7-card — fakabao A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7183
[email protected]
[email protected]
[email protected] 7-card — fakabao A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249386 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7184
[email protected]
[email protected]
[email protected] 7-card — fakabao A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249387. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7185
[email protected]
[email protected]
[email protected] 7-card — fakabao A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7186
[email protected]
[email protected]
[email protected] amazon-ion — ion-java Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with. 2024-01-03 7.5 CVE-2024-21634
[email protected] apache — dolphinscheduler Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue. 2023-12-30 8.8 CVE-2023-49299
[email protected]
[email protected] apktool — apktool Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files’ output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either username is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue. 2024-01-03 7.8 CVE-2024-21633
[email protected]
[email protected] campcodes — chic_beauty_salon A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability. 2023-12-29 8.8 CVE-2023-7150
[email protected]
[email protected]
[email protected]
[email protected] campcodes — online_college_library_system A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7156
[email protected]
[email protected]
[email protected] campcodes — online_college_library_system A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability. 2023-12-30 7.2 CVE-2023-7178
[email protected]
[email protected]
[email protected] campcodes — online_college_library_system A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249363. 2023-12-30 8.8 CVE-2023-7176
[email protected]
[email protected]
[email protected] campcodes — online_college_library_system A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249364. 2023-12-30 8.8 CVE-2023-7177
[email protected]
[email protected]
[email protected] campcodes — online_college_library_system A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability. 2023-12-30 8.8 CVE-2023-7179
[email protected]
[email protected]
[email protected] cesanta — mjs An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. 2024-01-02 7.5 CVE-2023-49550
[email protected] cesanta — mjs An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. 2024-01-02 7.5 CVE-2023-49551
[email protected] cloudflare,_inc. — miniflare Sending specially crafted HTTP requests to Miniflare’s server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. 2023-12-29 8.1 CVE-2023-7078
[email protected]
[email protected] cloudflare,_inc. — wrangler The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev –remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in [email protected] and [email protected]. Whilst wrangler dev’s inspector server listens on local interfaces by default as of [email protected], an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7  (CVE-2023-7078) allowed access from the local network until [email protected]. [email protected] and [email protected] introduced validation for the Origin/Host headers. 2023-12-29 8 CVE-2023-7080
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144. 2023-12-29 9.8 CVE-2023-7141
[email protected]
[email protected]
[email protected] code-projects — client_details_system A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7142
[email protected]
[email protected]
[email protected] code-projects — college_notes_gallery A vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument user leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249133 was assigned to this vulnerability. 2023-12-31 8.8 CVE-2023-7130
[email protected]
[email protected]
[email protected] codeastro — online_food_ordering_system A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. 2024-01-05 7.3 CVE-2024-0247
[email protected]
[email protected]
[email protected] coolkit_technology — ewelink-smart_home_for_android_and_ios Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass. This issue affects eWeLink before 5.2.0. 2023-12-30 7.7 CVE-2023-6998
[email protected]
[email protected]
[email protected] dedebiz — dedebiz A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-30 7.2 CVE-2023-7181
[email protected]
[email protected]
[email protected] documize — documize SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. 2023-12-29 9.8 CVE-2023-23634
[email protected] easy-rules-mvel — easy-rules-mvel easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. 2023-12-29 7.8 CVE-2023-50571
[email protected] ekol_informatics — website_template Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. 2024-01-02 9.8 CVE-2023-6436
[email protected] embras — geosiap_erp Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. 2023-12-30 9.8 CVE-2023-50589
[email protected]
[email protected]
[email protected] flarum — flarum Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. 2024-01-05 7.5 CVE-2024-21641
[email protected]
[email protected]
[email protected] follow-redirects — follow-redirects Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. 2024-01-02 7.3 CVE-2023-26159
[email protected]
[email protected]
[email protected] froxlor — froxlor Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue. 2024-01-03 7.5 CVE-2023-50256
[email protected]
[email protected]
[email protected] gm_information_technologies — multi-disciplinary_design_optimization Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4675
[email protected] google — android In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895). 2024-01-02 7.5 CVE-2023-32889
[email protected] google — google_nest_mini An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege  2024-01-02 10 CVE-2023-48419
[email protected] google — pixel_watch  In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation 2024-01-02 10 CVE-2023-48418
[email protected] google — pixel_watch There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. 2024-01-02 8.4 CVE-2023-4164
[email protected] google — wifi_pro Google Nest WiFi Pro root code-execution & user-data compromise 2024-01-02 10 CVE-2023-6339
[email protected] hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.  The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application. 2024-01-03 8.8 CVE-2023-45722
[email protected] hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. 2024-01-03 8.2 CVE-2023-45724
[email protected] hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. 2024-01-03 8.3 CVE-2023-50343
[email protected] hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. 2024-01-03 8.2 CVE-2023-50350
[email protected] hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. 2024-01-03 8.2 CVE-2023-50351
[email protected] hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server. 2024-01-03 7.6 CVE-2023-45723
[email protected] hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a “Missing Access Control” vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint. 2024-01-03 7.6 CVE-2023-50341
[email protected] hcl_software — dryice_myxalytics HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A user can obtain certain details about another user as a result of improper access control. 2024-01-03 7.1 CVE-2023-50342
[email protected] hihonor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7.5 CVE-2023-23427
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7.5 CVE-2023-23428
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7.5 CVE-2023-23429
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file 2023-12-29 7.1 CVE-2023-23435
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file 2023-12-29 7.1 CVE-2023-23436
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-23442
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-23443
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51426
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51427
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_os Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51428
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_ui Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. 2023-12-29 7.8 CVE-2023-51434
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magic_ui Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. 2023-12-29 7.1 CVE-2023-51435
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — magichome Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. 2023-12-29 7.5 CVE-2023-23430
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — nth-an00_firmware Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution 2023-12-29 9.8 CVE-2023-23424
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — nth-an00_firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. 2023-12-29 7.1 CVE-2023-23431
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — nth-an00_firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. 2023-12-29 7.1 CVE-2023-23432
3836d913-7555-4dd0-a509-f5667fdf5fe4 hihonor — nth-an00_firmware Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. 2023-12-29 7.1 CVE-2023-23433
3836d913-7555-4dd0-a509-f5667fdf5fe4 hitachi_energy — rtu500_series_cmu_firmware A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function. 2024-01-04 7.5 CVE-2022-2081
[email protected] hospital_management_system — hospital_management_system A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356. 2023-12-30 7.3 CVE-2023-7172
[email protected]
[email protected]
[email protected]
[email protected] jeecg — jeecg_boot SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. 2023-12-30 9.8 CVE-2023-41542
[email protected] jeecg — jeecg_boot SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. 2023-12-30 9.8 CVE-2023-41543
[email protected]
[email protected] jeecg — jeecg_boot SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. 2023-12-30 9.8 CVE-2023-41544
[email protected] kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘itemnameid’ parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49622
[email protected]
[email protected] kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘cancelid’ parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49624
[email protected]
[email protected] kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49625
[email protected]
[email protected] kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘buyer_address’ parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49633
[email protected]
[email protected] kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘customer_details’ parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49639
[email protected]
[email protected] kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘bank_details’ parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49658
[email protected]
[email protected] kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘quantity[]’ parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49665
[email protected]
[email protected] kashipara_group — billing_software Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘custmer_details’ parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-49666
[email protected]
[email protected] kashipara_group — online_notice_board_system Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘dd’ parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50743
[email protected]
[email protected] kashipara_group — online_notice_board_system Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘e’ parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50752
[email protected]
[email protected] kashipara_group — online_notice_board_system Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘dd’ parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50753
[email protected]
[email protected] kashipara_group — online_notice_board_system Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the ‘f’ parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 2024-01-04 8.8 CVE-2023-50760
[email protected]
[email protected] kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelIDHidden’ parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50862
[email protected]
[email protected] kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelIDHidden’ parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50863
[email protected]
[email protected] kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘hotelId’ parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50864
[email protected]
[email protected] kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘city’ parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50865
[email protected]
[email protected] kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50866
[email protected]
[email protected] kashipara_group — travel_website Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. 2024-01-04 9.8 CVE-2023-50867
[email protected]
[email protected] laf — laf Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist. 2024-01-03 9.6 CVE-2023-50253
[email protected]
[email protected] lenovo — universal_device_client Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. 2024-01-03 7.8 CVE-2023-6338
[email protected] linux — kernel A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial-of-service condition or potential code execution. 2024-01-04 7 CVE-2023-6270
[email protected]
[email protected] linux — kernel A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. 2024-01-02 7.8 CVE-2024-0193
[email protected]
[email protected] man-group — dtale D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users. 2024-01-05 7.5 CVE-2024-21642
[email protected]
[email protected]
[email protected] masterlab — masterlab A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147. 2023-12-29 9.8 CVE-2023-7144
[email protected]
[email protected]
[email protected] masterlab — masterlab A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148. 2023-12-29 9.8 CVE-2023-7145
[email protected]
[email protected]
[email protected] masterlab — masterlab A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7146
[email protected]
[email protected]
[email protected] masterlab — masterlab A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7147
[email protected]
[email protected]
[email protected] masterlab — masterlab A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7159
[email protected]
[email protected]
[email protected]
[email protected] mattermost — mattermost Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. 2023-12-29 8.8 CVE-2023-7114
[email protected] mediatek — lr13 In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893). 2024-01-02 9.8 CVE-2023-32874
[email protected] mediatek — lr13 In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963). 2024-01-02 7.5 CVE-2023-32890
[email protected] mediatek — nr15 In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. 2024-01-02 7.5 CVE-2023-32886
[email protected] mediatek — nr15 In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892). 2024-01-02 7.5 CVE-2023-32887
[email protected] mediatek — nr15 In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894). 2024-01-02 7.5 CVE-2023-32888
[email protected] micropython — micropython A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. 2023-12-29 9.8 CVE-2023-7152
[email protected]
[email protected]
[email protected]
[email protected] micropython — micropython A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. 2023-12-29 9.8 CVE-2023-7158
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] microsoft — python_extension Visual Studio Code Python Extension Remote Code Execution Vulnerability 2023-12-29 7.8 CVE-2020-17163
[email protected] misskey — misskey Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user’s permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64). 2023-12-29 9.6 CVE-2023-52139
[email protected]
[email protected] mtab — bookmark A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.1 CVE-2023-7193
[email protected]
[email protected]
[email protected] netentsec — application_security_gateway_firmware A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183. 2023-12-29 9.8 CVE-2023-7161
[email protected]
[email protected]
[email protected] omniauth-microsoft_graph — omniauth-microsoft_graph omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue. 2024-01-02 8.6 CVE-2024-21632
[email protected]
[email protected]
[email protected] otclient — otclient OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient “`Analysis – SonarCloud`” workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue. 2024-01-02 9.8 CVE-2024-21623
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] paddlepaddle — paddlepaddle Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. 2024-01-03 9.8 CVE-2023-52304
[email protected] paddlepaddle — paddlepaddle Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. 2024-01-03 9.8 CVE-2023-52307
[email protected] paddlepaddle — paddlepaddle Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. 2024-01-03 9.8 CVE-2023-52309
[email protected] paddlepaddle — paddlepaddle PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. 2024-01-03 9.8 CVE-2023-52310
[email protected] paddlepaddle — paddlepaddle PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. 2024-01-03 9.8 CVE-2023-52311
[email protected] paddlepaddle — paddlepaddle PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. 2024-01-03 9.8 CVE-2023-52314
[email protected] paddlepaddle — paddlepaddle FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38674
[email protected] paddlepaddle — paddlepaddle FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38675
[email protected] paddlepaddle — paddlepaddle Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38676
[email protected] paddlepaddle — paddlepaddle FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38677
[email protected] paddlepaddle — paddlepaddle OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-38678
[email protected] paddlepaddle — paddlepaddle Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52302
[email protected] paddlepaddle — paddlepaddle Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52303
[email protected] paddlepaddle — paddlepaddle FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52305
[email protected] paddlepaddle — paddlepaddle FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52306
[email protected] paddlepaddle — paddlepaddle FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52308
[email protected] paddlepaddle — paddlepaddle Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52312
[email protected] paddlepaddle — paddlepaddle FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. 2024-01-03 7.5 CVE-2023-52313
[email protected] pandorafms — pandora_fms Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. 2023-12-29 8.8 CVE-2023-44088
[email protected] perl — perl A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. 2024-01-02 7.8 CVE-2023-47039
[email protected]
[email protected]
[email protected] poly — multiple_products A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256. 2023-12-29 7.5 CVE-2023-4463
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] poly — multiple_products A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability. 2023-12-29 7.2 CVE-2023-4464
[email protected]
[email protected]
[email protected]
[email protected] poly — trio_8800/trio_c60 A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability. 2023-12-29 7.6 CVE-2023-4468
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] prestashop — prestashop PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`. 2024-01-02 8.1 CVE-2024-21627
[email protected]
[email protected]
[email protected] priva — topcontrol_suite The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite. 2024-01-02 7.5 CVE-2022-3010
[email protected]
[email protected]
[email protected] qnap_systems_inc. — qts/quts_hero A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later 2024-01-05 7.5 CVE-2023-39296
[email protected] qnap_systems_inc. — qumagie An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later 2024-01-05 7.4 CVE-2023-47560
[email protected] qnap_systems_inc. — video_station An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later 2024-01-05 8.8 CVE-2023-41288
[email protected] qualcomm,_inc. — snapdragon Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call. 2024-01-02 9.8 CVE-2023-33025
[email protected] qualcomm,_inc. — snapdragon Memory corruption in HLOS while running playready use-case. 2024-01-02 9.3 CVE-2023-33030
[email protected] qualcomm,_inc. — snapdragon Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. 2024-01-02 9.3 CVE-2023-33032
[email protected] qualcomm,_inc. — snapdragon Memory corruption in Audio during playback with speaker protection. 2024-01-02 8.4 CVE-2023-33033
[email protected] qualcomm,_inc. — snapdragon Memory corruption while running VK synchronization with KASAN enabled. 2024-01-02 8.4 CVE-2023-33094
[email protected] qualcomm,_inc. — snapdragon Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued. 2024-01-02 8.4 CVE-2023-33108
[email protected] qualcomm,_inc. — snapdragon Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. 2024-01-02 8.4 CVE-2023-33113
[email protected] qualcomm,_inc. — snapdragon Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time. 2024-01-02 8.4 CVE-2023-33114
[email protected] qualcomm,_inc. — snapdragon Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP. 2024-01-02 8.4 CVE-2023-43514
[email protected] qualcomm,_inc. — snapdragon Information disclosure in Core services while processing a Diag command. 2024-01-02 7.6 CVE-2023-33014
[email protected] qualcomm,_inc. — snapdragon Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call. 2024-01-02 7.1 CVE-2023-33036
[email protected] qualcomm,_inc. — snapdragon Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. 2024-01-02 7.1 CVE-2023-33037
[email protected] qualcomm,_inc. — snapdragon Transient DOS in Data Modem during DTLS handshake. 2024-01-02 7.5 CVE-2023-33040
[email protected] qualcomm,_inc. — snapdragon Transient DOS in WLAN Firmware while parsing a BTM request. 2024-01-02 7.5 CVE-2023-33062
[email protected] qualcomm,_inc. — snapdragon Memory corruption in wearables while processing data from AON. 2024-01-02 7.8 CVE-2023-33085
[email protected] qualcomm,_inc. — snapdragon Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host. 2024-01-02 7.5 CVE-2023-33109
[email protected] qualcomm,_inc. — snapdragon The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback – PCM close and reset session index causing memory corruption. 2024-01-02 7.8 CVE-2023-33110
[email protected] qualcomm,_inc. — snapdragon Transient DOS when WLAN firmware receives “reassoc response” frame including RIC_DATA element. 2024-01-02 7.5 CVE-2023-33112
[email protected] qualcomm,_inc. — snapdragon Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver. 2024-01-02 7.5 CVE-2023-33116
[email protected] qualcomm,_inc. — snapdragon Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. 2024-01-02 7.8 CVE-2023-33117
[email protected] qualcomm,_inc. — snapdragon Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. 2024-01-02 7.8 CVE-2023-33118
[email protected] qualcomm,_inc. — snapdragon Memory corruption in Audio when memory map command is executed consecutively in ADSP. 2024-01-02 7.8 CVE-2023-33120
[email protected] qualcomm,_inc. — snapdragon Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. 2024-01-02 7.5 CVE-2023-43511
[email protected] qualcomm,_inc. — snapdragon Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer. 2024-01-02 7.5 CVE-2023-43512
[email protected] red_hat — red_hat_developer_hub A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. 2024-01-04 7.3 CVE-2023-6944
[email protected]
[email protected] s-cms — s-cms A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7189
[email protected]
[email protected]
[email protected] s-cms — s-cms A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7190
[email protected]
[email protected]
[email protected] s-cms — s-cms A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7191
[email protected]
[email protected]
[email protected] scone — scone Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. 2023-12-30 7.8 CVE-2022-46487
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] shifuml — shifu A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151. 2023-12-29 8.1 CVE-2023-7148
[email protected]
[email protected]
[email protected] shipping_100_fahuo100 — shipping_100_fahuo100 A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-249390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.1 CVE-2023-7188
[email protected]
[email protected]
[email protected] sidequestvr — sidequest SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly. 2024-01-04 8.8 CVE-2024-21625
[email protected] siemens — syngo_fastview A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097) 2024-01-04 7.8 CVE-2021-40367
[email protected] siemens — syngo_fastview A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860) 2024-01-04 7.8 CVE-2021-42028
[email protected] siemens — syngo_fastview A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696) 2024-01-04 7.8 CVE-2021-45465
[email protected] silicon_labs — gecko_sdk An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. 2024-01-02 9.3 CVE-2023-4280
[email protected]
[email protected] small_crm — small_crm PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of “password” parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed. 2023-12-29 9.8 CVE-2023-50035
[email protected] sourcecodester — customer_support_system Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. 2023-12-29 8.8 CVE-2023-50070
[email protected]
[email protected] sourcecodester — customer_support_system Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. 2023-12-29 8.8 CVE-2023-50071
[email protected]
[email protected] sourcecodester — engineers_online_portal A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440. 2024-01-01 7.3 CVE-2024-0182
[email protected]
[email protected] sourcecodester — free_and_open_source_inventory_management_system A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179. 2023-12-29 9.8 CVE-2023-7157
[email protected]
[email protected]
[email protected] sourcecodester — free_and_open_source_inventory_management_system A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability. 2023-12-29 8.8 CVE-2023-7155
[email protected]
[email protected]
[email protected] sqlite — sqlite3 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. 2023-12-29 9.8 CVE-2023-7104
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] tencent — tencent_distributed_sql Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. 2023-12-31 7.5 CVE-2023-52286
[email protected] testlink — testlink TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. 2023-12-30 7.5 CVE-2023-50110
[email protected] tj-actions — verify-changed-files The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`. This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments. 2023-12-29 7.7 CVE-2023-52137
[email protected]
[email protected]
[email protected] totolink — n350rt_firmware A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7187
[email protected]
[email protected]
[email protected] totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. 2023-12-30 9.8 CVE-2023-51133
[email protected]
[email protected] totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. 2023-12-30 9.8 CVE-2023-51135
[email protected]
[email protected] totolink — x2000r_firmware TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. 2023-12-30 9.8 CVE-2023-51136
[email protected]
[email protected] totolink — x6000r_firmware TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. 2023-12-30 9.8 CVE-2023-50651
[email protected]
[email protected] unified_remote — unified_remote Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. 2023-12-30 9.8 CVE-2023-52252
[email protected]
[email protected] ween_software — admin_panel Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4541
[email protected] wireshark_foundation — wireshark HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0207
[email protected]
[email protected] wireshark_foundation — wireshark GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0208
[email protected]
[email protected] wireshark_foundation — wireshark IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0209
[email protected]
[email protected] wireshark_foundation — wireshark Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0210
[email protected]
[email protected] wireshark_foundation — wireshark DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file 2024-01-03 7.8 CVE-2024-0211
[email protected]
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin. This issue affects JS Help Desk – Best Help Desk & Support Plugin through 2.7.1. 2024-01-05 10 CVE-2022-46839
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN. This issue affects WP MLM SOFTWARE PLUGIN through 4.0. 2023-12-29 10 CVE-2023-51475
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in David F. Carr RSVPMaker. This issue affects RSVPMaker through 10.6.6. 2023-12-29 9.8 CVE-2023-25054
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps. This issue affects Frontend Admin by DynamiApps through 3.18.3. 2023-12-29 9.8 CVE-2023-51411
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms. This issue affects Piotnet Forms through 1.0.25. 2023-12-29 9.8 CVE-2023-51412
[email protected] wordpress — wordpress Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters. This issue affects EnvíaloSimple: Email Marketing y Newslettersthrough 2.1. 2023-12-29 9.8 CVE-2023-51414
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome. This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome through 1.11.10.7. 2023-12-29 9.8 CVE-2023-51419
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2. 2023-12-29 9.9 CVE-2023-51421
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0. 2023-12-31 9.8 CVE-2023-51423
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site through 3.10.1. 2023-12-29 9.8 CVE-2023-51468
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mestres do WP Checkout Mestres WP. This issue affects Checkout Mestres WP through 7.1.9.6. 2023-12-31 9.8 CVE-2023-51469
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin. This issue affects TerraClassifieds – Simple Classifieds Plugin through 2.0.3. 2023-12-29 9.8 CVE-2023-51473
[email protected] wordpress — wordpress Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store. This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store through 1.0.6. 2023-12-29 9.8 CVE-2023-51505
[email protected] wordpress — wordpress Deserialization of Untrusted Data vulnerability in Presslabs Theme per user. This issue affects Theme per userthrough 1.0.1. 2023-12-31 9.8 CVE-2023-52181
[email protected] wordpress — wordpress Missing Authorization vulnerability in Anders Thorborg. This issue affects Anders Thorborg through 1.4.12. 2023-12-29 8.8 CVE-2023-22676
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in BinaryStash WP Booklet. This issue affects WP Booklet through 2.1.8. 2023-12-29 8.8 CVE-2023-22677
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Milan Dini? Rename Media Files. This issue affects Rename Media Files through 1.0.1. 2023-12-29 8.8 CVE-2023-32095
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor through 2.6.10. 2023-12-31 8.8 CVE-2023-39157
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in TienCOP WP EXtra. This issue affects WP EXtra through 6.2. 2023-12-29 8.8 CVE-2023-46623
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Qode Interactive Qode Essential Addons. This issue affects Qode Essential Addons through 1.5.2. 2023-12-29 8.8 CVE-2023-47840
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Brainstorm Force Astra Pro. This issue affects Astra Pro through 4.3.1. 2023-12-29 8.8 CVE-2023-49830
[email protected] wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API. This issue affects MStore API through 4.10.1. 2023-12-29 8.8 CVE-2023-50878
[email protected] wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve. This issue affects New User Approve through 2.5.1. 2023-12-29 8.8 CVE-2023-50902
[email protected] wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking. This issue affects Appointment & Event Booking Calendar Plugin – Webba Booking through 4.5.33. 2023-12-29 8.8 CVE-2023-51354
[email protected] wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms. This issue affects Block IPs for Gravity Forms through 1.0.1. 2023-12-29 8.8 CVE-2023-51358
[email protected] wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder. This issue affects Rise Blocks – A Complete Gutenberg Page Builder through 3.1. 2023-12-29 8.8 CVE-2023-51378
[email protected] wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder. This issue affects Ultimate Addons for WPBakery Page Builder through 3.19.17. 2023-12-29 8.8 CVE-2023-51402
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log. This issue affects WP Mail Log through 1.1.2. 2023-12-29 8.8 CVE-2023-51410
[email protected] wordpress — wordpress Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons. This issue affects JVM Gutenberg Rich Text Icons through 1.2.3. 2023-12-29 8.8 CVE-2023-51417
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2. 2023-12-29 8.8 CVE-2023-51420
[email protected] wordpress — wordpress Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0. 2023-12-29 8.8 CVE-2023-51422
[email protected] wordpress — wordpress Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site. This issue affects Rencontre – Dating Site through 3.11.1. 2023-12-29 8.8 CVE-2023-51470
[email protected] wordpress — wordpress Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments. This issue affects Job Manager & Career – Manage job board listings, and recruitments through 1.4.4. 2023-12-29 8.8 CVE-2023-51545
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WhileTrue Most And Least Read Posts Widget. This issue affects Most And Least Read Posts Widget through 2.5.16. 2023-12-31 8.8 CVE-2023-52133
[email protected] wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor. This issue affects Dynamic Content for Elementor before 2.12.5. 2024-01-05 8.8 CVE-2023-52150
[email protected] wordpress — wordpress Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder. This issue affects ARI Stream Quiz – WordPress Quizzes Builder through 1.3.0. 2023-12-31 8.8 CVE-2023-52182
[email protected] wordpress — wordpress The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin’s settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched. 2024-01-03 8.6 CVE-2023-6600
[email protected]
[email protected]
[email protected]
[email protected] wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login. This issue affects miniOrange’s Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login through 5.6.1. 2023-12-29 7.5 CVE-2022-44589
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in Kanban for WordPress Kanban Boards for WordPress. This issue affects Kanban Boards for WordPress through 2.5.21. 2023-12-29 7.2 CVE-2023-40606
[email protected] wordpress — wordpress Improper Control of Generation of Code (‘Code Injection’) vulnerability in POSIMYTH Nexter Extension. This issue affects Nexter Extension through 2.0.3. 2023-12-29 7.2 CVE-2023-45751
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form. This issue affects Login Lockdown – Protect Login Form through 2.06. 2023-12-29 7.2 CVE-2023-50837
[email protected] wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway. This issue affects WooCommerce Stripe Payment Gateway through 7.6.1. 2024-01-05 7.5 CVE-2023-51502
[email protected] wordpress — wordpress Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo through 6.9.2. 2023-12-31 7.5 CVE-2023-51503
[email protected] wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4. This issue affects AI Power: Complete AI Pack – Powered by GPT-4 through 1.8.2. 2023-12-29 7.5 CVE-2023-51527
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin. This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin through 1.7.6. 2023-12-31 7.2 CVE-2023-51547
[email protected] wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple. This issue affects Product Catalog Simple through 1.7.6. 2023-12-29 7.5 CVE-2023-51687
[email protected] wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress. This issue affects eCommerce Product Catalog Plugin for WordPress through 3.3.26. 2023-12-29 7.5 CVE-2023-51688
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Zinc Page Generator. This issue affects Page Generator through 1.7.1. 2023-12-31 7.2 CVE-2023-52131
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jewel Theme WP Adminify. This issue affects WP Adminify through 3.1.6. 2023-12-31 7.2 CVE-2023-52132
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Eyal Fitoussi GEO my WordPress. This issue affects GEO my WordPress through 4.0.2. 2023-12-31 7.2 CVE-2023-52134
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress. This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress through 1.9.170. 2023-12-29 7.2 CVE-2023-52135
[email protected] wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout. This issue affects WP Stripe Checkout through 1.2.2.37. 2024-01-05 7.5 CVE-2023-52143
[email protected] wordpress — wordpress Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes. This issue affects Recipe Maker For Your Food Blog from Zip Recipes through 8.1.0. 2023-12-31 7.6 CVE-2023-52180
[email protected] wordpress — wordpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin. This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin through 2.1.9. 2023-12-31 7.5 CVE-2023-52185
[email protected] wordpress — wordpress The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-03 7.2 CVE-2023-7027
[email protected]
[email protected]
[email protected]
[email protected] wordpress — wordpress
  Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons. This issue affects YITH WooCommerce Product Add-Ons through 4.3.0. 2023-12-31 9.1 CVE-2023-49777
[email protected] xnview — xnview_classic XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. 2023-12-29 9.8 CVE-2023-52173
[email protected]
[email protected] xnview — xnview_classic XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. 2023-12-29 9.8 CVE-2023-52174
[email protected]
[email protected] yaztek_software_technologies_and_computer_systems — e-commerce_software
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-29 9.8 CVE-2023-4674
[email protected] zzcms — zzcms ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. 2023-12-29 9.8 CVE-2023-50104
[email protected]