consent | 2023-11-15 | N/A | 7.2 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5. | |||||
| CVE-2023-5136 | 1 Ni | 4 Diadem, Flexlogger, Topografix Data Plugin and 1 more | 2023-11-15 | N/A | 5.5 MEDIUM |
| An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. | |||||
| CVE-2023-22719 | 1 Givewp | 1 Givewp | 2023-11-15 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | |||||
| CVE-2023-47397 | 1 Webidsupport | 1 Webid | 2023-11-15 | N/A | 9.8 CRITICAL |
| WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | |||||
| CVE-2023-36024 | 1 Microsoft | 1 Edge Chromium | 2023-11-15 | N/A | 7.1 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-31093 | 1 Chronosly-events-calendar Project | 1 Chronosly-events-calendar | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions. | |||||
| CVE-2023-31088 | 1 Floating Action Button Project | 1 Floating Action Button | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin <= 1.2.1 versions. | |||||
| CVE-2023-31086 | 1 Ibenic | 1 Simple Giveaways | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions. | |||||