Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32592 | 1 Fast-search-powered-by-solr Project | 1 Fast-search-powered-by-solr | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. | |||||
| CVE-2023-32587 | 1 Wpreactions | 1 Wp Reactions Lite | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin <= 1.3.8 versions. | |||||
| CVE-2023-32501 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions. | |||||
| CVE-2023-32500 | 1 Xtemos | 1 Woodmart | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions. | |||||
| CVE-2023-32125 | 1 Danielpowney | 1 Multi Rating | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions. | |||||
| CVE-2023-32093 | 1 Tpginc | 1 Tpg Redirect | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions. | |||||
| CVE-2023-32092 | 1 Peepso | 1 Peepso | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions. | |||||
| CVE-2023-31235 | 1 Xnau | 1 Participants Database | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions. | |||||
| CVE-2023-36014 | 1 Microsoft | 1 Edge Chromium | 2023-11-15 | N/A | 7.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-32502 | 1 Cyberwire | 1 Pro Mime Types | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions. | |||||
| CVE-2023-46643 | 1 Cloudnet360 | 1 Cloudnet360 | 2023-11-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions. | |||||
| CVE-2023-47181 | 1 Northernbeacheswebsites | 1 Ideapush | 2023-11-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <= 8.52 versions. | |||||
| CVE-2022-44738 | 1 Patrickrobrecht | 1 Posts And Users Stats | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | |||||
| CVE-2023-6079 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: appears to be a duplicate of CVE-2023-40206 | |||||
| CVE-2023-45269 | 1 Coleds | 1 Simple Seo | 2023-11-15 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions. | |||||
| CVE-2023-0330 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-11-15 | N/A | 6.0 MEDIUM |
| A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | |||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | |||||
| CVE-2022-38702 | 1 Kigurumi | 1 Csv Exporter | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | |||||
| CVE-2023-23369 | 1 Qnap | 3 Media Streaming Add-on, Multimedia Console, Qts | 2023-11-15 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later | |||||
| CVE-2023-23368 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2023-11-15 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | |||||
| CVE-2023-47231 | 1 Bainternet | 1 Shortcodes Ui | 2023-11-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. | |||||
| CVE-2023-46756 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 5.3 MEDIUM |
| Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | |||||
| CVE-2023-46757 | 1 Huawei | 1 Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-46758 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | |||||
| CVE-2023-35767 | 1 Perforce | 1 Helix Core | 2023-11-15 | N/A | 7.5 HIGH |
| In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. | |||||
| CVE-2023-32298 | 1 Helgatheviking | 1 Simple User Listing | 2023-11-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Darling Simple User Listing plugin <= 1.9.2 versions. | |||||
| CVE-2023-46759 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-46764 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 5.3 MEDIUM |
| Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously. | |||||
| CVE-2023-46763 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 5.3 MEDIUM |
| Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | |||||
| CVE-2023-44115 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-5801 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 9.1 CRITICAL |
| Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2022-42882 | 1 Shambix | 1 Simple Csv\/xls Exporter | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | |||||
| CVE-2023-46765 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||
| CVE-2023-46252 | 1 Squidex.io | 1 Squidex | 2023-11-15 | N/A | 6.1 MEDIUM |
| Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global message event listener: SquidexSidebar, SquidexWidget, and SquidexFormField. The registered event listener takes some action based on the type of the received message. For example, when the SquidexFormField receives a message with the type valueChanged, the value property is updated. The SquidexFormField class is for example used in the editor-editorjs.html file, which can be accessed via the public wwwroot folder. It uses the onValueChanged method to register a callback function, which passes the value provided from the message event to the editor.render. Passing an attacker-controlled value to this function introduces a Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2022-47181 | 1 Wpexperts | 1 Email Templates Customizer And Designer | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. | |||||
| CVE-2023-47229 | 1 Vyasdipen | 1 Top 25 Social Icons | 2023-11-15 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vyas Dipen Top 25 Social Icons plugin <= 3.1 versions. | |||||
| CVE-2023-28499 | 1 Simonpedge | 1 Slide Anything-responsive Content\/html Slider And Carousel | 2023-11-15 | N/A | 5.4 MEDIUM |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin <= 2.4.9 versions. | |||||
| CVE-2023-46253 | 1 Squidex.io | 1 Squidex | 2023-11-15 | N/A | 7.2 HIGH |
| Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the `squidex.admin.restore` permission to create and restore backups. Part of these backups are the assets uploaded to an App. For each asset, the backup zip archive contains a `.asset` file with the actual content of the asset as well as a related `AssetCreatedEventV2` event, which is stored in a JSON file. Amongst other things, the JSON file contains the event type (`AssetCreatedEventV2`), the ID of the asset (`46c05041-9588-4179-b5eb-ddfcd9463e1e`), its filename (`test.txt`), and its file version (`0`). When a backup with this event is restored, the `BackupAssets.ReadAssetAsync` method is responsible for re-creating the asset. For this purpose, it determines the name of the `.asset` file in the zip archive, reads its content, and stores the content in the filestore. When the asset is stored in the filestore via the UploadAsync method, the assetId and fileVersion are passed as arguments. These are further passed to the method GetFileName, which determines the filename where the asset should be stored. The assetId is inserted into the filename without any sanitization and an attacker with squidex.admin.restore privileges to run arbitrary operating system commands on the underlying server (RCE). | |||||
| CVE-2023-5309 | 1 Puppet | 1 Puppet Enterprise | 2023-11-15 | N/A | 9.8 CRITICAL |
| Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | |||||
| CVE-2023-46243 | 1 Xwiki | 1 Xwiki | 2023-11-15 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. Users are advised to update. There are no known workarounds for this issue. | |||||
| CVE-2023-5998 | 1 Gpac | 1 Gpac | 2023-11-15 | N/A | 7.5 HIGH |
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. | |||||
| CVE-2023-32594 | 1 E2b | 1 Hyphenator | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions. | |||||
| CVE-2023-5819 | 1 Gara | 1 Amazonify | 2023-11-15 | N/A | 4.8 MEDIUM |
| The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS. | |||||
| CVE-2023-5818 | 1 Gara | 1 Amazonify | 2023-11-15 | N/A | 4.3 MEDIUM |
| The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-5982 | 1 Updraftplus | 1 Updraftplus | 2023-11-15 | N/A | 5.4 MEDIUM |
| The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information. | |||||
| CVE-2021-43419 | 1 Opayweb | 1 Opay | 2023-11-15 | N/A | 7.5 HIGH |
| An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. | |||||
| CVE-2023-43984 | 1 Advanced Export Products Orders Cron Csv Excel Project | 1 Advanced Export Products Orders Cron Csv Excel | 2023-11-15 | N/A | 7.5 HIGH |
| Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | |||||
| CVE-2023-42361 | 1 Midori-global | 1 Better Pdf Exporter | 2023-11-15 | N/A | 7.8 HIGH |
| Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export. | |||||
| CVE-2022-20715 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-15 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. | |||||
| CVE-2023-45380 | 1 Silbersaiten | 1 Order Duplicator | 2023-11-15 | N/A | 8.8 HIGH |
| In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from ps_customer/ps_address tables such as name / surname / phone number / full postal address. | |||||