‼ CVE-2023-43981 ‼
📖 Read
via "National Vulnerability Database".
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43284 ‼
📖 Read
via "National Vulnerability Database".
An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43983 ‼
📖 Read
via "National Vulnerability Database".
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40556 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <=Â 5.2 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-45245 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4530 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44758 ‼
📖 Read
via "National Vulnerability Database".
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4469 ‼
📖 Read
via "National Vulnerability Database".
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45244 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45246 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44771 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40008 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=Â 2.3.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27448 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <=Â 2.8.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44765 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47175 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <=Â 1.3.75 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44764 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44762 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36465 ‼
📖 Read
via "National Vulnerability Database".
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40671 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <=Â 1.4.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44761 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25033 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <=Â 4.5 versions.📖 Read
via "National Vulnerability Database".