Total
35574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6295 | 1 Siteorigin | 1 Siteorigin Widgets Bundle | 2024-11-21 | 7.2 High |
| The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. | ||||
| CVE-2023-6273 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-6248 | 1 Digitalcomtech | 2 Syrus 4g Iot Telematics Gateway, Syrus 4g Iot Telematics Gateway Firmware | 2024-11-21 | 10 Critical |
| The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts ) | ||||
| CVE-2023-6203 | 1 Stellarwp | 1 The Events Calendar | 2024-11-21 | 7.5 High |
| The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request | ||||
| CVE-2023-6202 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 Medium |
| Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards. | ||||
| CVE-2023-6181 | 1 Google | 2 Chromecast, Chromecast Firmware | 2024-11-21 | 9.8 Critical |
| An oversight in BCB handling of reboot reason that allows for persistent code execution | ||||
| CVE-2023-6157 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 7.6 High |
| Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-6156 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 7.6 High |
| Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-6077 | 1 Wpfrank | 1 Slider Factory Pro | 2024-11-21 | 6.5 Medium |
| The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected | ||||
| CVE-2023-6065 | 1 Quttera | 1 Quttera Web Malware Scanner | 2024-11-21 | 5.3 Medium |
| The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code | ||||
| CVE-2023-6014 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 9.8 Critical |
| An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | ||||
| CVE-2023-6012 | 1 Lanaccess | 1 Onsafe Monitorhm | 2024-11-21 | 8.3 High |
| An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. | ||||
| CVE-2023-5939 | 1 Rtcamp | 1 Rtmedia | 2024-11-21 | 7.2 High |
| The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. | ||||
| CVE-2023-5915 | 1 Yokogawa | 4 Stardom Fcj, Stardom Fcj Firmware, Stardom Fcn and 1 more | 2024-11-21 | 5.3 Medium |
| A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31. | ||||
| CVE-2023-5913 | 1 Microfocus | 1 Fortify Scancentral Dast | 2024-11-21 | 8.2 High |
| Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. | ||||
| CVE-2023-5906 | 1 Themehigh | 1 Job Manager \& Career | 2024-11-21 | 7.5 High |
| The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission. | ||||
| CVE-2023-5876 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 3.1 Low |
| Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. | ||||
| CVE-2023-5847 | 3 Linux, Microsoft, Tenable | 4 Linux Kernel, Windows, Nessus and 1 more | 2024-11-21 | 6.7 Medium |
| Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. | ||||
| CVE-2023-5845 | 1 Wpbrigade | 1 Simple Social Buttons | 2024-11-21 | 5.3 Medium |
| The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags | ||||
| CVE-2023-5766 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. | ||||