βΌ CVE-2023-5585 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40378 βΌ
π Read
via "National Vulnerability Database".
IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5586 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25091 βΌ
π Read
via "National Vulnerability Database".
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).π Read
via "National Vulnerability Database".
βΌ CVE-2023-38312 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5589 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242188.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5588 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5587 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5590 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48612 βΌ
π Read
via "National Vulnerability Database".
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5591 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40377 βΌ
π Read
via "National Vulnerability Database".
Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40790 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33836 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43666 βΌ
π Read
via "National Vulnerability Database".
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,Γ General user can view all user data like Admin account.Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.[1]Γ https://github.com/apache/inlong/pull/8623π Read
via "National Vulnerability Database".
βΌ CVE-2023-45273 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <=Γ 1.2.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45274 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <=Γ 1.3.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36953 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4834 βΌ
π Read
via "National Vulnerability Database".
In Red Lion EuropeΓ mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 anΓ improperly implemented access validation allows an authenticated, low privilegedΓ attacker to gain read access to limited, non-critical device information in his account he should not have access to.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36950 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3392 βΌ
π Read
via "National Vulnerability Database".
The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.π Read
via "National Vulnerability Database".