‼ CVE-2023-1694 ‼
📖 Read
via "National Vulnerability Database".
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1692 ‼
📖 Read
via "National Vulnerability Database".
The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1693 ‼
📖 Read
via "National Vulnerability Database".
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33244 ‼
📖 Read
via "National Vulnerability Database".
Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32700 ‼
📖 Read
via "National Vulnerability Database".
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47134 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <=Â 1.5 versions.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-22689 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <=Â 6.3 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23890 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <=Â 3.2 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32589 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <=Â 1.0.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24414 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <=Â 3.2.11 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2826 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33252 ‼
📖 Read
via "National Vulnerability Database".
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36694 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33254 ‼
📖 Read
via "National Vulnerability Database".
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0010 ‼
📖 Read
via "National Vulnerability Database".
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22714 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <=Â 1.7.10 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33297 ‼
📖 Read
via "National Vulnerability Database".
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33235 ‼
📖 Read
via "National Vulnerability Database".
MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22709 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <=Â 1.1.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23813 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <=Â 3.4.3 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23712 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <=Â 3.4.9 versions.📖 Read
via "National Vulnerability Database".