aam — advanced_access_manager_restricted_content_users_&_roles_enhanced_security_and_more |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS. This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. |
2024-02-01 |
6.5 |
CVE-2023-51674 audit@patchstack.com |
advanced_iframe — advanced_iframe |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Advanced iFrame allows Stored XSS. This issue affects Advanced iFrame: from n/a through 2023.8. |
2024-02-01 |
6.5 |
CVE-2023-51690 audit@patchstack.com |
aio_libs — aiohttp |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability. |
2024-01-29 |
6.5 |
CVE-2024-23829 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
aio_libs — aiohttp |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option ‘follow_symlinks’ can be used to determine whether to follow symbolic links outside the static root directory. When ‘follow_symlinks’ is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. |
2024-01-29 |
5.9 |
CVE-2024-23334 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
aitangbao — springboot-manager |
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. |
2024-02-01 |
5.4 |
CVE-2024-24059 cve@mitre.org |
aitangbao — springboot-manager |
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. |
2024-02-01 |
5.4 |
CVE-2024-24060 cve@mitre.org |
aitangbao — springboot-manager |
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. |
2024-02-01 |
5.4 |
CVE-2024-24061 cve@mitre.org |
aitangbao — springboot-manager |
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. |
2024-02-01 |
5.4 |
CVE-2024-24062 cve@mitre.org |
anchore — stereoscope |
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope. |
2024-01-31 |
5.3 |
CVE-2024-24579 security-advisories@github.com security-advisories@github.com |
apache_software_foundation — apache_servicecomb_service-center |
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include). Users are recommended to upgrade to version 2.2.0, which fixes the issue. |
2024-01-31 |
5.8 |
CVE-2023-44312 security@apache.org security@apache.org |
appleple — a-blog_cms |
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product. |
2024-01-28 |
5.4 |
CVE-2024-23782 vultures@jpcert.or.jp vultures@jpcert.or.jp |
appwrite — appwrite |
Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the ‘/v1/avatars/favicon’ endpoint due to an incomplete fix of CVE-2023-27159. |
2024-01-30 |
5.3 |
CVE-2024-1063 vulnreport@tenable.com |
areal_sas — webserv1 |
A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users. |
2024-01-31 |
4.6 |
CVE-2023-50357 info@cert.vde.com |
artios_media — product_code_for_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Artios Media Product Code for WooCommerce allows Stored XSS. This issue affects Product Code for WooCommerce: from n/a through 1.4.4. |
2024-02-01 |
6.5 |
CVE-2023-51669 audit@patchstack.com |
b&r_industrial_automation — automation_studio |
Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal. This issue affects Automation Studio: from 4.0 through 4.12. |
2024-02-02 |
6.3 |
CVE-2021-22281 cybersecurity@ch.abb.com |
bi_excellence_software — openbi |
A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696. |
2024-02-03 |
6.3 |
CVE-2024-1198 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
bi_excellence_software — openbi |
A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308. |
2024-01-30 |
4.3 |
CVE-2024-1033 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
brave — brave_create_popup_optins_lead_generation_survey_sticky_elements_&_interactive_content |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: from n/a through 0.6.2. |
2024-02-01 |
5.9 |
CVE-2023-51534 audit@patchstack.com |
brefphp — bref |
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`. The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed. An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. This vulnerability is patched in 2.1.13. |
2024-02-01 |
6.5 |
CVE-2024-24752 security-advisories@github.com security-advisories@github.com |
brefphp — bref |
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.13. |
2024-02-01 |
4.8 |
CVE-2024-24753 security-advisories@github.com security-advisories@github.com |
cisco — multiple_products |
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices. |
2024-01-26 |
5.8 |
CVE-2024-20263 ykramarz@cisco.com |
cisco — unity_connection |
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
2024-01-26 |
4.8 |
CVE-2024-20305 ykramarz@cisco.com |
codeastro — employee_task_management_system |
A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file employee-tasks-phpattendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability. |
2024-02-03 |
5.4 |
CVE-2024-1199 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codeboxr — cbx_map_for_google_map_&_openstreetmap |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS. This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.11. |
2024-01-31 |
6.5 |
CVE-2024-22297 audit@patchstack.com |
codeboxr_team — cbx_bookmark_&_favorite |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Codeboxr Team CBX Bookmark & Favorite allows Stored XSS. This issue affects CBX Bookmark & Favorite: from n/a through 1.7.13. |
2024-02-01 |
6.5 |
CVE-2023-51514 audit@patchstack.com |
cogites — ereserv |
A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability. |
2024-01-30 |
6.1 |
CVE-2024-1026 cna@vuldb.com cna@vuldb.com |
cogites — ereserv |
A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux”> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability. |
2024-01-30 |
6.1 |
CVE-2024-1029 cna@vuldb.com cna@vuldb.com |
crate — crate |
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1. |
2024-01-30 |
5.7 |
CVE-2024-24565 security-advisories@github.com security-advisories@github.com |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23856 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23857 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23858 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23859 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23860 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23861 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23862 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23863 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23864 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23865 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23866 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23867 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23868 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23869 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23870 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23871 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23872 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23873 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23874 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23875 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23876 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23877 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23878 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23879 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23880 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23881 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23882 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuremodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23883 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23884 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23885 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemmodify.php, in the bincardinfo parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23886 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23887 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23888 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23889 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23890 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23891 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23892 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23893 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23894 cve-coordination@incibe.es |
cups_easy — cups_easy |
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. |
2024-01-26 |
6.1 |
CVE-2024-23896 cve-coordination@incibe.es |
dassault_systems — delmia_apriso |
An insertion of Sensitive Information into Log File vulnerability is affecting DELMIA Apriso Release 2019 through Release 2024 |
2024-02-01 |
4.4 |
CVE-2024-0935 3DS.Information-Security@3ds.com |
dearhive — pdf_viewer_&_3d_pdf_flipbook_dearpdf |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS. This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38. |
2024-01-31 |
6.5 |
CVE-2024-23505 audit@patchstack.com |
dell — bsafe_micro_edition_suite |
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
2024-02-02 |
5.9 |
CVE-2021-21575 security_alert@emc.com |
dell — powerscale_onefs |
Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. |
2024-02-01 |
5.5 |
CVE-2024-22430 security_alert@emc.com |
delower — wp_to_do |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Delower WP To Do allows Stored XSS. This issue affects WP To Do: from n/a through 1.2.8. |
2024-01-31 |
6.5 |
CVE-2024-22292 audit@patchstack.com |
devolutions — remote_desktop_manager |
Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. |
2024-01-31 |
5.4 |
CVE-2024-0589 security@devolutions.net |
discourse — discourse |
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`. |
2024-01-30 |
6.3 |
CVE-2024-23834 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
discourse — discourse |
discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret. |
2024-02-01 |
4.3 |
CVE-2024-24755 security-advisories@github.com security-advisories@github.com |
droitthemes — droit_elementor_addons_widgets_blocks_templates_library_for_elementor_builder |
Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5. |
2024-01-31 |
4.3 |
CVE-2024-22136 audit@patchstack.com |
easy_digital_downloads — easy_digital_downloads_sell_digital_files_ecommerce_store_&_payments_made_easy |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS. This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5. |
2024-02-01 |
6.5 |
CVE-2023-51684 audit@patchstack.com |
epiphyt — embed_privacy |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Epiphyt Embed Privacy allows Stored XSS. This issue affects Embed Privacy: from n/a through 1.8.0. |
2024-02-01 |
6.5 |
CVE-2023-51694 audit@patchstack.com |
eyoucms — eyoucms |
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
2024-02-01 |
6.1 |
CVE-2024-22927 cve@mitre.org |
eyoucms — eyoucms |
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
2024-02-01 |
6.1 |
CVE-2024-23031 cve@mitre.org |
eyoucms — eyoucms |
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
2024-02-01 |
6.1 |
CVE-2024-23032 cve@mitre.org |
eyoucms — eyoucms |
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
2024-02-01 |
6.1 |
CVE-2024-23033 cve@mitre.org |
eyoucms — eyoucms |
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. |
2024-02-01 |
6.1 |
CVE-2024-23034 cve@mitre.org |
fahad_mahmood_&_alexandre_faustino — stock_locations_for_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS. This issue affects Stock Locations for WooCommerce: from n/a through 2.5.9. |
2024-01-31 |
5.9 |
CVE-2024-22153 audit@patchstack.com |
flexera — installshield |
A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. |
2024-01-26 |
5.5 |
CVE-2023-29081 PSIRT-CNA@flexerasoftware.com |
formzu_inc — formzu_wp |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Formzu Inc. Formzu WP allows Stored XSS. This issue affects Formzu WP: from n/a through 1.6.7. |
2024-01-31 |
6.5 |
CVE-2024-22310 audit@patchstack.com |
gabriels — ftp_server |
A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287. |
2024-01-29 |
5.3 |
CVE-2024-1017 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gessler_gmbh — web_master |
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device. |
2024-02-01 |
4.4 |
CVE-2024-1040 ics-cert@hq.dhs.gov |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input. |
2024-01-26 |
6.5 |
CVE-2023-6159 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. |
2024-01-26 |
5.3 |
CVE-2023-5612 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests. |
2024-01-26 |
5.4 |
CVE-2023-5933 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
gitlab — gitlab |
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project |
2024-01-26 |
4.3 |
CVE-2024-0456 cve@gitlab.com cve@gitlab.com |
glpi_project — glpi |
GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12. |
2024-02-01 |
6.5 |
CVE-2024-23645 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
glpi_project — glpi |
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12. |
2024-02-01 |
5.9 |
CVE-2023-51446 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
goauthentik — authentik |
Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue. |
2024-01-30 |
6.5 |
CVE-2024-23647 security-advisories@github.com security-advisories@github.com |
goreleaser — goreleaser |
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release –debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0. |
2024-01-30 |
5.5 |
CVE-2024-23840 security-advisories@github.com security-advisories@github.com |
gvectors_team — comments_wpdiscuz |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS. This issue affects Comments – wpDiscuz: from n/a through 7.6.12. |
2024-02-01 |
5.9 |
CVE-2023-51691 audit@patchstack.com |
harmonic_design — hd_quiz |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Harmonic Design HD Quiz allows Stored XSS. This issue affects HD Quiz: from n/a through 1.8.11. |
2024-01-31 |
5.9 |
CVE-2024-22161 audit@patchstack.com |
hcl_software — bigfix_platform |
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. |
2024-02-03 |
6.5 |
CVE-2023-37528 psirt@hcl.com |
hcl_software — bigfix_platform |
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. |
2024-02-02 |
5.4 |
CVE-2023-37527 psirt@hcl.com |
hcl_software — bigfix_servicenow_data_flow |
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. |
2024-01-30 |
6.4 |
CVE-2023-37518 psirt@hcl.com |
hcl_software — launch_devops_deploy |
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. |
2024-02-03 |
6.2 |
CVE-2024-23550 psirt@hcl.com |
hometory — mang_board_wp |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hometory Mang Board WP allows Stored XSS. This issue affects Mang Board WP: from n/a through 1.7.7. |
2024-01-31 |
5.9 |
CVE-2024-22306 audit@patchstack.com |
honeywell — controledge_uoc
|
An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. |
2024-01-31 |
5.3 |
CVE-2023-5390 psirt@honeywell.com psirt@honeywell.com |
humansignal — label_studio |
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio’s SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack. |
2024-01-31 |
5.3 |
CVE-2023-47116 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ibm — aspera_faspex |
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. |
2024-02-02 |
4.8 |
CVE-2022-40744 psirt@us.ibm.com psirt@us.ibm.com |
ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. |
2024-02-02 |
6.5 |
CVE-2023-32333 psirt@us.ibm.com psirt@us.ibm.com |
ibm — powersc |
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 275113. |
2024-02-02 |
6.1 |
CVE-2023-50933 psirt@us.ibm.com psirt@us.ibm.com |
ibm — powersc |
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115. |
2024-02-02 |
6.5 |
CVE-2023-50935 psirt@us.ibm.com psirt@us.ibm.com |
ibm — powersc |
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109. |
2024-02-02 |
5.3 |
CVE-2023-50327 psirt@us.ibm.com psirt@us.ibm.com |
ibm — powersc |
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. |
2024-02-02 |
5.3 |
CVE-2023-50328 psirt@us.ibm.com psirt@us.ibm.com |
ibm — powersc |
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114. |
2024-02-02 |
5.3 |
CVE-2023-50934 psirt@us.ibm.com psirt@us.ibm.com |
ibm — powersc |
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131. |
2024-02-02 |
5.4 |
CVE-2023-50941 psirt@us.ibm.com psirt@us.ibm.com |
ibm — powersc |
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128. |
2024-02-02 |
4.3 |
CVE-2023-50938 psirt@us.ibm.com psirt@us.ibm.com |
ibm — powersc
|
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the “HTTP Strict Transport Security” (HSTS) web security policy mechanism. IBM X-Force ID: 276004. |
2024-02-02 |
5.9 |
CVE-2023-50962 psirt@us.ibm.com psirt@us.ibm.com |
ibm — security_verify_access_appliance |
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. |
2024-02-03 |
6.2 |
CVE-2023-31005 psirt@us.ibm.com psirt@us.ibm.com |
ibm — security_verify_access_appliance |
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776. |
2024-02-03 |
6.5 |
CVE-2023-31006 psirt@us.ibm.com psirt@us.ibm.com |
ibm — security_verify_access_appliance |
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972. |
2024-02-03 |
6.2 |
CVE-2023-32329 psirt@us.ibm.com psirt@us.ibm.com |
ibm — soar_qradar_plugin_app |
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577. |
2024-02-02 |
6.5 |
CVE-2023-38263 psirt@us.ibm.com psirt@us.ibm.com |
ibm — soar_qradar_plugin_app |
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. |
2024-02-02 |
4.3 |
CVE-2023-38020 psirt@us.ibm.com psirt@us.ibm.com |
ibm — storage_protect_plus_server |
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. |
2024-02-02 |
5.3 |
CVE-2023-47148 psirt@us.ibm.com psirt@us.ibm.com |
ibm — tivoli_application_dependency_discovery_manager |
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271. |
2024-02-02 |
6.1 |
CVE-2023-47144 psirt@us.ibm.com psirt@us.ibm.com |
ignazio_scimone — albo_pretorio_on_line |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6. |
2024-01-31 |
6.5 |
CVE-2024-22302 audit@patchstack.com |
infornweb — posts_list_designer_by_category_list_category_posts_or_recent_posts |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in InfornWeb Posts List Designer by Category – List Category Posts Or Recent Posts allows Stored XSS. This issue affects Posts List Designer by Category – List Category Posts Or Recent Posts: from n/a through 3.3.2. |
2024-01-31 |
6.5 |
CVE-2024-23502 audit@patchstack.com |
instawp — instawp_connect |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. |
2024-01-27 |
6.5 |
CVE-2024-23506 audit@patchstack.com |
itop — vpn |
A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-02-02 |
5.5 |
CVE-2024-1195 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
jhayghost — ideal_interactive_map |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4. |
2024-02-01 |
5.4 |
CVE-2023-52189 audit@patchstack.com |
joomunited — wp-smart_editor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. |
2024-02-01 |
6.1 |
CVE-2024-22148 audit@patchstack.com |
keap — keap_official_opt-in_forms |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS. This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11. |
2024-02-01 |
6.5 |
CVE-2023-52192 audit@patchstack.com |
lamassu — bitcoin_atm_douro_machines |
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js. |
2024-01-30 |
6.3 |
CVE-2024-0674 cve-coordination@incibe.es |
lamassu — bitcoin_atm_douro_machines |
Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user. |
2024-01-30 |
6.3 |
CVE-2024-0675 cve-coordination@incibe.es |
lamassu — bitcoin_atm_douro_machines |
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack. |
2024-01-30 |
5.6 |
CVE-2024-0676 cve-coordination@incibe.es |
lightcms_project — lightcms |
LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management – Articles field. |
2024-01-29 |
5.4 |
CVE-2024-22559 cve@mitre.org |
linecorp — line |
An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48126 cve@mitre.org |
linecorp — line |
An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48127 cve@mitre.org |
linecorp — line |
An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48128 cve@mitre.org |
linecorp — line |
An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48129 cve@mitre.org |
linecorp — line |
An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48130 cve@mitre.org |
linecorp — line |
An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48131 cve@mitre.org |
linecorp — line |
An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48132 cve@mitre.org |
linecorp — line |
An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48133 cve@mitre.org |
linecorp — line |
An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
2024-01-26 |
5.4 |
CVE-2023-48135 cve@mitre.org |
linux — glibc |
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. |
2024-01-31 |
5.3 |
CVE-2023-6780 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux — kernel |
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server – including access to its local file system. This issue affects AppBuilder: from 21.2 before 23.2. |
2024-01-29 |
5.5 |
CVE-2023-4552 security@opentext.com |
linux — kernel |
A flaw was found in the Linux kernel’s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is “max page sharing=256”, it is possible for the attacker to time the unmap to merge with the victim’s page. The unmapping time depends on whether it merges with the victim’s page and additional physical pages are created beyond the KSM’s “max page share”. Through these operations, the attacker can leak the victim’s page. |
2024-01-30 |
5.3 |
CVE-2024-0564 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
live_composer_team — page_builder_live_composer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS. This issue affects Page Builder: Live Composer: from n/a through 1.5.23. |
2024-02-01 |
6.5 |
CVE-2023-52193 audit@patchstack.com |
lj_apps — wp_review_slider |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LJ Apps WP Review Slider allows Stored XSS. This issue affects WP Review Slider: from n/a through 12.7. |
2024-02-01 |
5.9 |
CVE-2023-51685 audit@patchstack.com |
lobehub — lobe_chat |
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4. |
2024-01-31 |
5.3 |
CVE-2024-24566 security-advisories@github.com security-advisories@github.com |
magazine3 — schema_&_structured_data_for_wp_&_amp |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS. This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23. |
2024-02-01 |
6.5 |
CVE-2023-51677 audit@patchstack.com |
magazine3 — schema_&_structured_data_for_wp_&_amp |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS. This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25. |
2024-01-31 |
6.5 |
CVE-2024-22146 audit@patchstack.com |
mailcow — mailcow_dockerized |
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn’t respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. |
2024-02-02 |
4.7 |
CVE-2024-23824 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
markusbegerow — wp-adv-quiz |
The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2024-01-29 |
4.8 |
CVE-2023-5956 contact@wpscan.com |
math_game — math_game |
The ‘Your Name’ field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. |
2024-01-29 |
6.1 |
CVE-2024-24136 cve@mitre.org |
megabip — megabip |
Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability). |
2024-01-29 |
5.4 |
CVE-2023-5378 cvd@cert.pl cvd@cert.pl cvd@cert.pl cvd@cert.pl |
michael_uno_miunosoft — auto_amazon_links_amazon_associates_affiliate_plugin |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michael Uno (miunosoft) Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS. This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1. |
2024-02-01 |
6.5 |
CVE-2023-52175 audit@patchstack.com |
microsoft — edge_chromium |
Microsoft Edge for Android Spoofing Vulnerability |
2024-01-26 |
5.3 |
CVE-2024-21387 secure@microsoft.com |
microsoft — edge_chromium |
Microsoft Edge for Android Information Disclosure Vulnerability |
2024-01-26 |
4.3 |
CVE-2024-21382 secure@microsoft.com |
microsoft — edge_chromium_based |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
2024-01-30 |
6.5 |
CVE-2024-21388 secure@microsoft.com |
mitsubishi_electric_corporation — melsec_ws_series_ws0-geth00200 |
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules. |
2024-01-30 |
5.9 |
CVE-2023-6374 Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp |
moby — buildkit |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources. |
2024-01-31 |
5.3 |
CVE-2024-23650 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
moby — moby |
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases. |
2024-02-01 |
6.9 |
CVE-2024-24557 security-advisories@github.com security-advisories@github.com |
naa986 — easy_video_play_plugin |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in naa986 Easy Video Player allows Stored XSS. This issue affects Easy Video Player: from n/a through 1.2.2.10. |
2024-02-01 |
6.5 |
CVE-2023-51689 audit@patchstack.com |
nahsra — antisamy |
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. Patched in AntiSamy 1.7.5 and later. |
2024-02-02 |
6.1 |
CVE-2024-23635 security-advisories@github.com |
national_keep_cyber_security_services — cybermath |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS. This issue affects CyberMath: from v.1.4 before v.1.5. |
2024-02-02 |
6.1 |
CVE-2023-6673 iletisim@usom.gov.tr |
national_keep_cyber_security_services — cybermath |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS. This issue affects CyberMath: from v1.4 before v1.5. |
2024-02-02 |
5.4 |
CVE-2023-6672 iletisim@usom.gov.tr |
neil_gee — slicknav_mobile_menu |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS. This issue affects SlickNav Mobile Menu: from n/a through 1.9.2. |
2024-02-01 |
5.9 |
CVE-2023-51548 audit@patchstack.com |
netbox — netbox |
A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <
>test
leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-26 |
6.1 |
CVE-2024-0948 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
njtech — greencms |
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
2024-01-29 |
5.4 |
CVE-2024-22570 cve@mitre.org |
octoprint — octoprint |
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0. |
2024-01-31 |
4.2 |
CVE-2024-23637 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
opencryptoki — opencryptoki |
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. |
2024-01-31 |
5.9 |
CVE-2024-0914 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
openfga — openfga |
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue. |
2024-01-26 |
6.5 |
CVE-2024-23820 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
openharmony — openharmony |
in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write. |
2024-02-02 |
4.2 |
CVE-2023-45734 scy@openharmony.io |
openharmony — openharmony |
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. |
2024-02-02 |
4.7 |
CVE-2024-0285 scy@openharmony.io |
openharmony — openharmony |
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. |
2024-02-02 |
4.7 |
CVE-2024-21863 scy@openharmony.io |
opensc — opensc |
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. |
2024-01-31 |
5.6 |
CVE-2023-5992 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
openssl — openssl |
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. |
2024-01-26 |
5.5 |
CVE-2024-0727 openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org |
opentext — appbuilder |
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. |
2024-01-29 |
5.3 |
CVE-2023-4553 security@opentext.com |
opentext — appbuilder |
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder’s XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. |
2024-01-29 |
4.9 |
CVE-2023-4554 security@opentext.com |
otrs — otrs |
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. |
2024-01-29 |
6.5 |
CVE-2024-23792 security@otrs.com |
palantir — blackbird-witchcraft |
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. |
2024-01-29 |
6.5 |
CVE-2023-30970 cve-coordination@palantir.com |
peepso — community_by_peepso_social_network_membership_registration_user_profiles |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS. This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a before 6.3.1.0. |
2024-01-31 |
6.5 |
CVE-2024-22158 audit@patchstack.com |
pegasystems — pega_platform |
Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. |
2024-01-31 |
6.1 |
CVE-2023-50166 security@pega.com |
pickplugins — related_post |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins Related Post allows Stored XSS. This issue affects Related Post: from n/a through 2.0.53. |
2024-02-01 |
6.5 |
CVE-2023-51666 audit@patchstack.com |
pixee — java_security_toolkit |
The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow “escaping” into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2. |
2024-02-01 |
5.4 |
CVE-2024-24569 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
pixee — java_security_toolkit |
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. |
2024-02-01 |
4.5 |
CVE-2024-0831 security@hashicorp.com security@hashicorp.com |
plotly — dash_core_components |
Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that’s visible to another user who opens that view – not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user. |
2024-02-02 |
6.5 |
CVE-2024-21485 report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
posts_to_page — kerry_james |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Posts to Page Kerry James allows Stored XSS. This issue affects Kerry James: from n/a through 1.7. |
2024-02-01 |
6.5 |
CVE-2023-52195 audit@patchstack.com |
qiniu — rebuild |
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability. |
2024-01-29 |
6.3 |
CVE-2024-1021 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
qiniu — rebuild |
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455. |
2024-01-31 |
4.3 |
CVE-2024-1098 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
qnap_systems_inc — photo_station |
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 (2023/12/15) and later |
2024-02-02 |
5.5 |
CVE-2023-47561 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
6.6 |
CVE-2023-39302 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.3 |
CVE-2023-39303 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41273 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41275 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41276 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41277 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41278 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41279 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41280 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41281 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41282 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41283 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-45026 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-45027 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-45028 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
4.7 |
CVE-2023-47567 security@qnapsecurity.com.tw |
qnap_systems_inc — qts
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
5.5 |
CVE-2023-41274 security@qnapsecurity.com.tw |
qnap_systems_inc — qutscloud |
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later |
2024-02-02 |
5 |
CVE-2023-32967 security@qnapsecurity.com.tw |
qnap_systems_inc — qts |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later |
2024-02-02 |
6.7 |
CVE-2023-47566 security@qnapsecurity.com.tw |
rapid_software_llc — rapid_scada |
In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. |
2024-02-02 |
6.2 |
CVE-2024-21869 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rapid_software_llc — rapid_scada |
In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. |
2024-02-02 |
6.5 |
CVE-2024-22096 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rapid_software_llc — rapid_scada |
In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. |
2024-02-02 |
5.4 |
CVE-2024-21794 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rapid_software_llc — rapid_scada |
In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. |
2024-02-02 |
5.3 |
CVE-2024-21866 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
rebic — jspxcms |
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability. |
2024-02-03 |
5.3 |
CVE-2024-1200 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
red_hat — multiple_products |
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn’t match the format string used by it, leading to a crash under certain circumstances. |
2024-01-29 |
6.2 |
CVE-2023-40546 secalert@redhat.com secalert@redhat.com |
red_hat — multiple_products |
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. |
2024-01-29 |
6.2 |
CVE-2023-40549 secalert@redhat.com secalert@redhat.com |
red_hat — multiple_products |
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system’s boot phase. |
2024-01-29 |
5.5 |
CVE-2023-40550 secalert@redhat.com secalert@redhat.com |
red_hat — multiple_products |
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system’s boot phase. |
2024-01-29 |
5.1 |
CVE-2023-40551 secalert@redhat.com secalert@redhat.com |
red_hat — multiple_products |
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. |
2024-01-29 |
4.9 |
CVE-2023-40548 secalert@redhat.com secalert@redhat.com |
redhat — keycloak |
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. |
2024-01-26 |
6.1 |
CVE-2023-6291 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
rems — online_food_menu |
Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the ‘Menu Name’ and ‘Description’ fields in the Update Menu section. |
2024-01-29 |
4.8 |
CVE-2024-24134 cve@mitre.org |
robosoft — photo_gallery_images_slider_in_rbs_image_gallery |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS. This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17. |
2024-01-31 |
5.9 |
CVE-2024-22295 audit@patchstack.com |
russelljamieson — footer_putter |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Russell Jamieson Footer Putter allows Stored XSS. This issue affects Footer Putter: from n/a through 1.17. |
2024-02-01 |
5.4 |
CVE-2023-52188 audit@patchstack.com |
scribit — shortcodes_finder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5. |
2024-02-01 |
6.1 |
CVE-2024-21750 audit@patchstack.com |
seo_panel — seo_panel |
A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. |
2024-01-30 |
6.5 |
CVE-2024-22643 cve@mitre.org |
seopanel — seo_panel |
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. |
2024-01-30 |
5.3 |
CVE-2024-22646 cve@mitre.org |
seopanel — seo_panel |
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. |
2024-01-30 |
5.3 |
CVE-2024-22647 cve@mitre.org |
seopanel — seo_panel |
A Blind SSRF vulnerability exists in the “Crawl Meta Data” functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. |
2024-01-30 |
5.3 |
CVE-2024-22648 cve@mitre.org |
sew_eurodrive — movitools_motionstudio |
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur. |
2024-02-01 |
5.5 |
CVE-2024-1167 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
shanxi_diankeyun_technology — noderp |
A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-29 |
5.3 |
CVE-2024-1005 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
shopsite — shopsite |
An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. |
2024-01-26 |
6.1 |
CVE-2024-22550 cve@mitre.org |
sni — thruk |
Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue. |
2024-01-29 |
5.4 |
CVE-2024-23822 security-advisories@github.com security-advisories@github.com |
softtaculous_ampps — ampps |
A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written. |
2024-02-02 |
5.3 |
CVE-2024-1189 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
solar — ftp_server |
A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability. |
2024-01-29 |
5.3 |
CVE-2024-1016 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester — employee_management_system |
A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280. |
2024-01-29 |
4.3 |
CVE-2024-1011 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester — facebook_news_feed_like |
A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300. |
2024-01-30 |
6.3 |
CVE-2024-1027 cna@vuldb.com cna@vuldb.com |
sourcecodester — qr_code_login_system |
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched remotely. VDB-252470 is the identifier assigned to this vulnerability. |
2024-01-31 |
4.3 |
CVE-2024-1111 cna@vuldb.com cna@vuldb.com |
sourcecodester — testimonial_page_manager |
A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability. |
2024-02-02 |
4.3 |
CVE-2024-1196 cna@vuldb.com cna@vuldb.com |
spbu_se — spbu_se_site |
spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is due to no limitation of the length of the filename and the costly use of the Unicode normalization with the form NFKD on Windows OS. This vulnerability was fixed in the 2024.01.29 release. |
2024-01-29 |
6.8 |
CVE-2024-23826 security-advisories@github.com security-advisories@github.com |
splunk — splunk_add_on_builder |
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. |
2024-01-30 |
6.8 |
CVE-2023-46231 prodsec@splunk.com |
sunlight-cms — sunlight_cms |
Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. |
2024-01-27 |
5.4 |
CVE-2023-48201 cve@mitre.org |
sunlight-cms — sunlight_cms |
Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. |
2024-01-27 |
5.4 |
CVE-2023-48202 cve@mitre.org |
superantispyware — superantispyware_pro_x |
SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. |
2024-01-29 |
5.8 |
CVE-2024-0788 help@fluidattacks.com help@fluidattacks.com |
swapnilsahu — stock_management_system |
A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203. |
2024-01-27 |
5.4 |
CVE-2024-0958 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
synaptics — fingerprint_driver |
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. |
2024-01-27 |
5.2 |
CVE-2023-6482 PSIRT@synaptics.com |
takayuki_miyauchi — oembed_gist |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS. This issue affects oEmbed Gist: from n/a through 4.9.1. |
2024-02-01 |
6.5 |
CVE-2023-52194 audit@patchstack.com |
theme-junkie — tj_shortcodes |
The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
2024-01-29 |
5.4 |
CVE-2023-6530 contact@wpscan.com contact@wpscan.com |
themify_icons — themify_icons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themify Icons allows Stored XSS. This issue affects Themify Icons: from n/a through 2.0.1. |
2024-02-01 |
6.5 |
CVE-2023-51693 audit@patchstack.com |
torbjon — infogram_add_charts_maps_and_infographics |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Torbjon Infogram – Add charts, maps and infographics allows Stored XSS. This issue affects Infogram – Add charts, maps and infographics: from n/a through 1.6.1. |
2024-02-01 |
6.5 |
CVE-2023-52191 audit@patchstack.com |
totolink — n200re-v5_firmware |
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-26 |
4.3 |
CVE-2024-0942 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink — n350rt_firmware |
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-26 |
6.5 |
CVE-2024-0943 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink — t8_firmware |
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-26 |
5.3 |
CVE-2024-0944 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
upstream — upstream |
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. |
2024-02-01 |
5.5 |
CVE-2024-1141 secalert@redhat.com secalert@redhat.com |
ushainformatique — whatacart |
WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. |
2024-01-26 |
6.1 |
CVE-2024-22551 cve@mitre.org |
vantage6 — vantage6 |
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability. |
2024-01-30 |
6.5 |
CVE-2024-21653 security-advisories@github.com security-advisories@github.com |
virusblokada — vba32_antivirus |
Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. |
2024-01-29 |
5.5 |
CVE-2024-23441 help@fluidattacks.com help@fluidattacks.com |
vyperlang — vyper |
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions. |
2024-01-30 |
4.8 |
CVE-2024-24567 security-advisories@github.com security-advisories@github.com |
wanhu — ezoffice |
A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This issue affects some unknown processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp. The manipulation of the argument recordId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252281 was assigned to this vulnerability. |
2024-01-31 |
6.3 |
CVE-2024-1012 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
willyxj — facilemanager |
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql variable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable. |
2024-01-31 |
6.5 |
CVE-2024-24572 security-advisories@github.com security-advisories@github.com |
willyxj — facilemanager |
facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation. |
2024-01-31 |
5.4 |
CVE-2024-24571 security-advisories@github.com security-advisories@github.com |
wordpress — wordpress |
The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘userpro’ shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-01-31 |
6.4 |
CVE-2023-2439 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19. |
2024-02-01 |
6.5 |
CVE-2023-51532 audit@patchstack.com |
wordpress — wordpress |
The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
2024-01-29 |
6.1 |
CVE-2023-6278 contact@wpscan.com |
wordpress — wordpress |
The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the “wptbto” parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. |
2024-01-29 |
6.1 |
CVE-2023-6389 contact@wpscan.com contact@wpscan.com |
wordpress — wordpress |
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘advanced_iframe’ shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-02-01 |
6.4 |
CVE-2023-7069 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-01-30 |
6.4 |
CVE-2023-7225 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Cloudflare WordPress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. |
2024-01-29 |
6.5 |
CVE-2024-0212 cna@cloudflare.com cna@cloudflare.com |
wordpress — wordpress |
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the ‘execute’ function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the ‘BoosterController’ class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-01-27 |
6.3 |
CVE-2024-0667 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied ‘location’ attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-02-02 |
6.4 |
CVE-2024-0963 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filter_array’ parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-02-02 |
6.4 |
CVE-2024-1073 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1. |
2024-01-31 |
6.5 |
CVE-2024-22150 audit@patchstack.com |
wordpress — wordpress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WPCS – WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS – WordPress Currency Switcher Professional: from n/a through 1.2.0. |
2024-02-01 |
5.5 |
CVE-2023-51506 audit@patchstack.com |
wordpress — wordpress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2. |
2024-02-01 |
5.9 |
CVE-2023-51536 audit@patchstack.com |
wordpress — wordpress |
The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitization as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
2024-01-29 |
5.4 |
CVE-2023-6503 contact@wpscan.com contact@wpscan.com |
wordpress — wordpress |
The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. |
2024-01-29 |
5.4 |
CVE-2023-7089 contact@wpscan.com |
wordpress — wordpress |
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request |
2024-01-29 |
5.3 |
CVE-2023-7199 contact@wpscan.com contact@wpscan.com |
wordpress — wordpress |
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export. |
2024-02-02 |
5.9 |
CVE-2024-0685 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-01-27 |
5.4 |
CVE-2024-0824 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-02-03 |
5.4 |
CVE-2024-0895 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content. |
2024-02-03 |
5.3 |
CVE-2024-0909 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. |
2024-02-02 |
5.3 |
CVE-2024-1047 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. |
2024-01-29 |
4.8 |
CVE-2023-5943 contact@wpscan.com |
wordpress — wordpress |
The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
2024-01-29 |
4.8 |
CVE-2023-6165 contact@wpscan.com contact@wpscan.com |
wordpress — wordpress |
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
2024-01-27 |
4.8 |
CVE-2023-6497 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks |
2024-01-29 |
4.3 |
CVE-2023-6633 contact@wpscan.com |
wordpress — wordpress |
The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
2024-01-27 |
4.8 |
CVE-2024-0618 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
2024-01-27 |
4.8 |
CVE-2024-0664 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. |
2024-01-27 |
4.9 |
CVE-2024-0697 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews. |
2024-01-31 |
4.3 |
CVE-2024-0836 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with “Form.php” on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
2024-02-02 |
4.7 |
CVE-2024-0844 security@wordfence.com security@wordfence.com |
wordpress — wordpress |
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2024-02-02 |
4.3 |
CVE-2024-1162 security@wordfence.com security@wordfence.com |
wp_event_manager — wp_user_profile_avatar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS. This issue affects WP User Profile Avatar: from n/a through 1.0. |
2024-02-01 |
6.5 |
CVE-2023-52118 audit@patchstack.com |
wpdevelop_oplugins — wp_booking_calendar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS. This issue affects WP Booking Calendar: from n/a before 9.7.4. |
2024-02-01 |
6.5 |
CVE-2023-51520 audit@patchstack.com |
wpeverest — everest_forms_build_contact_forms_surveys_polls_application_forms_and_more_with_ease |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS. This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!: from n/a through 2.0.4.1. |
2024-02-01 |
5.9 |
CVE-2023-51695 audit@patchstack.com |
zscaler — zia |
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello’s Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic. |
2024-01-31 |
5.1 |
CVE-2023-28807 cve@zscaler.com cve@zscaler.com |