‼️CVE-2023-50350‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50351‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45722‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45723‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path including the file name where these files are stored on the server. 📖 Read more
Via "National Vulnerability Database"
👍1
‼️CVE-2023-45724‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50341‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by Improper Access Control Obsolete web pages vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information andor exposing a vulnerable endpoint. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50342‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50343‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by an Improper Access Control Controller APIs vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50344‼️
📖 Read more
Via "National Vulnerability Database"
HCL DRYiCE MyXalytics is impacted by improper access control Unauthenticated File Download vulnerability. An unauthenticated user can download certain files. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-46308‼️
📖 Read more
Via "National Vulnerability Database"
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6629‼️
📖 Read more
Via "National Vulnerability Database"
The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected CrossSite Scripting via the msg parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7027‼️
📖 Read more
Via "National Vulnerability Database"
The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored CrossSite Scripting via the device header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-42358‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered in ORAN Software Community ricplte2mgr in the GRelease environment, allows remote attackers to cause a denial of service DoS via a crafted request to the E2Manager API component.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6524‼️
📖 Read more
Via "National Vulnerability Database"
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored CrossSite Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6600‼️
📖 Read more
Via "National Vulnerability Database"
The OMGF GDPRDSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored CrossSite Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject CrossSite Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6980‼️
📖 Read more
Via "National Vulnerability Database"
The WP SMS Messaging SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to CrossSite Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wpsmssubscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6981‼️
📖 Read more
Via "National Vulnerability Database"
The WP SMS Messaging SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributorlevel access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected Crosssite Scripting.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-47473‼️
📖 Read more
Via "National Vulnerability Database"
Directory Traversal vulnerability in fuwushe.org iFair versions 23.8ad0 and before allows an attacker to obtain sensitive information via a crafted script.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6986‼️
📖 Read more
Via "National Vulnerability Database"
The EmbedPress Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps Any Documents in Gutenberg Elementor plugin for WordPress is vulnerable to Stored CrossSite Scripting via the plugin's embedoembedhtml shortcode in all versions up to 3.9.5 exclusive due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributorlevel and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50922‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontabformatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300NV2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0207‼️
📖 Read more
Via "National Vulnerability Database"
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file📖 Read more
Via "National Vulnerability Database"