‼️CVE-2023-6733‼️
📖 Read more
Via "National Vulnerability Database"
The WPMembers Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6738‼️
📖 Read more
Via "National Vulnerability Database"
The Page Builder Pagelayer Drag and Drop website builder plugin for WordPress is vulnerable to Stored CrossSite Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributorlevel and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.📖 Read more
Via "National Vulnerability Database"
❤1
‼️CVE-2023-29962‼️
📖 Read more
Via "National Vulnerability Database"
SCMS v5.0 was discovered to contain an arbitrary file read vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52322‼️
📖 Read more
Via "National Vulnerability Database"
ecrirepublicassembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-41784‼️
📖 Read more
Via "National Vulnerability Database"
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50082‼️
📖 Read more
Via "National Vulnerability Database"
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.📖 Read more
Via "National Vulnerability Database"
❤1
‼️CVE-2023-50630‼️
📖 Read more
Via "National Vulnerability Database"
Cross Site Scripting XSS vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-2081‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-3864‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6944‼️
📖 Read more
Via "National Vulnerability Database"
A flaw was found in the Red Hat Developer Hub RHDH. The catalogimport function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7044‼️
📖 Read more
Via "National Vulnerability Database"
The Essential Addons for Elementor Best Elementor Templates, Widgets, Kits WooCommerce Builders plugin for WordPress is vulnerable to Stored CrossSite Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2021-40367‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of usersupplied data when parsing DICOM files. This could result in an outofbounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. ZDICAN15097📖 Read more
Via "National Vulnerability Database"
‼️CVE-2021-42028‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of usersupplied data when parsing BMP files. This could result in an outofbounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. ZDICAN14860📖 Read more
Via "National Vulnerability Database"
‼️CVE-2021-45465‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been identified in syngo fastView All versions. The affected application lacks proper validation of usersupplied data when parsing BMP files. This could result in a writewhatwhere condition and an attacker could leverage this vulnerability to execute code in the context of the current process. ZDICAN15696📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6992‼️
📖 Read more
Via "National Vulnerability Database"
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heapbased buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches The issue has been patched in commit 8352d10 httpsgithub.comcloudflarezlibcommit8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49622‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the materialbill.php?actionitemRelation resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49624‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the materialbill.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49625‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylisteditsubmit.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49633‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyeraddress' parameter of the buyerdetailsubmit.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49639‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customerdetails' parameter of the buyerinvoicesubmit.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49658‼️
📖 Read more
Via "National Vulnerability Database"
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bankdetails' parameter of the partysubmit.php resource does not validate the characters received and they are sent unfiltered to the database. 📖 Read more
Via "National Vulnerability Database"