Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50589 | 1 Embras | 1 Geosiap Erp | 2024-01-05 | N/A | 9.8 CRITICAL |
| Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. | |||||
| CVE-2023-7179 | 1 Online College Library System Project | 1 Online College Library System | 2024-01-05 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7178 | 1 Online College Library System Project | 1 Online College Library System | 2024-01-05 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability. | |||||
| CVE-2023-51402 | 1 Brainstormforce | 1 Ultimate Addons For Wpbakery Page Builder | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17. | |||||
| CVE-2023-51676 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-01-05 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. | |||||
| CVE-2023-51473 | 1 Pixelemu | 1 Terraclassifieds | 2024-01-05 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. | |||||
| CVE-2023-51468 | 1 Boiteasite | 1 Download Rencontre - Dating Site | 2024-01-05 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | |||||
| CVE-2023-4675 | 1 Gmbilisim | 1 Multi-disciplinary Design Optimization | 2024-01-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-50854 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2024-01-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack.This issue affects Squirrly SEO - Advanced Pack: from n/a through 2.3.8. | |||||
| CVE-2023-50571 | 1 Jeasy | 1 Easy Rules | 2024-01-05 | N/A | 7.8 HIGH |
| easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. | |||||
| CVE-2023-50572 | 1 Jline | 1 Jline | 2024-01-05 | N/A | 5.5 MEDIUM |
| An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | |||||
| CVE-2023-51385 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2024-01-05 | N/A | 6.5 MEDIUM |
| In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. | |||||
| CVE-2023-51384 | 1 Openbsd | 1 Openssh | 2024-01-05 | N/A | 5.5 MEDIUM |
| In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. | |||||
| CVE-2023-40238 | 1 Insyde | 1 Insydeh2o | 2024-01-05 | N/A | 5.5 MEDIUM |
| A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. | |||||
| CVE-2023-39539 | 1 Ami | 1 Aptio V | 2024-01-05 | N/A | 7.8 HIGH |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||||
| CVE-2023-39538 | 1 Ami | 1 Aptio V | 2024-01-05 | N/A | 7.8 HIGH |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | |||||
| CVE-2023-48706 | 1 Vim | 1 Vim | 2024-01-05 | N/A | 4.7 MEDIUM |
| Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. | |||||
| CVE-2023-51517 | 1 Codepeople | 1 Calculated Fields Form | 2024-01-05 | N/A | 5.4 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28. | |||||
| CVE-2023-51420 | 1 Soft8soft | 1 Verge3d | 2024-01-05 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | |||||
| CVE-2023-51688 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-01-05 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26. | |||||
| CVE-2023-51687 | 1 Implecode | 1 Product Catalog Simple | 2024-01-05 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6. | |||||
| CVE-2023-51527 | 1 Aipower | 1 Aipower | 2024-01-05 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2. | |||||
| CVE-2023-7078 | 1 Cloudflare | 1 Miniflare | 2024-01-05 | N/A | 8.1 HIGH |
| Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. | |||||
| CVE-2023-7079 | 1 Cloudflare | 1 Wrangler | 2024-01-05 | N/A | 5.7 MEDIUM |
| Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. | |||||
| CVE-2023-7080 | 1 Cloudflare | 1 Wrangler | 2024-01-05 | N/A | 8.0 HIGH |
| The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers. | |||||
| CVE-2023-51545 | 1 Themehigh | 1 Job Manager \& Career | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4. | |||||
| CVE-2023-51505 | 1 Pluginus | 1 Active Products Tables For Woocommerce | 2024-01-05 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6. | |||||
| CVE-2023-41967 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2024-01-05 | N/A | 4.6 MEDIUM |
| Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue affects: Gallagher Controller 6000 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), v8.60 or earlier. | |||||
| CVE-2023-50889 | 1 Fastlinemedia | 1 Beaver Builder | 2024-01-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. | |||||
| CVE-2023-50881 | 1 Vasyltech | 1 Advanced Access Manager | 2024-01-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15. | |||||
| CVE-2023-50880 | 1 Buddypress | 1 Buddypress | 2024-01-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1. | |||||
| CVE-2023-50879 | 1 Automattic | 1 Wordpress.com Editing Toolkit | 2024-01-05 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. | |||||
| CVE-2023-50901 | 1 Hasthemes | 1 Ht Mega - Absolute Addons For Elementor Page Builder | 2024-01-05 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8. | |||||
| CVE-2023-50896 | 1 Weformspro | 1 Weforms | 2024-01-05 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17. | |||||
| CVE-2021-38927 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-01-05 | N/A | 6.1 MEDIUM |
| IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322. | |||||
| CVE-2023-50332 | 1 Weseek | 1 Growi | 2024-01-05 | N/A | 6.5 MEDIUM |
| Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention. | |||||
| CVE-2023-46918 | 1 Fedirtsapana | 1 Simple Http Server Plus | 2024-01-05 | N/A | 4.6 MEDIUM |
| Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device. | |||||
| CVE-2023-51105 | 1 Artifex | 1 Mupdf | 2024-01-05 | N/A | 7.5 HIGH |
| A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c. | |||||
| CVE-2023-51106 | 1 Artifex | 1 Mupdf | 2024-01-05 | N/A | 7.5 HIGH |
| A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c. | |||||
| CVE-2023-51107 | 1 Artifex | 1 Mupdf | 2024-01-05 | N/A | 7.5 HIGH |
| A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c. | |||||
| CVE-2023-51104 | 1 Artifex | 1 Mupdf | 2024-01-05 | N/A | 7.5 HIGH |
| A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c line 527. | |||||
| CVE-2023-7126 | 1 Code-projects | 1 Automated Voting System | 2024-01-05 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability. | |||||
| CVE-2023-46987 | 1 Seacms | 1 Seacms | 2024-01-05 | N/A | 8.8 HIGH |
| SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | |||||
| CVE-2023-50470 | 1 Seacms | 1 Seacms | 2024-01-05 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-7127 | 1 Code-projects | 1 Automated Voting System | 2024-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7128 | 1 Code-projects | 1 Voting System | 2024-01-05 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249131. | |||||
| CVE-2023-50855 | 1 Samperrow | 1 Pre Party Resource Hints | 2024-01-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sam Perrow Pre* Party Resource Hints.This issue affects Pre* Party Resource Hints: from n/a through 1.8.18. | |||||
| CVE-2023-49002 | 1 Xenomtechnologies | 1 Phone Dialer-voice Call Dialer | 2024-01-05 | N/A | 7.5 HIGH |
| An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity. | |||||
| CVE-2023-49830 | 1 Brainstormforce | 1 Astra | 2024-01-05 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. | |||||
| CVE-2023-50852 | 1 Stylemixthemes | 1 Bookit | 2024-01-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. | |||||