Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44375 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-44162 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-43738 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-44268 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-43737 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2021-42083 | 3 Linux, Microsoft, Osnexus | 3 Linux Kernel, Windows, Quantastor | 2024-01-02 | N/A | 5.4 MEDIUM |
| An authenticated attacker is able to create alerts that trigger a stored XSS attack. | |||||
| CVE-2022-45052 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2024-01-02 | N/A | 6.5 MEDIUM |
| A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server. | |||||
| CVE-2022-2422 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. | |||||
| CVE-2022-2421 | 1 Socket | 1 Socket.io-parser | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | |||||
| CVE-2022-29823 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. | |||||
| CVE-2022-29822 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | |||||
| CVE-2022-25153 | 1 Itarian | 1 Endpoint Manager Communication Client | 2024-01-02 | 7.2 HIGH | 7.8 HIGH |
| The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. | |||||
| CVE-2022-0564 | 2 Microsoft, Qlik | 2 Windows, Qlik Sense | 2024-01-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. | |||||
| CVE-2023-50724 | 1 Resque | 1 Resque | 2024-01-02 | N/A | 6.1 MEDIUM |
| Resque (pronounced like "rescue") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0. | |||||
| CVE-2023-7025 | 1 Kylinos | 1 Hedron-domain-hook | 2024-01-02 | N/A | 7.8 HIGH |
| A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2585 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more | 2024-01-02 | N/A | 8.1 HIGH |
| Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. | |||||
| CVE-2023-51656 | 1 Apache | 1 Iotdb | 2024-01-02 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | |||||
| CVE-2023-7026 | 1 Lightxun | 1 Iptv Gateway | 2024-01-02 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/web_upload_template.html. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248579. | |||||
| CVE-2023-45339 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45337 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45335 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45333 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45332 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45331 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45329 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45324 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45700 | 1 Hcltechsw | 1 Hcl Launch | 2024-01-02 | N/A | 5.4 MEDIUM |
| HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||||
| CVE-2023-46131 | 1 Grails | 1 Grails | 2024-01-02 | N/A | 7.5 HIGH |
| Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0. | |||||
| CVE-2023-49032 | 1 Ltb-project | 1 Self Service Password | 2024-01-02 | N/A | 9.8 CRITICAL |
| An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone. | |||||
| CVE-2023-3080 | 1 Jamesward | 1 Wp Mail Catcher | 2024-01-02 | N/A | 6.1 MEDIUM |
| The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-51390 | 1 Aiven | 1 Journalpump | 2024-01-02 | N/A | 7.5 HIGH |
| journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0. | |||||
| CVE-2023-45703 | 1 Hcltechsw | 1 Hcl Launch | 2024-01-02 | N/A | 7.5 HIGH |
| HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. | |||||
| CVE-2023-48721 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2023-48723 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-48719 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-48717 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-45127 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: It is a duplicate. | |||||
| CVE-2023-45126 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: It is a duplicate. | |||||
| CVE-2023-45125 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: It is a duplicate. | |||||
| CVE-2023-45124 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: It is a duplicate. | |||||
| CVE-2023-45123 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: It is a duplicate. | |||||
| CVE-2023-45122 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: It is a duplicate. | |||||
| CVE-2023-5306 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-44486 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-44485 | 2024-01-02 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2023-44484 | 1 Projectworlds | 1 Online Blood Donation Management System | 2024-01-02 | N/A | 6.1 MEDIUM |
| Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response. | |||||
| CVE-2023-25690 | 1 Apache | 1 Http Server | 2024-01-02 | N/A | 9.8 CRITICAL |
| Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. | |||||
| CVE-2022-21797 | 3 Debian, Fedoraproject, Joblib Project | 3 Debian Linux, Fedora, Joblib | 2024-01-02 | N/A | 9.8 CRITICAL |
| The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. | |||||
| CVE-2023-44982 | 1 Meowapps | 1 Perfect Images | 2024-01-02 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. | |||||
| CVE-2023-49819 | 1 Wpsc-plugin | 1 Structured Content | 2024-01-02 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3. | |||||