🚨 CVE-2023-2654
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
🎖@cveNotify
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
🎖@cveNotify
WPScan
Conditional Menus < 1.2.1 - Reflected XSS
See details on Conditional Menus < 1.2.1 - Reflected XSS CVE 2023-2654. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2527
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
🎖@cveNotify
WPScan
Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi
See details on Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi CVE 2023-2527. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2492
The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
🎖@cveNotify
The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
🎖@cveNotify
WPScan
QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi
See details on QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi CVE 2023-2492. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-2401
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
🎖@cveNotify
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
🎖@cveNotify
WPScan
Qubotchat < 1.1.6 – Admin+ Stored XSS
See details on Qubotchat < 1.1.6 – Admin+ Stored XSS CVE 2023-2401. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.
🎖@cveNotify
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22.
🎖@cveNotify
🚨 CVE-2019-2390
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22.
🎖@cveNotify
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22.
🎖@cveNotify
🚨 CVE-2019-2388
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
🎖@cveNotify
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
🎖@cveNotify
Mongodb
Ops Manager Server Changelog
👎1
🚨 CVE-2022-48506
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
🎖@cveNotify
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
🎖@cveNotify
🚨 CVE-2022-48491
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
🎖@cveNotify
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
🎖@cveNotify
🚨 CVE-2022-48486
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
🚨 CVE-2023-34162
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.
🎖@cveNotify
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.
🎖@cveNotify
🚨 CVE-2023-34161
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
🎖@cveNotify
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
🎖@cveNotify
🚨 CVE-2023-34160
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
🎖@cveNotify
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
🎖@cveNotify
🚨 CVE-2023-34159
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
🎖@cveNotify
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
🎖@cveNotify
🚨 CVE-2023-34158
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
🎖@cveNotify
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
🎖@cveNotify
🚨 CVE-2023-34156
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.
🎖@cveNotify
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.
🎖@cveNotify
🚨 CVE-2023-34155
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.
🎖@cveNotify
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.
🎖@cveNotify
🚨 CVE-2022-48501
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
🚨 CVE-2022-48500
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
🚨 CVE-2022-48499
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
🚨 CVE-2022-48498
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
🎖@cveNotify