βΌ CVE-2022-47892 βΌ
π Read
via "National Vulnerability Database".
All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47893 βΌ
π Read
via "National Vulnerability Database".
There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25989 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading toΓ dismiss or the popup.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42508 βΌ
π Read
via "National Vulnerability Database".
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5351 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39923 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <=Γ 7.2.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4098 βΌ
π Read
via "National Vulnerability Database".
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32792 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40210 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <=Γ 4.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40202 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <=Γ 3.4.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5353 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40212 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <=Γ 2.1.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4101 βΌ
π Read
via "National Vulnerability Database".
The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4102 βΌ
π Read
via "National Vulnerability Database".
QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5350 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39159 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <=Γ 2.1.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4103 βΌ
π Read
via "National Vulnerability Database".
QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40198 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <=Γ 3.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4100 βΌ
π Read
via "National Vulnerability Database".
Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32671 βΌ
π Read
via "National Vulnerability Database".
A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4886 βΌ
π Read
via "National Vulnerability Database".
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.π Read
via "National Vulnerability Database".