Critical
CVE-2023-52262
outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.
Read moreUncategorized 2023
Page 1/24.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2023-12-30
High
CVE-2023-50110
TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.
Read moreMedium
CVE-2023-38023
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to a…
Read moreMedium
CVE-2023-38022
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized i…
Read moreMedium
CVE-2023-38021
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local att…
Read moreMedium
CVE-2023-50559
An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.
Read more2023-12-29
High
CVE-2020-17163
Visual Studio Code Python Extension Remote Code Execution Vulnerability
Read moreHigh
CVE-2023-50571
easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule.
Read moreHigh
CVE-2023-51431
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
Read moreMedium
CVE-2023-31293
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access co…
Read moreLow
CVE-2023-23440
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.
Read moreMedium
CVE-2023-23439
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.
Read moreMedium
CVE-2023-23426
Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.
Read moreMedium
CVE-2023-23424
Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution
Read moreMedium
CVE-2023-23434
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.
Read more2023-12-28
Medium
CVE-2023-45702
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..
Read moreMedium
CVE-2023-51010
An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking.
Read moreHigh
CVE-2023-51006
An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors.
Read more2023-12-27
High
CVE-2023-49002
An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.Out…
Read moreMedium
CVE-2023-51079
A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you c…
Read moreMedium
CVE-2023-51074
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
Read moreHigh
CVE-2023-47882
The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yic…
Read more2023-12-26
High
CVE-2023-5939
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.
Read moreMedium
CVE-2023-51363
VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.
Read moreMedium
CVE-2023-50332
Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own acco…
Read more2023-12-25
Medium
CVE-2023-49944
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating…
Read moreHigh
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow…
Read moreHigh
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 wo…
Read moreMedium
CVE-2023-47247
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.
Read moreCritical
CVE-2023-48654
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium b…
Read moreHigh
CVE-2023-49880
In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. Howe…
Read more2023-12-24
High
CVE-2023-51767
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resis…
Read more2023-12-22
Critical
CVE-2023-51022
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51021
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51020
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51019
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51017
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51013
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51012
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51011
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi
Read moreCritical
CVE-2023-51027
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51024
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi.
Read moreCritical
CVE-2023-51023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.
Read moreHigh
CVE-2023-43088
Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to exec…
Read moreHigh
CVE-2023-42465
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling…
Read more2023-12-21
Critical
CVE-2023-50477
An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js.
Read moreMedium
CVE-2023-47093
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.
Read moreMedium
CVE-2023-45703
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
Read moreMedium
CVE-2023-41166
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know i…
Read more2023-12-20
Medium
CVE-2022-44684
Windows Local Session Manager (LSM) Denial of Service Vulnerability
Read moreMedium
CVE-2023-3742
Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium s…
Read moreCritical
CVE-2023-45887
DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message.
Read more2023-12-19
High
CVE-2023-49147
An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows…
Read moreCritical
CVE-2023-46266
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
Read moreCritical
CVE-2021-22962
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
Read moreMedium
CVE-2023-6872
Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.
Read moreMedium
CVE-2023-6871
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.
Read moreMedium
CVE-2023-6870
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox…
Read moreMedium
CVE-2023-6869
A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerabilit…
Read moreMedium
CVE-2023-6868
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthori…
Read moreMedium
CVE-2023-6865
`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode.…
Read moreHigh
CVE-2023-6863
The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thun…
Read moreMedium
CVE-2023-6860
The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 1…
Read moreMedium
CVE-2023-50762
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the…
Read moreMedium
CVE-2023-50761
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the mess…
Read more2023-12-18
High
CVE-2023-6295
The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to…
Read moreMedium
CVE-2023-6289
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
Read moreHigh
CVE-2023-6203
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request
Read moreMedium
CVE-2023-6077
The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, s…
Read moreMedium
CVE-2023-6065
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code
Read moreHigh
CVE-2023-4724
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacke…
Read moreMedium
CVE-2023-51384
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these const…
Read moreHigh
CVE-2023-50980
gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the poly…
Read more2023-12-16
High
CVE-2023-39340
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
Read moreMedium
CVE-2021-42794
An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary t…
Read moreCritical
CVE-2020-17485
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run command…
Read moreHigh
CVE-2020-17483
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at po…
Read more2023-12-15
Low
CVE-2023-28022
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
Read moreCritical
CVE-2023-50918
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
Read moreCritical
CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being…
Read moreMedium
CVE-2023-6832
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
Read moreMedium
CVE-2023-36878
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Read more2023-12-14
Critical
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standar…
Read moreHigh
CVE-2023-4694
Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header.
Read moreCritical
CVE-2023-47261
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database…
Read moreHigh
CVE-2023-50011
PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.
Read moreHigh
CVE-2023-49739
Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23.
Read moreHigh
CVE-2023-49938
An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open fi…
Read moreHigh
CVE-2023-41720
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting…
Read moreHigh
CVE-2023-41719
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
Read more2023-12-13
High
CVE-2023-45174
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.
Read moreHigh
CVE-2023-45170
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.
Read moreHigh
CVE-2023-45166
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.
Read moreMedium
CVE-2023-50443
Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UN…
Read moreMedium
CVE-2023-50442
Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (…
Read moreMedium
CVE-2023-50439
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q…
Read moreMedium
CVE-2023-50441
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to…
Read moreMedium
CVE-2023-6791
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations…
Read moreHigh
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary f…
Read moreMedium
CVE-2023-6762
A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The man…
Read moreMedium
CVE-2023-6760
A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated re…
Read moreMedium
CVE-2023-47327
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by nav…
Read moreHigh
CVE-2023-47323
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those…
Read moreMedium
CVE-2023-47321
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.
Read moreMedium
CVE-2023-6660
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy…
Read moreHigh
CVE-2023-6534
In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TC…
Read moreMedium
CVE-2023-47574
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled.
Read more2023-12-12
Medium
CVE-2023-34064
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain acc…
Read moreHigh
CVE-2023-36010
Microsoft Defender Denial of Service Vulnerability
Read moreMedium
CVE-2023-36009
Microsoft Word Information Disclosure Vulnerability
Read moreHigh
CVE-2023-35631
Win32k Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-44543
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form).…
Read moreMedium
CVE-2015-2179
The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.
Read moreMedium
CVE-2023-50495
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
Read moreHigh
CVE-2020-12612
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefor…
Read moreHigh
CVE-2023-41118
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authen…
Read moreMedium
CVE-2023-41116
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authentic…
Read moreMedium
CVE-2023-41115
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE,…
Read moreMedium
CVE-2023-41114
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functi…
Read moreMedium
CVE-2023-41113
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authentic…
Read more