‼ CVE-2021-42081 ‼
📖 Read
via "National Vulnerability Database".
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30448 ‼
📖 Read
via "National Vulnerability Database".
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3118 ‼
📖 Read
via "National Vulnerability Database".
The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23993 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <=Â 11.1.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23869 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <=Â 1.6.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27540 ‼
📖 Read
via "National Vulnerability Database".
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2026 ‼
📖 Read
via "National Vulnerability Database".
The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28986 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <=Â 2.9.20 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-3560 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack may be launched remotely. VDB-233354 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1183 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35697 ‼
📖 Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4could allow a remote attacker to brute-force user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42082 ‼
📖 Read
via "National Vulnerability Database".
Local users are able to execute scripts under root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3562 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37706 ‼
📖 Read
via "National Vulnerability Database".
Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2964 ‼
📖 Read
via "National Vulnerability Database".
The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3561 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233355. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1780 ‼
📖 Read
via "National Vulnerability Database".
The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1902 ‼
📖 Read
via "National Vulnerability Database".
The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28958 ‼
📖 Read
via "National Vulnerability Database".
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22673 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <=Â 1.0.29.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2029 ‼
📖 Read
via "National Vulnerability Database".
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)📖 Read
via "National Vulnerability Database".