US-CERT Vulnerability Summary for the Week of November 27, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

 High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache — dolphinschedulerExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can’t upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file “` management:   endpoints:     web:       exposure:         include: health,metrics,prometheus “` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.2023-11-247.5CVE-2023-48796
 
apache — dolphinschedulerExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the meantime, we recommend you make sure the logs are only available to trusted operators.2023-11-277.5CVE-2023-49068
 
apache — supersetImproper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset’s metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.2023-11-278.8CVE-2023-40610
 
arcserve — udpArcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.2023-11-279.8CVE-2023-41998
arslansoft — education_portalImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1.2023-12-019.8CVE-2023-5634
arslansoft — education_portalUnrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1.2023-12-019.8CVE-2023-5636
arslansoft — education_portalImproper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting. This issue affects Education Portal: before v1.1.2023-12-017.5CVE-2023-5635
arslansoft — education_portalUnrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable. This issue affects Education Portal: before v1.1.2023-12-017.5CVE-2023-5637
chamilo — chamilo_lmsCommand injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.2023-11-288.8CVE-2023-4221

 

chamilo — chamilo_lmsCommand injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.2023-11-288.8CVE-2023-4222

 

chamilo — chamilo_lmsUnrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.2023-11-288.8CVE-2023-4223

 

chamilo — chamilo_lmsUnrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.2023-11-288.8CVE-2023-4224

 

chamilo — chamilo_lmsUnrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.2023-11-288.8CVE-2023-4225

 

chamilo — chamilo_lmsUnrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.2023-11-288.8CVE-2023-4226

 

clastix — capsule-proxycapsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you’re relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.2023-11-249.8CVE-2023-48312
 
controlid — idsecureAn authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a “passwordCustom” option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.2023-11-279.8CVE-2023-6329
cszcms — cszcmsA vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-277.2CVE-2023-6302

 

dell — rvtoolsRVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users’ system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688.2023-11-247.5CVE-2023-44303
eskom_computer — e-municipality_moduleImproper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105.2023-11-287.2CVE-2023-6150
eskom_computer — e-municipality_moduleImproper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105.2023-11-287.2CVE-2023-6151
f-secure — linux_protectionCertain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.2023-11-277.5CVE-2023-49322
foxit_software — foxit_readerA use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.2023-11-278.8CVE-2023-32616
foxit_software — foxit_readerAn arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted malicious site if the browser plugin extension is enabled.2023-11-278.8CVE-2023-35985
foxit_software — foxit_readerA use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.2023-11-278.8CVE-2023-38573
foxit_software — foxit_readerA code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.2023-11-278.8CVE-2023-39542
foxit_software — foxit_readerAn arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.2023-11-278.8CVE-2023-40194
foxit_software — foxit_readerA type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.2023-11-278.8CVE-2023-41257
frhed — frhedBuffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.2023-11-279.8CVE-2023-4590
google — chromeInteger overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)2023-11-299.6CVE-2023-6345

 

google — chromeUse after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-11-298.8CVE-2023-6346

 

google — chromeUse after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-11-298.8CVE-2023-6347

 

google — chromeUse after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)2023-11-298.8CVE-2023-6350

 

ibm — qradar_wincollectIBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.2023-11-247.8CVE-2023-26279
 
jeecg — jimureportA vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-279.8CVE-2023-6307

 

jfinal_cms — jfinal_cmsAn issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.2023-11-289.8CVE-2023-47503
kingsoft — wps_officeAn uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.2023-11-277.8CVE-2023-31275
klive — kliveSQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component.2023-11-277.5CVE-2023-49030

 

layer5 — mesheryA SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter.2023-11-249.8CVE-2023-46575

 

mattermost — mattermostMattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. 2023-11-277.5CVE-2023-40703
mattermost — mattermostMattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).2023-11-277.5CVE-2023-48268
moses-smt — mosesdecoderA vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135.2023-11-279.8CVE-2023-6309

 

nodejs — node.jsA vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the “msiexec.exe” process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user’s registry. The issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the “msiexec.exe” process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations. The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or “non-privileged”) users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged “msiexec.exe” process. This manipulation can result in the creation of folders in unintended and potentially malicious locations. It is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. Users who opt for other installation methods are not affected by this particular issue.2023-11-287.5CVE-2023-30585
openlink_software — virtuosoAn issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.2023-11-297.5CVE-2023-48946
openlink_software — virtuosoAn issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.2023-11-297.5CVE-2023-48947
openlink_software — virtuosoAn issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.2023-11-297.5CVE-2023-48948
openlink_software — virtuosoAn issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.2023-11-297.5CVE-2023-48949
openlink_software — virtuosoAn issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.2023-11-297.5CVE-2023-48950
openlink_software — virtuosoAn issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.2023-11-297.5CVE-2023-48951
openlink_software — virtuosoAn issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.2023-11-297.5CVE-2023-48952
openzfs — openzfsOpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.2023-11-247.5CVE-2023-49298

 

otrs — otrsA Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37.2023-11-277.5CVE-2023-6254
owncast — owncastAn issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.2023-11-279.8CVE-2023-46480
 
phpseclib — phpseclibIn Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.2023-11-277.5CVE-2023-49316
 
plesk — pleskUncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.2023-11-277.8CVE-2023-4931
 
precision_bridge — precision_bridgePrecision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.2023-11-269.1CVE-2023-49312
 
prestashop — prestashopIn the module “Product Catalog (CSV, Excel) Export/Update” (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.2023-11-279.8CVE-2023-46349
prestashop — prestashopSQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function.2023-11-279.8CVE-2023-48188
redhat — enterprise_linuxA flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.2023-11-277.5CVE-2023-5871

 

sapplica — sentrifugoIn Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.2023-11-288.8CVE-2023-29770
 
sequelize-typescript — sequelize-typescriptPrototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6.2023-11-247.1CVE-2023-6293
 
solarwinds_ — solarwinds_platformSQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.2023-11-288CVE-2023-40056
 
sourcecodester — free_and_open_source_inventory_management_systemA vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246132.2023-11-279.8CVE-2023-6306

 

sourcecodester — loan_management_systemA vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function delete_borrower of the file deleteBorrower.php. The manipulation of the argument borrower_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246136.2023-11-277.2CVE-2023-6310

 

sourcecodester — loan_management_systemA vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical. This issue affects the function delete_ltype of the file delete_ltype.php of the component Loan Type Page. The manipulation of the argument ltype_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246137 was assigned to this vulnerability.2023-11-277.2CVE-2023-6311

 

sourcecodester– loan_management_systemA vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246138 is the identifier assigned to this vulnerability.2023-11-277.2CVE-2023-6312

 

sourcecodester — free_and_open_source_inventory_management_systemA vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246131.2023-11-279.8CVE-2023-6305

 

tecno-mobile — tr118_firmwareA vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-278CVE-2023-6304

 

tenda — ac10_firmwareTenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.2023-11-299.8CVE-2023-45479
 
tenda — ac10_firmwareTenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878.2023-11-299.8CVE-2023-45480
 
tenda — ac10_firmwareTenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.2023-11-299.8CVE-2023-45481
 
tenda — ac10_firmwareTenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.2023-11-299.8CVE-2023-45482
 
tenda — ac10_firmwareTenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time.2023-11-299.8CVE-2023-45483
 
tenda — ac10_firmwareTenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.2023-11-299.8CVE-2023-45484
 
tenda — ax1803_firmwareAn issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.2023-11-279.8CVE-2023-49040
tenda — ax1803_firmwareHeap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.2023-11-279.8CVE-2023-49042
tenda — ax1803_firmwareBuffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.2023-11-279.8CVE-2023-49043
tenda — ax1803_firmwareStack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.2023-11-279.8CVE-2023-49044
tenda — ax1803_firmwareStack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.2023-11-279.8CVE-2023-49046
tenda — ax1803_firmwareTenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName.2023-11-277.5CVE-2023-49047
tongda2000 — tongda_oaA vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability.2023-11-247.5CVE-2023-6276

 

trellix — application_and_change_controlAn improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.2023-11-277.2CVE-2023-5607
univera_computer_system — panoramaImproper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Univera Computer System Panorama allows Command Injection. This issue affects Panorama: before 8.0.2023-11-289.9CVE-2023-6201
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6410
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6411
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6412
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6413
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6414
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6415
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6416
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6417
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.2023-11-307.5CVE-2023-6418
warp-tech — warpgateWarpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user’s account. Limited users can impersonate another user’s account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-248.8CVE-2023-48712
 
wordpress — wordpressThe WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.2023-11-279.8CVE-2023-4922
wordpress — wordpressThe Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.2023-11-279.8CVE-2023-5604
wordpress — wordpressThe WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.2023-11-279.8CVE-2023-5974
wordpress — wordpressThe 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.2023-11-279.1CVE-2023-5559
wordpress — wordpressThe Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.2023-11-277.5CVE-2023-5239
wordpress — wordpressThe Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.2023-11-277.5CVE-2023-5906
wordpress — wordpressThe BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the ‘bookingpress_process_upload’ function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.2023-11-287.2CVE-2023-6219

 

xiamen_four-faith — video_surveillance_management_systemA vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-278.8CVE-2023-6308

 

zyxel — nas326/nas542A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.2023-11-309.8CVE-2023-35138
zyxel — nas326/nas542A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.2023-11-309.8CVE-2023-4473
zyxel — nas326/nas542The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.2023-11-309.8CVE-2023-4474
zyxel — nas326/nas542The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.2023-11-308.8CVE-2023-37927
zyxel — nas326/nas542A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.2023-11-308.8CVE-2023-37928

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache — nifiApache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.2023-11-275.4CVE-2023-49145

 

apache — supersetImproper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart’s metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2.  Users are recommended to upgrade to version 2.1.2, which fixes this issue.2023-11-275.4CVE-2023-43701
 
apache — supersetUnnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.2023-11-274.3CVE-2023-42501
 
bigprof — online_clinic_management_systemA vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6422
bigprof — online_clinic_management_systemA vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/events_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6423
bigprof — online_clinic_management_systemA vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/disease_symptoms_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6424
bigprof — online_clinic_management_systemA vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6425
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6426
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6427
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6428
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6429
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6430
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6431
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6432
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6433
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6434
bigprof — online_invoicing_systemA vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.2023-11-305.4CVE-2023-6435
bluetooth — bluetooth_core_specificationBluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live injection, aka BLUFFS.2023-11-286.8CVE-2023-24023
 
busybox — busyboxA use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.2023-11-275.5CVE-2023-42363
busybox — busyboxA use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.2023-11-275.5CVE-2023-42364
busybox — busyboxA use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.2023-11-275.5CVE-2023-42365
busybox — busyboxA heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.2023-11-275.5CVE-2023-42366
codeigniter — shieldCodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-246.5CVE-2023-48707
 
codeigniter — shieldCodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user’s authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.2023-11-246.5CVE-2023-48708

 

cszcms — cszcmsA vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/ of the component Site Settings Page. The manipulation of the argument Additional Meta Tag with the input <svg><animate onbegin=alert(1) attributeName=x dur=1s> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-274.8CVE-2023-6303

 

f-secure — linux_protectionCertain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.2023-11-275.3CVE-2023-49321
franklin_electric_fueling_systems — colibri_firmwareThe discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.2023-11-276.5CVE-2023-5885

 

grupo_alumne — alumne_lmsA Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the ‘localidad’ parameter to inject a custom JavaScript payload and partially take over another user’s browser session, due to the lack of proper sanitization of the ‘localidad’ field on the /users/editmy page.2023-11-286.1CVE-2023-6359
itext — itextA vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-266.5CVE-2023-6298

 

itext — itextA vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25, 2023 prior to the disclosure.2023-11-266.5CVE-2023-6299

 

knative — servingKnative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.2023-11-285.3CVE-2023-48713

 

libtiff — libtiffAn out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.2023-11-246.5CVE-2023-6277

 

mattermost — mattermostMattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked “Back to Mattermost” after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=2023-11-276.1CVE-2023-47168
mattermost — mattermostMattermost fails to use  innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim’s page by create a channel name that is valid HTML. No XSS is possible though. 2023-11-275.4CVE-2023-35075
mattermost — mattermostMattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.2023-11-275.3CVE-2023-48369
mattermost — mattermostMattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled. 2023-11-274.3CVE-2023-43754
mattermost — mattermostMattermost fails to properly validate the “Show Full Name” option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled. 2023-11-274.3CVE-2023-45223
mattermost — mattermostMattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled2023-11-274.3CVE-2023-47865
mattermost — mattermostMattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.2023-11-274.3CVE-2023-6202
naver — whale_browserThe Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via ‘Open in Whale’ feature.2023-11-275.5CVE-2023-25632
oro_inc — client_relationship_managementOroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.2023-11-285CVE-2023-32063

 

oro_inc — orocommerceOroCommerce package with customer portal and non-authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.2023-11-284.3CVE-2023-32064
oro_inc — orocommerceOroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.2023-11-285.8CVE-2023-32065
oro_inc — oroplatformOroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.2023-11-274.3CVE-2023-32062

 

oscommerce — oscommerceA vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq”><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-266.1CVE-2023-6296

 

pachno — pachnoA vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.2023-11-285.4CVE-2023-47437
 
phpgurukul — nipah_virus_testing_management_systemA vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123.2023-11-266.1CVE-2023-6297

 

prestashop — prestashopCross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.2023-11-286.1CVE-2023-48042
 
prestashop — prestashopIn the module “CSV Feeds PRO” (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.2023-11-275.3CVE-2023-46355
smpn1smg — absisCross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.2023-11-276.1CVE-2023-49029

 

smpn1smg — absisCross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file.2023-11-275.4CVE-2023-49028

 

sourcecodester — url_shortenerA vulnerability was found in SourceCodester URL Shortener 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Long URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246139.2023-11-276.1CVE-2023-6313

 

sourcecodester– best_courier_management_systemA vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.2023-11-276.1CVE-2023-6300

 

sourcecodester– best_courier_management_systemA vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127.2023-11-276.1CVE-2023-6301

 

sysaid — sysaidSysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.2023-11-246.5CVE-2023-33706
tribe29 — checkmk_applianceSensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.2023-11-275.5CVE-2023-6287
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user.2023-11-306.1CVE-2023-6419
voovi — vooviA vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user.2023-11-306.1CVE-2023-6420
wordpress — wordpressThe Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS2023-11-276.1CVE-2023-5325
wordpress — wordpressThe WP-UserOnline WordPress plugin before 2.88.3 does not sanitize and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.2023-11-276.1CVE-2023-5560
wordpress — wordpressThe Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-11-276.1CVE-2023-5641
wordpress — wordpressThe POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.2023-11-276.1CVE-2023-5958
wordpress — wordpressThe kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.2023-11-275.9CVE-2023-4642
wordpress — wordpressThe Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-11-275.4CVE-2023-4514
wordpress — wordpressThe Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.2023-11-275.4CVE-2023-5620
wordpress — wordpressThe WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.2023-11-275.4CVE-2023-5738
wordpress — wordpressThe Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-11-275.4CVE-2023-5942
wordpress — wordpressThe EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.2023-11-275.3CVE-2023-4252
wordpress — wordpressThe Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them2023-11-275.3CVE-2023-5611
wordpress — wordpressThe Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags2023-11-275.3CVE-2023-5845
wordpress — wordpressThe gAppointments WordPress plugin through 1.9.5.1 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-11-274.8CVE-2023-2707
wordpress — wordpressThe WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-11-274.8CVE-2023-5209
wordpress — wordpressThe Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.2023-11-274.3CVE-2023-4297
wordpress — wordpressThe Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.2023-11-274.3CVE-2023-5525
wordpress — wordpressThe WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.2023-11-274.3CVE-2023-5737
zyxel — zldAn improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.2023-11-285.5CVE-2023-5960
zyxel — multiple_productsAn improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.2023-11-285.5CVE-2023-35136
zyxel — multiple_productsAn improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.2023-11-285.5CVE-2023-37925
zyxel — multiple_productsA buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.2023-11-285.5CVE-2023-37926
zyxel — multiple_productsAn improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.2023-11-285.5CVE-2023-5650
zyxel — multiple_productsAn improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device.2023-11-285.5CVE-2023-5797
zyxel — multiple_productsA cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs.2023-11-285.2CVE-2023-35139
zyxel — multiple_productsA buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.2023-11-284.4CVE-2023-4397

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google-translate-api-browser — google_translate_api_browsergoogle-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end user. An attacker can set a malicious `tld`, causing the application to return unsafe URLs pointing towards local resources. The `translateOptions.tld` field is not properly sanitized before being placed in the Google translate URL. This can allow an attacker with control over the `translateOptions` to set the `tld` to a payload such as `@127.0.0.1`. This causes the full URL to become `https://[email protected]/…`, where `translate.google.` is the username used to connect to localhost. An attacker can send requests within internal networks and the local host. Should any HTTPS application be present on the internal network with a vulnerability exploitable via a GET call, then it would be possible to exploit this using this vulnerability. This issue has been addressed in release version 4.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-243.7CVE-2023-48711
 
tribe29 — checkmkCross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users.2023-11-243.5CVE-2023-6251

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acer — wireless_keyboardAn issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.2023-11-27not yet calculatedCVE-2023-48034
aio-libs — aiohttpaiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.2023-11-30not yet calculatedCVE-2023-49081
 
aio-libs — aiohttpaiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.2023-11-29not yet calculatedCVE-2023-49082
 
anyscale — rayAnyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment2023-11-28not yet calculatedCVE-2023-48022
 
anyscale — ray
 
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment2023-11-28not yet calculatedCVE-2023-48023
 
apache — activemqOnce a user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest is able to invoke through refection. And then, RCE is able to be achieved via jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.2023-11-28not yet calculatedCVE-2022-41678

 

apache — cocoonImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.2023-11-30not yet calculatedCVE-2022-45135
 
apache — dolphinschedulerBefore DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability2023-11-30not yet calculatedCVE-2023-49620

 

apache — supersetAn authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.2023-11-28not yet calculatedCVE-2023-42502
apache — supersetAn authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.02023-11-28not yet calculatedCVE-2023-42504
 
apache — supersetAn authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection’s username. This issue affects Apache Superset before 3.0.0.2023-11-28not yet calculatedCVE-2023-42505
 
apache — cocoonImproper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.2023-11-30not yet calculatedCVE-2023-49733
 
apache — tomcat
 
Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.2023-11-28not yet calculatedCVE-2023-46589
 
apple — multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.2023-11-30not yet calculatedCVE-2023-42916

 

apple — multiple_productsA memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.2023-11-30not yet calculatedCVE-2023-42917

 

aquaforest — tiff_serverThe default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.2023-11-30not yet calculatedCVE-2023-6352

 

arcserve — arcserve_udpAn authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.2023-11-27not yet calculatedCVE-2023-41999
arcserve — arcserve_udpArcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.2023-11-27not yet calculatedCVE-2023-42000
arm_ltd — bifrost_gpu_kernel_driverUse After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Bifrost GPU Kernel Driver: from r44p0 through r45p0; Valhall GPU Kernel Driver: from r44p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r45p0.2023-12-01not yet calculatedCVE-2023-5427
asana,_inc. — desktop_on_macosAsana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.2023-11-28not yet calculatedCVE-2023-49314

 

asr — falconMemory Corruption in IMS while calling VoLTE Streamingmedia Interface2023-11-30not yet calculatedCVE-2023-49699
asr — falconSecurity best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large.2023-11-30not yet calculatedCVE-2023-49700
asr — falconMemory Corruption in SIM management while USIMPhase2init2023-11-30not yet calculatedCVE-2023-49701
becton,_dickinson_and_company_(bd) — facschorusThe FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.2023-11-28not yet calculatedCVE-2023-29060
becton,_dickinson_and_company_(bd) — facschorusThere is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.2023-11-28not yet calculatedCVE-2023-29061
becton,_dickinson_and_company_(bd) — facschorusThe Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.2023-11-28not yet calculatedCVE-2023-29062
becton,_dickinson_and_company_(bd) — facschorusThe FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.2023-11-28not yet calculatedCVE-2023-29063
becton,_dickinson_and_company_(bd) — facschorusThe FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.2023-11-28not yet calculatedCVE-2023-29064
becton,_dickinson_and_company_(bd) — facschorusThe FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.2023-11-28not yet calculatedCVE-2023-29065
becton,_dickinson_and_company_(bd) — facschorusThe FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.2023-11-28not yet calculatedCVE-2023-29066
bowo — debug_log_managerExposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager. This issue affects Debug Log Manager: from n/a through 2.3.0.2023-11-30not yet calculatedCVE-2023-6136
calendarinho — calendarinhoCalendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability.2023-12-01not yet calculatedCVE-2023-49281

 

carrierwave — carrierwaveCarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.2023-11-29not yet calculatedCVE-2023-49090

 

catalis — cms360Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation.2023-11-30not yet calculatedCVE-2023-6341

 

chamilo — chamilo_lmsCommand injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.2023-11-28not yet calculatedCVE-2023-3368

 

chamilo — chamilo_lmsPath traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.2023-11-28not yet calculatedCVE-2023-3533

 

chamilo — chamilo_lmsImproper sanitization in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.2023-11-28not yet calculatedCVE-2023-3545

 

chamilo — chamilo_lmsUnrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.2023-11-28not yet calculatedCVE-2023-4220

 

collabora_online — collabora_onlineCollabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online – Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-12-01not yet calculatedCVE-2023-48314
cosmos-server — cosmos-serverCosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0.2023-11-29not yet calculatedCVE-2023-49091
d-link — go-rt-ac750D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.2023-12-01not yet calculatedCVE-2023-48842
dell — rugged_control_centerDell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.2023-12-02not yet calculatedCVE-2023-39256
dell — rugged_control_centerDell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.2023-12-02not yet calculatedCVE-2023-39257
dell — rugged_control_centerDell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.2023-12-01not yet calculatedCVE-2023-43089
delta_electronics — infrasuite_device_masterIn Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.2023-11-30not yet calculatedCVE-2023-39226
delta_electronics — infrasuite_device_masterIn Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.2023-11-30not yet calculatedCVE-2023-46690
delta_electronics — infrasuite_device_masterIn Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.2023-11-30not yet calculatedCVE-2023-47207
delta_electronics — infrasuite_device_masterIn Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying.2023-11-30not yet calculatedCVE-2023-47279
dpaste — dpastedpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user’s browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability.2023-12-01not yet calculatedCVE-2023-49277
 
dreamer — cmsDreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.2023-11-29not yet calculatedCVE-2023-46886
dreamer — cmsIn Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.2023-11-29not yet calculatedCVE-2023-46887
dreamer_cms — dreamer_cmsDreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.2023-11-30not yet calculatedCVE-2023-48912
dreamer_cms — dreamer_cmsDreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.2023-11-30not yet calculatedCVE-2023-48913
dreamer_cms — dreamer_cmsDreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.2023-11-30not yet calculatedCVE-2023-48914
electron — electronElectron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically, this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.2023-12-01not yet calculatedCVE-2023-44402

 

espocrm — espocrmAn authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.2023-11-30not yet calculatedCVE-2023-5965
espocrm — espocrmAn authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.2023-11-30not yet calculatedCVE-2023-5966
eyoucms — eyoucmsA stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.2023-11-29not yet calculatedCVE-2023-48880
eyoucms — eyoucmsA stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.2023-11-29not yet calculatedCVE-2023-48881
eyoucms — eyoucmsA stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.2023-11-29not yet calculatedCVE-2023-48882
ezviz — multiple_productsAn authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.2023-11-28not yet calculatedCVE-2023-48121
facebook — katranKatran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f2023-11-28not yet calculatedCVE-2023-49062
 
gesundheit_bewegt_gmbh — zippyExposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy. This issue affects Zippy: from n/a through 1.6.1.2023-11-30not yet calculatedCVE-2023-26533
getsentry — symbolicatorSymbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.2023-11-30not yet calculatedCVE-2023-49094

 

gitkraken — gitlensAn issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.2023-11-28not yet calculatedCVE-2023-46944
 
gitlab — gitlabAn issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.2023-12-01not yet calculatedCVE-2023-3443
 
gitlab — gitlabAn issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects’ release descriptions via an atom endpoint when release access on the public was set to only project members.2023-12-01not yet calculatedCVE-2023-3949
 
gitlab — gitlabAn issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.2023-12-01not yet calculatedCVE-2023-3964
 
gitlab — gitlabAn issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch.2023-12-01not yet calculatedCVE-2023-4317
 
gitlab — gitlabAn issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI.2023-12-01not yet calculatedCVE-2023-5226
 
gitlab — gitlab_ce/eeImproper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim’s browser.2023-12-01not yet calculatedCVE-2023-6033
 
gitlab — gitlab_eeAn issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.2023-12-01not yet calculatedCVE-2023-4658
 
gitlab — gitlab_eeAn issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.2023-12-01not yet calculatedCVE-2023-4912
 
gitlab — gitlab_eeAn issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.2023-12-01not yet calculatedCVE-2023-5995
 
gl.inet — ax1800Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.2023-11-29not yet calculatedCVE-2023-47462
gl.inet — ax1800Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function.2023-11-30not yet calculatedCVE-2023-47463
gl.inet — ax1800Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function.2023-11-30not yet calculatedCVE-2023-47464
gnutls — gnutlsA vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.2023-11-28not yet calculatedCVE-2023-5981

 

go-resty — go-restyA race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn’t had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.2023-11-28not yet calculatedCVE-2023-45286

 

google — androidRemote code execution2023-11-29not yet calculatedCVE-2022-42536
google — androidRemote code execution2023-11-29not yet calculatedCVE-2022-42537
google — androidElevation of privilege2023-11-29not yet calculatedCVE-2022-42538
google — androidInformation disclosure2023-11-29not yet calculatedCVE-2022-42539
google — androidElevation of privilege2023-11-29not yet calculatedCVE-2022-42540
google — androidRemote code execution2023-11-29not yet calculatedCVE-2022-42541
google — chromeType Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-11-29not yet calculatedCVE-2023-6348

 

google — chromeUse after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)2023-11-29not yet calculatedCVE-2023-6351

 

haproxy — haproxyHAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.2023-11-28not yet calculatedCVE-2023-45539

 

henschen_&_associates — court_document_management_softwareHenschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.2023-11-30not yet calculatedCVE-2023-6376

 

hitachi_energy — relion670A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured. 2023-12-01not yet calculatedCVE-2023-4518
huddly — huddlycameraserviceDLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges.2023-12-01not yet calculatedCVE-2023-45252
huddly — huddlycameraserviceAn issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library.2023-12-01not yet calculatedCVE-2023-45253
ibm — aixIBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966.2023-12-01not yet calculatedCVE-2023-45168
 
ibm — iIBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.2023-12-01not yet calculatedCVE-2023-42006
 
ibm — infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.2023-12-01not yet calculatedCVE-2023-38268
 
ibm — infosphere_information_serverIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.2023-12-01not yet calculatedCVE-2023-40699
 
ibm — infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504.2023-12-01not yet calculatedCVE-2023-42009
 
ibm — infosphere_information_serverIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.2023-12-01not yet calculatedCVE-2023-42019
 

ibm — infosphere_information_server

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.2023-12-01not yet calculatedCVE-2023-42022
 
ibm — infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064.2023-12-01not yet calculatedCVE-2023-43015
 
ibm — infosphere_information_serverIBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.2023-12-01not yet calculatedCVE-2023-43021
 
ibm — infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.2023-12-01not yet calculatedCVE-2023-46174
 
ibm — planning_analytics_on_cloud_pak_for_dataIBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898.2023-12-01not yet calculatedCVE-2023-26024
 
ibm — security_guardiumIBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.2023-11-28not yet calculatedCVE-2023-42004
 
idemia — multiple_productsThe web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface.  The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to  unauthorized access and data leakage2023-11-28not yet calculatedCVE-2023-4667
interaxon — muse_2InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a “false” brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal.2023-12-02not yet calculatedCVE-2023-49914
 
jenkins — jenkinsIncorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1.2023-11-29not yet calculatedCVE-2023-49652
 
jenkins — jenkinsJenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.2023-11-29not yet calculatedCVE-2023-49653
 
jenkins — jenkinsMissing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.2023-11-29not yet calculatedCVE-2023-49654
 
jenkins — jenkinsA cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.2023-11-29not yet calculatedCVE-2023-49655
 
jenkins — jenkinsJenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2023-11-29not yet calculatedCVE-2023-49656
 
jenkins — jenkinsA cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.2023-11-29not yet calculatedCVE-2023-49673
 
jenkins — jenkinsA missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.2023-11-29not yet calculatedCVE-2023-49674
 
joomla! — joomla!_cmsThe language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.2023-11-29not yet calculatedCVE-2023-40626
jsherp — jsherpIncorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.2023-11-30not yet calculatedCVE-2023-48894
jumpserver — gplv3Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function.2023-11-28not yet calculatedCVE-2023-48193

 

jupiter — jupiterA deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.2023-12-01not yet calculatedCVE-2023-48887

 

libsyn — libsyn_publisher_hubExposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub. This issue affects Libsyn Publisher Hub: from n/a through 1.3.2.2023-11-30not yet calculatedCVE-2023-25057
logback — logbackA serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.2023-11-29not yet calculatedCVE-2023-6378
loytec_electronics — gmbh_linx_configuratorLOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.2023-11-30not yet calculatedCVE-2023-46383
 
loytec_electronics — gmbh_linx_configuratorLOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.2023-11-30not yet calculatedCVE-2023-46384
 
loytec_electronics — gmbh_linx_configuratorLOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.2023-11-30not yet calculatedCVE-2023-46385
 
loytec_electronics — multiple_productsLOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.2023-11-30not yet calculatedCVE-2023-46386
 
loytec_electronics — multiple_productsLOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.2023-11-30not yet calculatedCVE-2023-46387
 
loytec_electronics — multiple_productsLOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.2023-11-30not yet calculatedCVE-2023-46388
 
loytec_electronics — multiple_productsLOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.2023-11-30not yet calculatedCVE-2023-46389
 
m-files — m-files_serverUnder rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.2023-11-28not yet calculatedCVE-2023-6239
mailcow — mailcow-dockerizedMailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11.2023-11-30not yet calculatedCVE-2023-49077
 
microweber — microweberFile Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.2023-11-30not yet calculatedCVE-2023-49052
 
minipaint — minipaintCross-site Scripting (XSS) – Reflected in GitHub repository viliusle/minipaint prior to 4.14.0.2023-12-01not yet calculatedCVE-2023-6461
 
misskey — misskeyMisskey is an open source, decentralized social media platform. Misskey’s missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.2023-11-29not yet calculatedCVE-2023-49079
mitsubishi_electric_corporation — gx_works2Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.2023-11-30not yet calculatedCVE-2023-5274

 

mitsubishi_electric_corporation — gx_works2Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.2023-11-30not yet calculatedCVE-2023-5275

 

mitsubishi_electric_corporation — gx_works3Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.2023-11-30not yet calculatedCVE-2023-5247
 
nec_platforms,_ltd — itk-6dgs-1(bk)_telAn OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allow an attacker to execute any command on the device.2023-11-30not yet calculatedCVE-2023-3741
netease — cloudmusicAn Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory.2023-11-30not yet calculatedCVE-2023-47454
netgear — netgear_prosafe_network_management_systemNETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.2023-11-29not yet calculatedCVE-2023-49693
 
netgear — netgear_prosafe_network_management_systemA low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.2023-11-29not yet calculatedCVE-2023-49694
 
nettyrpc — nettyrpcA deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.2023-12-01not yet calculatedCVE-2023-48886
 
netwrix_corporation — usercubeNetwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints).2023-11-28not yet calculatedCVE-2023-41264
 
nexkey — nexkeynexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.2023-11-30not yet calculatedCVE-2023-49095
 
node.js — node.jsWhen an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.2023-11-28not yet calculatedCVE-2023-30588
node.js — node.jsThe generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: “Generates private and public Diffie-Hellman key values”. The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.2023-11-28not yet calculatedCVE-2023-30590
notepad++ — notepad++An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory.2023-11-30not yet calculatedCVE-2023-47452
notepad++ — notepad++A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-30not yet calculatedCVE-2023-6401
 
o2oa — o2oaRemote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript.2023-11-30not yet calculatedCVE-2023-47418
 
october_cms — october_cmsOctober is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.2023-12-01not yet calculatedCVE-2023-44381
october_cms — october_cmsOctober is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.2023-11-29not yet calculatedCVE-2023-44383
 
october_cms — october_cmsOctober is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15.2023-12-01not yet calculatedCVE-2023-44382
openlink_software — virtuosoA stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-11-29not yet calculatedCVE-2023-48945
oro_inc — platformOroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.2023-11-27not yet calculatedCVE-2022-41951
packers_and_movers_management_system — packers_and_movers_management_systemSQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file.2023-11-30not yet calculatedCVE-2023-46956
perl — perlIn Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{…} regular expression construct is mishandled. The earliest affected version is 5.30.0.2023-12-02not yet calculatedCVE-2023-47100
phpems — phpemsA vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability.2023-12-02not yet calculatedCVE-2023-6472

 

phpgurukul — nipah_virus_testing_management_systemA vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423.2023-11-30not yet calculatedCVE-2023-6402

 

phpgurukul — nipah_virus_testing_management_systemA vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability.2023-11-30not yet calculatedCVE-2023-6442

 

phpgurukul — nipah_virus_testing_management_systemA vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615.2023-12-02not yet calculatedCVE-2023-6465

 

phpmemcachedadmin — phpmemcachedadminA Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input.2023-11-30not yet calculatedCVE-2023-6026
phpmemcachedadmin — phpmemcachedadminA critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the “/pmcadmin/configure.php” parameter.2023-11-30not yet calculatedCVE-2023-6027
pimcore — pimcoreThe Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two-factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.2023-11-28not yet calculatedCVE-2023-49075

 

pimcore — pimcoreCustomer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.2023-11-30not yet calculatedCVE-2023-49076
 
posthog — posthogPostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability.2023-12-01not yet calculatedCVE-2023-46746
 
preh_gmbh — mib3_infotainment_unitThe password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on ┼ákoda Superb III (3V3) – 2.0 TDI manufactured in 2022.2023-12-01not yet calculatedCVE-2023-28895
preh_gmbh — mib3_infotainment_unitAccess to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on ┼ákoda Superb III (3V3) – 2.0 TDI manufactured in 2022.2023-12-01not yet calculatedCVE-2023-28896
progress_software_corporation — moveit_transferIn Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.  An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser.2023-11-29not yet calculatedCVE-2023-6217
 
progress_software_corporation — moveit_transferIn Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group member’s permissions to the role of an organization administrator.2023-11-29not yet calculatedCVE-2023-6218
 
ptc — kepserverexKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.2023-11-30not yet calculatedCVE-2023-5908
ptc — kepserverexKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.2023-11-30not yet calculatedCVE-2023-5909
pyca — cryptographycryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.2023-11-29not yet calculatedCVE-2023-49083

 

raptor-web — raptor-webraptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user-controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of `raptor-web` on version `0.4.4`. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1.2023-11-28not yet calculatedCVE-2023-49078
 
restaurant_table_booking_system — restaurant_table_booking_systemRestaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter.2023-12-01not yet calculatedCVE-2023-48016
ruoyi — ruoyiRuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.2023-12-01not yet calculatedCVE-2023-49371
rustcrypto — rsaRustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.2023-11-28not yet calculatedCVE-2023-49092
 
schweitzer_engineering_laboratories — sel-411lAn improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-2264
schweitzer_engineering_laboratories — sel-411lAn Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-2265
schweitzer_engineering_laboratories — sel-411lAn Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-2266
schweitzer_engineering_laboratories — sel-411lAn Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-2267
schweitzer_engineering_laboratories — sel-451An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.  See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-31176
 
schweitzer_engineering_laboratories — sel-451An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim’s system. See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-31177
 
schweitzer_engineering_laboratories — sel-451An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-34388
 
schweitzer_engineering_laboratories — sel-451An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-34389
 
schweitzer_engineering_laboratories — sel-451An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details.2023-11-30not yet calculatedCVE-2023-34390
 
senayan_library_management_systems — slims_9_bulianSenayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.2023-12-01not yet calculatedCVE-2023-48813
 
senayan_library_management_systems — slims_9_bulian
 
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php.2023-12-01not yet calculatedCVE-2023-48893
 
shenzhen_libituo_technology_co.,_ltd — lbt-t300-t310Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter.2023-11-30not yet calculatedCVE-2023-47307
sierra_wireless_inc. — aleosLoop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device.2023-11-29not yet calculatedCVE-2023-40458
simplesamlphp — xml-securityxml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP’s canonicalization function) manages to manipulate the canonicalized version’s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.2023-11-30not yet calculatedCVE-2023-49087
 
sohu — video_playerAn Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory.2023-11-30not yet calculatedCVE-2023-47453
sophos — sophos_email_applianceA reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4.2023-11-30not yet calculatedCVE-2021-36806
sourcecodester — book_borrower_systemA vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246443.2023-11-30not yet calculatedCVE-2023-6440

 

sourcecodester — online_quiz_systemA vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246639.2023-12-02not yet calculatedCVE-2023-6473

 

sourcecodester — user_registration_and_login_systemA vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246612.2023-12-01not yet calculatedCVE-2023-6462

 

sourcecodester — user_registration_and_login_systemA vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246613 was assigned to this vulnerability.2023-12-01not yet calculatedCVE-2023-6463

 

sourcecodester — user_registration_and_login_systemA vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability.2023-12-02not yet calculatedCVE-2023-6464

 

spring — reactor_nettyIn Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.2023-11-28not yet calculatedCVE-2023-34054
spring — spring_bootIn Spring Boot versions 2.7.0 – 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath2023-11-28not yet calculatedCVE-2023-34055
spring — spring_frameworkIn Spring Framework versions 6.0.0 – 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.2023-11-28not yet calculatedCVE-2023-34053
systematica — radiusAbsolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter “file” in URL. Also: affected components in same product – HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)2023-11-30not yet calculatedCVE-2021-35975
tenda — i6Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.2023-11-30not yet calculatedCVE-2023-48963
tenda — i6Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.2023-11-30not yet calculatedCVE-2023-48964
thecosy — icecmsA vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability.2023-11-30not yet calculatedCVE-2023-6438

 

thecosy — icecmsA vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616.2023-12-02not yet calculatedCVE-2023-6466

 

thecosy — icecmsA vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability.2023-12-02not yet calculatedCVE-2023-6467

 

totolink — x6000rAn issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.2023-12-01not yet calculatedCVE-2023-43453
totolink — x6000rAn issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.2023-12-01not yet calculatedCVE-2023-43454
totolink — x6000rAn issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.2023-12-01not yet calculatedCVE-2023-43455
totolink — x6000rIn TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.2023-12-01not yet calculatedCVE-2023-48801
 
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48802
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48803
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48804
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48805
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48806
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48807
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48808
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48810
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48811
totolink — x6000rIn TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.2023-11-30not yet calculatedCVE-2023-48812
trellix — trellix_enterprise_security_managerA server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn’t parse for invalid data2023-11-29not yet calculatedCVE-2023-6070
trellix — trellix_enterprise_security_managerAn Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn’t correctly sanitized when adding a new data source.2023-11-30not yet calculatedCVE-2023-6071
tyler_technologies — civil_and_criminal_electronic_filingTyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx ‘enky’ parameter.2023-11-30not yet calculatedCVE-2023-6353

 

tyler_technologies — court_case_management_plusTyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the ‘CmWebSearchPfp/Login.aspx?xyzldk=’ and ‘payforprint_CM/Redirector.ashx?userid=’ parameters. The vulnerable “pay for print” feature was removed on or around 2023-11-01.2023-11-30not yet calculatedCVE-2023-6342

 

tyler_technologies — court_case_management_plusTyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx ‘FN’ and ‘PN’ parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.2023-11-30not yet calculatedCVE-2023-6343

 

tyler_technologies — court_case_management_plusTyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx ‘ifolder’ parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.2023-11-30not yet calculatedCVE-2023-6344

 

tyler_technologies — magistrate_court_case_management_plusTyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx ‘filename’ parameter.2023-11-30not yet calculatedCVE-2023-6354

 

tyler_technologies — magistrate_court_case_management_plusTyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.2023-11-30not yet calculatedCVE-2023-6375

 

uptime_kuma — uptime_kuma
 
Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analytics ID and the template has not been sanitized, there is an attribute injection vulnerability here, which can lead to XSS attacks. This vulnerability has been addressed in commit `f28dccf4e` which is included in release version 1.23.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-12-01not yet calculatedCVE-2023-49276
 
ureport — ureportAn arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.2023-11-28not yet calculatedCVE-2023-48848
windows — multiple_productsAn uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.2023-11-30not yet calculatedCVE-2023-4770
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MonsterInsights Pro allows Stored XSS. This issue affects MonsterInsights Pro: from n/a through 8.14.1.2023-11-30not yet calculatedCVE-2023-32291
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS). This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1.2023-11-30not yet calculatedCVE-2023-33333
 
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS. This issue affects SoundCloud Shortcode: from n/a through 3.1.0.2023-11-30not yet calculatedCVE-2023-34018
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery. This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7.2023-11-30not yet calculatedCVE-2023-34030
 
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin. This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.2023-11-30not yet calculatedCVE-2023-36507
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link. This issue affects Email download link: from n/a through 3.7.2023-11-30not yet calculatedCVE-2023-36523
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery. This issue affects Schema Pro: from n/a through 2.7.7.2023-11-30not yet calculatedCVE-2023-36682
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery. This issue affects CartFlows Pro: from n/a through 1.11.12.2023-11-30not yet calculatedCVE-2023-36685
wordpress — wordpressTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR – Yet Another Star Rating Plugin for WordPress. This issue affects YASR – Yet Another Star Rating Plugin for WordPress: from n/a through 3.3.8.2023-11-30not yet calculatedCVE-2023-37867
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO. This issue affects Premium Addons PRO: from n/a through 2.9.0.2023-11-30not yet calculatedCVE-2023-37868
wordpress — wordpressMissing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers. This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.2023-11-30not yet calculatedCVE-2023-37890
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce. This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1.2023-11-30not yet calculatedCVE-2023-37972
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kriesi Enfold – Responsive Multi-Purpose Theme allows Reflected XSS. This issue affects Enfold – Responsive Multi-Purpose Theme: from n/a through 5.6.4.2023-11-30not yet calculatedCVE-2023-38400
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS. This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12.2023-11-30not yet calculatedCVE-2023-38474
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS. This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through 4.6.19.2023-11-30not yet calculatedCVE-2023-39921
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks. This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.2023-11-30not yet calculatedCVE-2023-40211
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on. This issue affects EWWW Image Optimizer: from n/a through 7.2.0.2023-11-30not yet calculatedCVE-2023-40600
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy. This issue affects Cookies and Content Security Policy: from n/a through 2.15.2023-11-30not yet calculatedCVE-2023-40662
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS. This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118.2023-11-30not yet calculatedCVE-2023-40674
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Yoast Yoast SEO allows Stored XSS. This issue affects Yoast SEO: from n/a through 21.0.2023-11-30not yet calculatedCVE-2023-40680
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS. This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.2023-11-30not yet calculatedCVE-2023-41127
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS. This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8.2023-11-30not yet calculatedCVE-2023-41128
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS. This issue affects Simple Long Form: from n/a through 2.2.2.2023-11-30not yet calculatedCVE-2023-41136
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers. This issue affects Email posts to subscribers: from n/a through 6.2.2023-11-30not yet calculatedCVE-2023-41735
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS. This issue affects Bamboo Columns: from n/a through 1.6.1.2023-11-30not yet calculatedCVE-2023-44143
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS. This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.2023-11-30not yet calculatedCVE-2023-45050
 
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS. This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0.2023-11-30not yet calculatedCVE-2023-45609
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub. This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.2023-11-30not yet calculatedCVE-2023-45834
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS. This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3.2023-11-30not yet calculatedCVE-2023-46086
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop. This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0.2023-11-30not yet calculatedCVE-2023-46820
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS). This issue affects Elementor: from n/a through 3.16.4.2023-11-30not yet calculatedCVE-2023-47505
 
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS. This issue affects Q2W3 Post Order: from n/a through 1.2.8.2023-11-30not yet calculatedCVE-2023-47521
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery. This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.2023-11-30not yet calculatedCVE-2023-47645
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS. This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.2023-11-30not yet calculatedCVE-2023-47777

 

wordpress — wordpressIncorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Events Addon for Elementor: from n/a through 2.1.3.2023-11-30not yet calculatedCVE-2023-47827
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS. This issue affects Grab & Save: from n/a through 1.0.4.2023-11-30not yet calculatedCVE-2023-47844
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tainacan.Org Tainacan allows Reflected XSS. This issue affects Tainacan: from n/a through 0.20.4.2023-11-30not yet calculatedCVE-2023-47848
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS. This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0.2023-11-30not yet calculatedCVE-2023-47850
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS. This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1.2023-11-30not yet calculatedCVE-2023-47851
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS. This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.2023-11-30not yet calculatedCVE-2023-47853
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS. This issue affects Parallax Image: from n/a through 1.7.1.2023-11-30not yet calculatedCVE-2023-47854
wordpress — wordpressCross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to force all users log out. This issue affects wpForo Forum: from n/a through 2.2.6.2023-11-30not yet calculatedCVE-2023-47870
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gVectors Team wpForo Forum allows Stored XSS. This issue affects wpForo Forum: from n/a through 2.2.3.2023-11-30not yet calculatedCVE-2023-47872
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery. This issue affects Perfmatters: from n/a through 2.1.6.2023-11-30not yet calculatedCVE-2023-47875
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Perfmatters allows Reflected XSS. This issue affects Perfmatters: from n/a through 2.1.6.2023-11-30not yet calculatedCVE-2023-47876
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Perfmatters allows Stored XSS. This issue affects Perfmatters: from n/a before 2.2.0.2023-11-30not yet calculatedCVE-2023-47877
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS. This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2.2023-11-30not yet calculatedCVE-2023-48272
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS. This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.2023-11-30not yet calculatedCVE-2023-48278
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery. This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6.2023-11-30not yet calculatedCVE-2023-48279
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broken Link Checker for YouTube allows Cross Site Request Forgery. This issue affects Broken Link Checker for YouTube: from n/a through 1.3.2023-11-30not yet calculatedCVE-2023-48281
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery. This issue affects Taxonomy filter: from n/a through 2.2.9.2023-11-30not yet calculatedCVE-2023-48282
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Testimonials Showcase allows Cross Site Request Forgery. This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.2023-11-30not yet calculatedCVE-2023-48283
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery. This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.2023-11-30not yet calculatedCVE-2023-48284
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS. This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3.2023-11-30not yet calculatedCVE-2023-48289
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS. This issue affects Display Custom Post: from n/a through 2.2.1.2023-11-30not yet calculatedCVE-2023-48317
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebDorado SpiderVPlayer allows Stored XSS. This issue affects SpiderVPlayer: from n/a through 1.5.22.2023-11-30not yet calculatedCVE-2023-48320
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS. This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1.2023-11-30not yet calculatedCVE-2023-48321
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS. This issue affects eDoc Employee Job Application – Best WordPress Job Manager for Employees: from n/a through 1.13.2023-11-30not yet calculatedCVE-2023-48322
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery. This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4.2023-11-30not yet calculatedCVE-2023-48323
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pixelite Events Manager allows Reflected XSS. This issue affects Events Manager: from n/a through 6.4.5.2023-11-30not yet calculatedCVE-2023-48326
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery. This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.2023-11-30not yet calculatedCVE-2023-48328
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeBard Fast Custom Social Share by CodeBard allows Stored XSS. This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.1.2023-11-30not yet calculatedCVE-2023-48329
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery. This issue affects Bulk Comment Remove: from n/a through 2.2023-11-30not yet calculatedCVE-2023-48330
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery. This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4.2023-11-30not yet calculatedCVE-2023-48331
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce. This issue affects Booster for WooCommerce: from n/a through 7.1.1.2023-11-30not yet calculatedCVE-2023-48333
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery. This issue affects League Table: from n/a through 1.13.2023-11-30not yet calculatedCVE-2023-48334
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cybernetikz Easy Social Icons allows Stored XSS. This issue affects Easy Social Icons: from n/a through 3.2.4.2023-11-30not yet calculatedCVE-2023-48336
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS. This issue affects TriPay Payment Gateway: from n/a through 3.2.7.2023-11-30not yet calculatedCVE-2023-48737
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL Injection. This issue affects License Manager for WooCommerce: from n/a through 2.2.10.2023-11-30not yet calculatedCVE-2023-48742
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Menard Simply Exclude allows Reflected XSS. This issue affects Simply Exclude: from n/a through 2.0.6.6.2023-11-30not yet calculatedCVE-2023-48743
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery. This issue affects Availability Calendar: from n/a through 1.2.6.2023-11-30not yet calculatedCVE-2023-48744
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS. This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0.2023-11-30not yet calculatedCVE-2023-48746
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme nectar Salient Core allows Reflected XSS. This issue affects Salient Core: from n/a through 2.0.2.2023-11-30not yet calculatedCVE-2023-48748
wordpress — wordpressImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments – Happyforms allows Reflected XSS. This issue affects Form builder to get in touch with visitors, grow your email list and collect payments – Happyforms: from n/a through 1.25.9.2023-11-30not yet calculatedCVE-2023-48752
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery. This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.2023-11-30not yet calculatedCVE-2023-48754
wordpress — wordpressThe WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins2023-11-27not yet calculatedCVE-2023-5653
wordpress — wordpressThe Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-30not yet calculatedCVE-2023-5772

 

wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery. This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10.2023-11-30not yet calculatedCVE-2023-5803
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery. This issue affects Frontier Post: from n/a through 6.1.2023-11-30not yet calculatedCVE-2023-6137
wordpress — wordpressThe WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-28not yet calculatedCVE-2023-6225

 

wordpress — wordpressThe WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user-controlled keys ‘key’ and ‘post_id’. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.2023-11-28not yet calculatedCVE-2023-6226

 

wordpress — wordpressThe ‘My Calendar’ WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the ‘from’ and ‘to’ parameters in the ‘/my-calendar/v1/events’ rest route.2023-11-30not yet calculatedCVE-2023-6360
wordpress — wordpressThe Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘validate’ function and insufficient blocklisting on the ‘wpcf7_antiscript_file_name’ function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site’s server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion.2023-12-01not yet calculatedCVE-2023-6449

 

wordpress — wordpress
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.2023-11-30not yet calculatedCVE-2023-44150
wordpress — wordpress
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme nectar Salient Core allows Stored XSS. This issue affects Salient Core: from n/a through 2.0.2.2023-11-30not yet calculatedCVE-2023-48749
wordpress — wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users. This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.2023-11-30not yet calculatedCVE-2023-45066
xmachoviewer — xmachoviewerA dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product’s processes, potentially leading to remote control and unauthorized access to sensitive user data.2023-11-28not yet calculatedCVE-2023-49313
 
yokogawa_electric_corporation — stardomA vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.2023-12-01not yet calculatedCVE-2023-5915

 

zentao_pms — zentao_pmsA vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246439.2023-11-30not yet calculatedCVE-2023-6439

 

zitadel — zitadelZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code can be retrieved and used to reset the users password and take over his account. Accounts with MFA or Passwordless enabled can not be taken over by this attack. This issue has been patched in versions 2.41.6, 2.40.10 and 2.39.9.2023-11-30not yet calculatedCVE-2023-49097
zstack — cloudZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation.2023-11-30not yet calculatedCVE-2023-46326
zumtobel — netlink_ccd_onboardZumtobel Netlink CCD Onboard 3.74 – Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.2023-11-29not yet calculatedCVE-2023-23324
 
zumtobel — netlink_ccd_onboardZumtobel Netlink CCD Onboard 3.74 – Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter.2023-11-29not yet calculatedCVE-2023-23325
 
zumtobel — netlink_ccd_onboardZumtobel Netlink CCD Onboard v3.74 – Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.2023-11-29not yet calculatedCVE-2023-24294
 
zyxel — atp_series_firmwareAn integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.2023-11-28not yet calculatedCVE-2023-4398
zyxel — nas326/nas542An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.2023-11-30not yet calculatedCVE-2023-35137

Back to top


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.