Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30131 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2023-12-20 | 7.2 HIGH | 7.8 HIGH |
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-29149 | 1 Microsoft | 10 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 7 more | 2023-12-20 | 4.6 MEDIUM | 7.8 HIGH |
| Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||||
| CVE-2022-29119 | 1 Microsoft | 1 Hevc Video Extensions | 2023-12-20 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-22021 | 1 Microsoft | 1 Edge Chromium | 2023-12-20 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2022-30190 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | 9.3 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.</p> <p>Please see the <a href="https://aka.ms/CVE-2022-30190-Guidance">MSRC Blog Entry</a> for important information about steps you can take to protect your system from this vulnerability.</p> | |||||
| CVE-2022-30128 | 1 Microsoft | 1 Edge Chromium | 2023-12-20 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-30127 | 1 Microsoft | 1 Edge Chromium | 2023-12-20 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-30138 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | 7.2 HIGH | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-30129 | 1 Microsoft | 1 Visual Studio Code | 2023-12-20 | 6.8 MEDIUM | 8.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2022-26934 | 1 Microsoft | 19 365 Apps, Office, Windows 10 1507 and 16 more | 2023-12-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2022-23267 | 2 Fedoraproject, Microsoft | 6 Fedora, .net, .net Core and 3 more | 2023-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-47623 | 1 Clockworkmod | 1 Scrypted | 2023-12-20 | N/A | 6.1 MEDIUM |
| Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available. | |||||
| CVE-2023-47620 | 1 Clockworkmod | 1 Scrypted | 2023-12-20 | N/A | 6.1 MEDIUM |
| Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available. | |||||
| CVE-2023-22259 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-20 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22256 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-20 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-48583 | 1 Adobe | 1 Experience Manager | 2023-12-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2023-48582 | 1 Adobe | 1 Experience Manager | 2023-12-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-48581 | 1 Adobe | 1 Experience Manager | 2023-12-20 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-22265 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-20 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-6394 | 2 Quarkus, Redhat | 2 Quarkus, Build Of Quarkus | 2023-12-20 | N/A | 9.1 CRITICAL |
| A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions. | |||||
| CVE-2023-48755 | 1 Teachpress Project | 1 Teachpress | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. | |||||
| CVE-2023-5949 | 1 Wpmudev | 1 Smartcrawl | 2023-12-20 | N/A | 7.5 HIGH |
| The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content. | |||||
| CVE-2023-49344 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49343 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-47558 | 1 Lindeni | 1 Who Hit The Page - Hit Counter | 2023-12-20 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page – Hit Counter allows SQL Injection.This issue affects Who Hit The Page – Hit Counter: from n/a through 1.4.14.3. | |||||
| CVE-2023-49342 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49153 | 1 Codeastrology | 1 Add To Cart Text Changer And Customize Button\, Add Custom Icon | 2023-12-20 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0. | |||||
| CVE-2023-49345 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49346 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-6907 | 1 Codelyfe | 1 Stupid Simple Cms | 2023-12-20 | N/A | 9.1 CRITICAL |
| A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-248269 was assigned to this vulnerability. | |||||
| CVE-2023-6906 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6886 | 1 Wang.market | 1 Wangmarket | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-49347 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. | |||||
| CVE-2023-6900 | 1 Rmountjoy92 | 1 Dashmachine | 2023-12-20 | N/A | 9.1 CRITICAL |
| A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6899 | 1 Rmountjoy92 | 1 Dashmachine | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability. | |||||
| CVE-2022-41083 | 1 Microsoft | 1 Jupyter | 2023-12-20 | N/A | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2022-41081 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2022-41043 | 1 Microsoft | 2 Office, Office Long Term Servicing Channel | 2023-12-20 | N/A | 3.3 LOW |
| Microsoft Office Information Disclosure Vulnerability | |||||
| CVE-2022-41042 | 1 Microsoft | 1 Visual Studio Code | 2023-12-20 | N/A | 7.4 HIGH |
| Visual Studio Code Information Disclosure Vulnerability | |||||
| CVE-2022-41038 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-20 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2022-41037 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-20 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2022-41036 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-20 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2022-41035 | 1 Microsoft | 1 Edge Chromium | 2023-12-20 | N/A | 5.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2022-41034 | 1 Microsoft | 1 Visual Studio Code | 2023-12-20 | N/A | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2022-41033 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.8 HIGH |
| Windows COM+ Event System Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-41032 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2023-12-20 | N/A | 7.8 HIGH |
| NuGet Client Elevation of Privilege Vulnerability | |||||
| CVE-2022-41031 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-12-20 | N/A | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2022-38053 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-20 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2022-38051 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2022-38050 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2023-12-20 | N/A | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||