Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34845 | 1 Bludit | 1 Bludit | 2023-12-30 | N/A | 5.4 MEDIUM |
| Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | |||||
| CVE-2023-31698 | 1 Bludit | 1 Bludit | 2023-12-30 | N/A | 5.4 MEDIUM |
| Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | |||||
| CVE-2023-5408 | 1 Redhat | 1 Openshift Container Platform | 2023-12-30 | N/A | 7.2 HIGH |
| A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster. | |||||
| CVE-2021-43890 | 1 Microsoft | 2 App Installer, Windows 10 | 2023-12-30 | 6.0 MEDIUM | 7.1 HIGH |
| <p>We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader.</p> <p>An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Please see the <strong>Security Updates</strong> table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the <strong>FAQ</strong> section.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>December 27 2023 Update:</strong></p> <p>In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the <a href="https://learn.microsoft.com/en-us/windows/msix/app-installer/installing-windows10-apps-web">ms-appinstaller URI scheme</a>.</p> <p>To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations.</p> | |||||
| CVE-2021-28446 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-30 | 2.1 LOW | 7.1 HIGH |
| Windows Portmapping Information Disclosure Vulnerability | |||||
| CVE-2023-7040 | 1 Codelyfe | 1 Stupid Simple Cms | 2023-12-30 | N/A | 6.5 MEDIUM |
| A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability. | |||||
| CVE-2023-50834 | 1 Augustinfotech | 1 Woocommerce Menu Extension | 2023-12-30 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2. | |||||
| CVE-2023-49765 | 1 Blazzdev | 1 Rate My Post | 2023-12-30 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1. | |||||
| CVE-2023-47191 | 1 Kainelabs | 1 Youzify | 2023-12-30 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2. | |||||
| CVE-2023-51102 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. | |||||
| CVE-2023-51101 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. | |||||
| CVE-2023-51100 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | |||||
| CVE-2023-51099 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | |||||
| CVE-2023-51098 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | |||||
| CVE-2023-51097 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. | |||||
| CVE-2023-51094 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | |||||
| CVE-2023-51093 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. | |||||
| CVE-2023-51092 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. | |||||
| CVE-2023-51091 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. | |||||
| CVE-2023-51090 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. | |||||
| CVE-2023-51095 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. | |||||
| CVE-2023-7111 | 1 Fabianros | 1 Library Management System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7097 | 1 Fabianros | 1 Water Billing System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability. | |||||
| CVE-2023-7096 | 1 Carmelogarcia | 1 Faculty Management System | 2023-12-30 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Faculty Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/php/crud.php. The manipulation of the argument fieldname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248948. | |||||
| CVE-2023-7091 | 1 Iteachyou | 1 Dreamer Cms | 2023-12-30 | N/A | 8.8 HIGH |
| A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-12-30 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | |||||
| CVE-2023-32747 | 1 Automattic | 1 Woocommerce Bookings | 2023-12-30 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | |||||
| CVE-2023-50832 | 1 Mondula | 1 Multi Step Form | 2023-12-30 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13. | |||||
| CVE-2023-49752 | 1 Spoonthemes | 1 Adifier | 2023-12-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. | |||||
| CVE-2023-7018 | 1 Huggingface | 1 Transformers | 2023-12-30 | N/A | 7.8 HIGH |
| Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | |||||
| CVE-2023-49812 | 1 Wppa | 1 Wp Photo Album Plus | 2023-12-30 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | |||||
| CVE-2021-33742 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-30 | 6.8 MEDIUM | 7.5 HIGH |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2021-31971 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-30 | 6.8 MEDIUM | 6.8 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2021-31959 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-30 | 6.8 MEDIUM | 6.4 MEDIUM |
| Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2020-17159 | 1 Microsoft | 1 Visual Studio Code | 2023-12-30 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | |||||
| CVE-2020-17158 | 1 Microsoft | 1 Dynamics 365 | 2023-12-30 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | |||||
| CVE-2020-17156 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2023-12-30 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2020-17152 | 1 Microsoft | 1 Dynamics 365 | 2023-12-30 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | |||||
| CVE-2020-17148 | 1 Microsoft | 1 Visual Studio Code | 2023-12-30 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | |||||
| CVE-2020-17147 | 1 Microsoft | 1 Dynamics 365 | 2023-12-30 | 3.5 LOW | 8.7 HIGH |
| Dynamics CRM Webclient Cross-site Scripting Vulnerability | |||||
| CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2023-12-30 | 6.0 MEDIUM | 8.4 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2020-17143 | 1 Microsoft | 1 Exchange Server | 2023-12-30 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Information Disclosure Vulnerability | |||||
| CVE-2020-17142 | 1 Microsoft | 1 Exchange Server | 2023-12-30 | 6.5 MEDIUM | 9.1 CRITICAL |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2020-17141 | 1 Microsoft | 1 Exchange Server | 2023-12-30 | 6.0 MEDIUM | 8.4 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||
| CVE-2020-17139 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-30 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Overlay Filter Security Feature Bypass Vulnerability | |||||
| CVE-2020-17138 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-30 | 2.1 LOW | 5.5 MEDIUM |
| Windows Error Reporting Information Disclosure Vulnerability | |||||
| CVE-2020-17137 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-30 | 4.6 MEDIUM | 7.8 HIGH |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2020-17136 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-30 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2020-17135 | 1 Microsoft | 1 Azure Devops Server | 2023-12-30 | 4.9 MEDIUM | 6.4 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2020-17134 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-30 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||