‼️CVE-2023-4541‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel through 20231229. NOTE The vendor was contacted early about this disclosure but did not respond in any way. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-4674‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Yaztek Software Technologies and Computer Systems ECommerce Software allows SQL Injection.This issue affects ECommerce Software through 20231229. NOTE The vendor was contacted early about this disclosure but did not respond in any way. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-4675‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO through 20231229. NOTE The vendor was contacted early about this disclosure but did not respond in any way. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50570‼️
📖 Read more
Via "National Vulnerability Database"
An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50571‼️
📖 Read more
Via "National Vulnerability Database"
easyrulesmvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component MVELRule.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50572‼️
📖 Read more
Via "National Vulnerability Database"
An issue in the component GroovyEngine.execute of jlinegroovy v3.24.1 allows attackers to cause an OOM OutofMemory error.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51517‼️
📖 Read more
Via "National Vulnerability Database"
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form from na through 1.2.28. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51527‼️
📖 Read more
Via "National Vulnerability Database"
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power Complete AI Pack Powered by GPT4.This issue affects AI Power Complete AI Pack Powered by GPT4 from na through 1.8.2. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51687‼️
📖 Read more
Via "National Vulnerability Database"
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple from na through 1.7.6. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51688‼️
📖 Read more
Via "National Vulnerability Database"
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress from na through 3.3.26. 📖 Read more
Via "National Vulnerability Database"
👍1
‼️CVE-2020-17163‼️
📖 Read more
Via "National Vulnerability Database"
Visual Studio Code Python Extension Remote Code Execution Vulnerability📖 Read more
Via "National Vulnerability Database"
👍1
‼️CVE-2023-51663‼️
📖 Read more
Via "National Vulnerability Database"
Hail is an opensource, generalpurpose, Pythonbased data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to testexample.org. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is example.org. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52137‼️
📖 Read more
Via "National Vulnerability Database"
The tjactionsverifychangedfileshttpsgithub.comtjactionsverifychangedfiles action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The verifychangedfileshttpsgithub.comtjactionsverifychangedfiles workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as which can be used by an attacker to take over the GitHub Runnerhttpsdocs.github.comenactionsusinggithubhostedrunnersaboutgithubhostedrunners if the output value is used in a raw fashion thus being directly replaced before execution inside a run block. By running custom commands, an attacker may be able to steal secrets such as GITHUBTOKEN if triggered on other events than pullrequest. This has been patched in versions 17httpsgithub.comtjactionsverifychangedfilesreleasestagv17 and 17.0.0httpsgithub.comtjactionsverifychangedfilesreleasestagv17.0.0 by enabling safeoutput by default and returning filename paths escaping special characters for bash environments.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52139‼️
📖 Read more
Via "National Vulnerability Database"
Misskey is an open source, decentralized social media platform. Thirdparty applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as kindhttpsgithub.commisskeydevmisskeyblob406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258packagesbackendsrcserverapiendpoints.tsL811 or securehttpsgithub.commisskeydevmisskeyblob406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258packagesbackendsrcserverapiendpoints.tsL805 without the user's permission and perform operations such as reading or adding nonpublic content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak nonpublic user information. This is patched in version 2023.12.1httpsgithub.commisskeydevmisskeycommitc96bc36fedc804dc840ea791a9355d7df0748e64.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7171‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in NovelPlus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file noveladminsrcmainjavacomjava2nbnovelcontrollerFriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB249307.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50035‼️
📖 Read more
Via "National Vulnerability Database"
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50069‼️
📖 Read more
Via "National Vulnerability Database"
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored crosssite scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50070‼️
📖 Read more
Via "National Vulnerability Database"
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in customersupportajax.php?actionsaveticket via departmentid, customerid, and subject.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50071‼️
📖 Read more
Via "National Vulnerability Database"
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in customersupportajax.php?actionsavedepartment via id or name.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52240‼️
📖 Read more
Via "National Vulnerability Database"
The Kantega SAML SSO OIDC Kerberos Single Signon apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Signon for Jira Data Center Server Kantega SSO Enterprise, Kantega SAML SSO OIDC Kerberos Single Signon for Confluence Data Center Server Kantega SSO Enterprise, Kantega SAML SSO OIDC Kerberos Single Signon for Bitbucket Data Center Server Kantega SSO Enterprise, Kantega SAML SSO OIDC Kerberos Single Signon for Bamboo Data Center Server Kantega SSO Enterprise, and Kantega SAML SSO OIDC Kerberos Single Signon for FeCru Server Kantega SSO Enterprise. Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.📖 Read more
Via "National Vulnerability Database"
👍1
‼️CVE-2023-50559‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.📖 Read more
Via "National Vulnerability Database"