βΌ CVE-2023-31581 βΌ
π Read
via "National Vulnerability Database".
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38485 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26574 βΌ
π Read
via "National Vulnerability Database".
Missing authentication in the SearchStudents method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3112 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26569 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26575 βΌ
π Read
via "National Vulnerability Database".
Missing authentication in the SearchStudentsStaff method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26219 βΌ
π Read
via "National Vulnerability Database".
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk ConsoleΓ’β¬β’s and AgentΓ’β¬β’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46191 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <=Γ 1.4.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42842 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46120 βΌ
π Read
via "National Vulnerability Database".
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5732 βΌ
π Read
via "National Vulnerability Database".
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36085 βΌ
π Read
via "National Vulnerability Database".
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46189 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar Γ’β¬β Google Calendar Plugin <=Γ 3.2.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37908 βΌ
π Read
via "National Vulnerability Database".
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40405 βΌ
π Read
via "National Vulnerability Database".
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45220 βΌ
π Read
via "National Vulnerability Database".
The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39816 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5740 βΌ
π Read
via "National Vulnerability Database".
The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5730 βΌ
π Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27377 βΌ
π Read
via "National Vulnerability Database".
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46071 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos ProtecciΓΒ³n de Datos RGPD plugin <=Γ 3.1.0 versions.π Read
via "National Vulnerability Database".