🚨 CVE-2023-2812
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
WPScan
Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS
See details on the Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2811
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
🎖@cveNotify
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
🎖@cveNotify
WPScan
AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
See details on AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting CVE 2023-2811. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2805
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
🎖@cveNotify
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
🎖@cveNotify
WPScan
SupportCandy < 3.1.7 - Admin+ SQLi
See details on SupportCandy < 3.1.7 - Admin+ SQLi CVE 2023-2805. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2779
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
🎖@cveNotify
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
🎖@cveNotify
WPScan
Super Socializer < 7.13.52 - Reflected XSS
See details on Super Socializer < 7.13.52 - Reflected XSS CVE 2023-2779. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2751
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
🎖@cveNotify
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
🎖@cveNotify
WPScan
Upload Resume <= 1.2.0 - Captcha Bypass
See details on Upload Resume <= 1.2.0 - Captcha Bypass CVE 2023-2751. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2742
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
🎖@cveNotify
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
🎖@cveNotify
WPScan
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
See details on AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting CVE 2023-2742. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2684
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
WPScan
File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting
See details on the File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2654
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
🎖@cveNotify
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
🎖@cveNotify
WPScan
Conditional Menus < 1.2.1 - Reflected XSS
See details on Conditional Menus < 1.2.1 - Reflected XSS CVE 2023-2654. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2527
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
WPScan
Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi
See details on Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi CVE 2023-2527. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2492
The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
🎖@cveNotify
The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
🎖@cveNotify
WPScan
QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi
See details on QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi CVE 2023-2492. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2401
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
🎖@cveNotify
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
🎖@cveNotify
WPScan
Qubotchat < 1.1.6 – Admin+ Stored XSS
See details on Qubotchat < 1.1.6 – Admin+ Stored XSS CVE 2023-2401. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.
🎖@cveNotify
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.
🎖@cveNotify
🚨 CVE-2019-2390
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22.
🎖@cveNotify
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22.
🎖@cveNotify
🚨 CVE-2019-2388
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
🎖@cveNotify
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
🎖@cveNotify
Mongodb
Ops Manager Server Changelog
👎1
🚨 CVE-2022-48506
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
🎖@cveNotify
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
🎖@cveNotify
🚨 CVE-2022-48491
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
🎖@cveNotify
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
🎖@cveNotify
🚨 CVE-2022-48486
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
🚨 CVE-2023-34162
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.
🎖@cveNotify
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.
🎖@cveNotify
🚨 CVE-2023-34161
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
🎖@cveNotify
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
🎖@cveNotify
🚨 CVE-2023-34160
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
🎖@cveNotify
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
🎖@cveNotify
🚨 CVE-2023-34159
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
🎖@cveNotify
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
🎖@cveNotify