‼ CVE-2023-2714 ‼
📖 Read
via "National Vulnerability Database".
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2717 ‼
📖 Read
via "National Vulnerability Database".
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2713 ‼
📖 Read
via "National Vulnerability Database".
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2712 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1696 ‼
📖 Read
via "National Vulnerability Database".
The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1694 ‼
📖 Read
via "National Vulnerability Database".
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1692 ‼
📖 Read
via "National Vulnerability Database".
The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1693 ‼
📖 Read
via "National Vulnerability Database".
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33244 ‼
📖 Read
via "National Vulnerability Database".
Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32700 ‼
📖 Read
via "National Vulnerability Database".
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47134 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <=Â 1.5 versions.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-22689 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <=Â 6.3 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23890 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <=Â 3.2 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32589 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <=Â 1.0.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24414 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <=Â 3.2.11 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2826 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33252 ‼
📖 Read
via "National Vulnerability Database".
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36694 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33254 ‼
📖 Read
via "National Vulnerability Database".
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0010 ‼
📖 Read
via "National Vulnerability Database".
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22714 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <=Â 1.7.10 versions.📖 Read
via "National Vulnerability Database".