Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51010 | 1 Qd-metro | 1 Qingdao Metro | 2024-01-05 | N/A | 5.3 MEDIUM |
| An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. | |||||
| CVE-2023-51006 | 1 Zhwnl | 1 Chinese Perpetual Calendar | 2024-01-05 | N/A | 7.5 HIGH |
| An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors. | |||||
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2024-01-05 | N/A | 6.5 MEDIUM |
| Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | |||||
| CVE-2023-51103 | 1 Artifex | 1 Mupdf | 2024-01-05 | N/A | 7.5 HIGH |
| A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c. | |||||
| CVE-2023-50849 | 1 E2pdf | 1 E2pdf | 2024-01-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23. | |||||
| CVE-2023-50858 | 1 Billminozzi | 1 Anit Hacker | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34. | |||||
| CVE-2023-50853 | 1 Advancedformintegration | 1 Advanced Form Integration | 2024-01-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.This issue affects Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0. | |||||
| CVE-2023-51354 | 1 Webba-booking | 1 Webba Booking | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking: from n/a through 4.5.33. | |||||
| CVE-2023-50902 | 1 Wpexperts | 1 New User Approve | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1. | |||||
| CVE-2023-50878 | 1 Inspireui | 1 Mstore Api | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1. | |||||
| CVE-2023-51414 | 1 Donweb | 1 Envialosimple\ | 2024-01-05 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1. | |||||
| CVE-2023-51378 | 1 Eaglevisionit | 1 Rise Blocks | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1. | |||||
| CVE-2023-51358 | 1 Brightplugins | 1 Block Ips For Gravity Forms | 2024-01-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1. | |||||
| CVE-2023-51470 | 1 Boiteasite | 1 Rencontre | 2024-01-05 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. | |||||
| CVE-2023-51422 | 1 Saleswonder | 1 Webinarignition | 2024-01-05 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. | |||||
| CVE-2023-38146 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2024-01-05 | N/A | 8.8 HIGH |
| Windows Themes Remote Code Execution Vulnerability | |||||
| CVE-2023-24805 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Cups-filters | 2024-01-05 | N/A | 8.8 HIGH |
| cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. | |||||
| CVE-2023-32517 | 1 Ibericode | 1 Mailchimp | 2024-01-05 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | |||||
| CVE-2023-32101 | 1 Pexlechris | 1 Library Viewer | 2024-01-05 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6. | |||||
| CVE-2023-7152 | 1 Micropython | 1 Micropython | 2024-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7166 | 1 Xxyopen | 1 Novel-plus | 2024-01-05 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability. | |||||
| CVE-2023-31095 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-01-05 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | |||||
| CVE-2022-44589 | 1 Miniorange | 1 Google Authenticator | 2024-01-05 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. | |||||
| CVE-2023-31237 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2024-01-05 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9. | |||||
| CVE-2023-31229 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2024-01-05 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9. | |||||
| CVE-2023-51433 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51435 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 7.1 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51434 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 7.8 HIGH |
| Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. | |||||
| CVE-2023-7150 | 1 Campcodes | 1 Chic Beauty Salon | 2024-01-05 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability. | |||||
| CVE-2023-6939 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service. | |||||
| CVE-2023-51431 | 1 Hihonor | 1 Phoneservice | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2023-51430 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51432 | 1 Hihonor | 1 Magic Ui | 2024-01-05 | N/A | 5.5 MEDIUM |
| Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-52152 | 1 Cybergarage | 1 Mupnp For C | 2024-01-05 | N/A | 7.5 HIGH |
| mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation. | |||||
| CVE-2023-52081 | 1 Ewen-lbh | 1 Firefox Css | 2024-01-05 | N/A | 5.3 MEDIUM |
| ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex `[-_ .]`. The `lookupPreprocess()` can be easily bypassed with equivalent Unicode characters like U+FE4D (?), which would result in the omitted U+005F (_), for instance. The `lookupPreprocess()` function is only ever used to search for themes loosely (case insensitively, while ignoring dashes, underscores and dots), so the actual security impact is classified as low. This vulnerability is fixed in 0.2.0. There are no known workarounds. | |||||
| CVE-2014-125109 | 1 Bestwebsoft | 1 Portfolio | 2024-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956. | |||||
| CVE-2023-6114 | 1 Awesomemotive | 1 Duplicator | 2024-01-05 | N/A | 7.5 HIGH |
| The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. | |||||
| CVE-2015-10127 | 1 Bestwebsoft | 1 Pluscaptcha | 2024-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-51697 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-01-05 | N/A | 7.5 HIGH |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-7159 | 1 Masterlab | 1 Masterlab | 2024-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability. | |||||
| CVE-2023-51665 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-01-05 | N/A | 7.5 HIGH |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-7157 | 1 Mayurik | 1 Free And Open Source Inventory Management System | 2024-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179. | |||||
| CVE-2023-7156 | 1 Campcodes | 1 Online College Library System | 2024-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-23634 | 1 Documize | 1 Documize | 2024-01-05 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | |||||
| CVE-2023-7158 | 1 Micropython | 1 Micropython | 2024-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. | |||||
| CVE-2023-50445 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2024-01-05 | N/A | 7.8 HIGH |
| Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. | |||||
| CVE-2021-24830 | 1 Vasyltech | 1 Advanced Access Manager | 2024-01-05 | 3.5 LOW | 4.8 MEDIUM |
| The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2020-35935 | 1 Vasyltech | 1 Advanced Access Manager | 2024-01-05 | 6.0 MEDIUM | 8.8 HIGH |
| The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) | |||||
| CVE-2020-35934 | 1 Vasyltech | 1 Advanced Access Manager | 2024-01-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin). | |||||
| CVE-2014-6059 | 1 Vasyltech | 1 Advanced Access Manager | 2024-01-05 | 6.5 MEDIUM | 7.2 HIGH |
| WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability | |||||