Patch Tuesday — January 2024

2024-01-09 · 802 CVEs

CVEs published or modified the week of 2024-01-09, partitioned by vendor.

Microsoft (66 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21646Critical9.82024-01-09Azure uAMQP is a general purpose C library for AMQP 1.0.
CVE-2024-21638Critical9.12024-01-10Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively.
CVE-2024-0057Critical9.12024-01-09NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
CVE-2023-49647High8.82024-01-12Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2023-40250High8.82024-01-12Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.
CVE-2024-21318High8.82024-01-09Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-20674High8.82024-01-09Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-0056High8.72024-01-09Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVE-2024-20652High8.12024-01-09Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2024-20676High8.02024-01-09Azure Storage Mover Remote Code Execution Vulnerability
CVE-2024-20654High8.02024-01-09Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21325High7.82024-01-09Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability
CVE-2024-21310High7.82024-01-09Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-21309High7.82024-01-09Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-20698High7.82024-01-09Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-20686High7.82024-01-09Win32k Elevation of Privilege Vulnerability
CVE-2024-20683High7.82024-01-09Win32k Elevation of Privilege Vulnerability
CVE-2024-20682High7.82024-01-09Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-20681High7.82024-01-09Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2024-20677High7.82024-01-09A security vulnerability exists in FBX that could lead to remote code execution.
CVE-2024-20658High7.82024-01-09Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2024-20656High7.82024-01-09Visual Studio Elevation of Privilege Vulnerability
CVE-2024-20653High7.82024-01-09Microsoft Common Log File System Elevation of Privilege Vulnerability
CVE-2023-31036High7.52024-01-12NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path tra…
CVE-2024-21312High7.52024-01-09.NET Framework Denial of Service Vulnerability
CVE-2024-21307High7.52024-01-09Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-20700High7.52024-01-09Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-20687High7.52024-01-09Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-20672High7.52024-01-09.NET Denial of Service Vulnerability
CVE-2024-20661High7.52024-01-09Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2024-20697High7.32024-01-09Windows libarchive Remote Code Execution Vulnerability
CVE-2024-20696High7.32024-01-09Windows libarchive Remote Code Execution Vulnerability
CVE-2024-21643High7.12024-01-10IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity.
CVE-2024-0206High7.12024-01-09A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges.
CVE-2024-20657High7.02024-01-09Windows Group Policy Elevation of Privilege Vulnerability
CVE-2023-51751Medium6.82024-01-11ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used.
CVE-2024-21319Medium6.82024-01-09Microsoft Identity Denial of service vulnerability
CVE-2024-20666Medium6.62024-01-09BitLocker Security Feature Bypass Vulnerability
CVE-2024-20655Medium6.62024-01-09Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability
CVE-2024-21320Medium6.52024-01-09Windows Themes Spoofing Vulnerability
CVE-2024-21314Medium6.52024-01-09Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2024-20690Medium6.52024-01-09Windows Nearby Sharing Spoofing Vulnerability
CVE-2024-20680Medium6.52024-01-09Windows Message Queuing Client (MSMQC) Information Disclosure
CVE-2024-20664Medium6.52024-01-09Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2024-20663Medium6.52024-01-09Windows Message Queuing Client (MSMQC) Information Disclosure
CVE-2024-20660Medium6.52024-01-09Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2024-20675Medium6.32024-01-11Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-0310Medium6.12024-01-10A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowin…
CVE-2024-21316Medium6.12024-01-09Windows Server Key Distribution Service Security Feature Bypass
CVE-2024-21306Medium5.72024-01-09Microsoft Bluetooth Driver Spoofing Vulnerability
CVE-2024-20692Medium5.72024-01-09Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2024-20715Medium5.52024-01-10Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20714Medium5.52024-01-10Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20713Medium5.52024-01-10Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20712Medium5.52024-01-10Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20711Medium5.52024-01-10Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20710Medium5.52024-01-10Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-21311Medium5.52024-01-09Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2024-20699Medium5.52024-01-09Windows Hyper-V Denial of Service Vulnerability
CVE-2024-20694Medium5.52024-01-09Windows CoreMessaging Information Disclosure Vulnerability
CVE-2024-21313Medium5.32024-01-09Windows TCP/IP Information Disclosure Vulnerability
CVE-2024-21337Medium5.22024-01-11Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2024-20662Medium4.92024-01-09Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability
CVE-2024-20691Medium4.72024-01-09Windows Themes Information Disclosure Vulnerability
CVE-2023-51750Medium4.62024-01-11ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur.
CVE-2024-21305Medium4.42024-01-09Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

Other vendors (736 CVEs across 241 vendors)

Gtkwave · 82 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-39444High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115.
CVE-2023-39443High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115.
CVE-2023-39317High7.82024-01-08Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115.
CVE-2023-39316High7.82024-01-08Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115.
CVE-2023-39275High7.82024-01-08Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-39274High7.82024-01-08Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-39273High7.82024-01-08Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-39272High7.82024-01-08Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-39271High7.82024-01-08Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-39270High7.82024-01-08Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-39235High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115.
CVE-2023-39234High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115.
CVE-2023-38657High7.82024-01-08An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115.
CVE-2023-38649High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115.
CVE-2023-38648High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115.
CVE-2023-38623High7.82024-01-08Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-38622High7.82024-01-08Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-38621High7.82024-01-08Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-38620High7.82024-01-08Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-38619High7.82024-01-08Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-38618High7.82024-01-08Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115.
CVE-2023-38583High7.82024-01-08A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115.
CVE-2023-37923High7.82024-01-08Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
CVE-2023-37922High7.82024-01-08Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
CVE-2023-37921High7.82024-01-08Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
CVE-2023-37578High7.82024-01-08Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115.
CVE-2023-37577High7.82024-01-08Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115.
CVE-2023-37576High7.82024-01-08Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115.
CVE-2023-37575High7.82024-01-08Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115.
CVE-2023-37574High7.82024-01-08Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115.
CVE-2023-37573High7.82024-01-08Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115.
CVE-2023-37447High7.82024-01-08Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115.
CVE-2023-37446High7.82024-01-08Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115.
CVE-2023-37445High7.82024-01-08Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115.
CVE-2023-37444High7.82024-01-08Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115.
CVE-2023-37443High7.82024-01-08Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115.
CVE-2023-37442High7.82024-01-08Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115.
CVE-2023-37420High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115.
CVE-2023-37419High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115.
CVE-2023-37418High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115.
CVE-2023-37417High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115.
CVE-2023-37416High7.82024-01-08Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115.
CVE-2023-37282High7.82024-01-08An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115.
CVE-2023-36916High7.82024-01-08Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115.
CVE-2023-36915High7.82024-01-08Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115.
CVE-2023-36864High7.82024-01-08An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115.
CVE-2023-36861High7.82024-01-08An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115.
CVE-2023-35997High7.82024-01-08Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115.
CVE-2023-35996High7.82024-01-08Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115.
CVE-2023-35995High7.82024-01-08Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115.
CVE-2023-35994High7.82024-01-08Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115.
CVE-2023-35989High7.82024-01-08An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115.
CVE-2023-35970High7.82024-01-08Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115.
CVE-2023-35969High7.82024-01-08Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115.
CVE-2023-35964High7.82024-01-08Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
CVE-2023-35963High7.82024-01-08Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
CVE-2023-35962High7.82024-01-08Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
CVE-2023-35961High7.82024-01-08Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
CVE-2023-35960High7.82024-01-08Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
CVE-2023-35959High7.82024-01-08Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
CVE-2023-35958High7.82024-01-08Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115.
CVE-2023-35957High7.82024-01-08Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115.
CVE-2023-35956High7.82024-01-08Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115.
CVE-2023-35955High7.82024-01-08Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115.
CVE-2023-35704High7.82024-01-08Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115.
CVE-2023-35703High7.82024-01-08Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115.
CVE-2023-35702High7.82024-01-08Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115.
CVE-2023-35057High7.82024-01-08An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115.
CVE-2023-35004High7.82024-01-08An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115.
CVE-2023-34436High7.82024-01-08An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115.
CVE-2023-34087High7.82024-01-08An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115.
CVE-2023-39414High7.02024-01-08Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115.
CVE-2023-39413High7.02024-01-08Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115.
CVE-2023-38653High7.02024-01-08Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115.
CVE-2023-38652High7.02024-01-08Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115.
CVE-2023-38651High7.02024-01-08Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115.
CVE-2023-38650High7.02024-01-08Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115.
CVE-2023-36747High7.02024-01-08Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115.
CVE-2023-36746High7.02024-01-08Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115.
CVE-2023-35992High7.02024-01-08An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary.
CVE-2023-35128High7.02024-01-08An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115.
CVE-2023-32650High7.02024-01-08An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary.

N/a · 80 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52026Critical9.82024-01-12TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface
CVE-2023-30016Critical9.82024-01-12SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.
CVE-2023-30015Critical9.82024-01-12SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.
CVE-2023-30014Critical9.82024-01-12SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.
CVE-2022-48620Critical9.82024-01-12uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.
CVE-2023-51350Critical9.82024-01-11A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.
CVE-2024-23061Critical9.82024-01-11TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
CVE-2024-23060Critical9.82024-01-11TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
CVE-2024-23059Critical9.82024-01-11TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
CVE-2024-23058Critical9.82024-01-11TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVE-2024-23057Critical9.82024-01-11TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVE-2024-22942Critical9.82024-01-11TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
CVE-2023-52032Critical9.82024-01-11TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
CVE-2023-52031Critical9.82024-01-11TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.
CVE-2023-52030Critical9.82024-01-11TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.
CVE-2023-52029Critical9.82024-01-11TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.
CVE-2023-52028Critical9.82024-01-11TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.
CVE-2023-52027Critical9.82024-01-11TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.
CVE-2023-52064Critical9.82024-01-10Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
CVE-2023-51970Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
CVE-2023-51969Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo.
CVE-2023-51968Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo.
CVE-2023-51967Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.
CVE-2023-51962Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.
CVE-2023-51965Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.
CVE-2023-51964Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
CVE-2023-51963Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.
CVE-2023-51960Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.
CVE-2023-51959Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.
CVE-2023-51958Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.
CVE-2023-51957Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.
CVE-2023-51956Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv
CVE-2023-51955Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
CVE-2023-51954Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
CVE-2023-51953Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
CVE-2023-51952Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.
CVE-2023-51966Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.
CVE-2023-51961Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.
CVE-2023-51972Critical9.82024-01-10Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.
CVE-2023-51971Critical9.82024-01-10Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.
CVE-2020-26629Critical9.82024-01-10A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
CVE-2023-50585Critical9.82024-01-09Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVE-2023-49237Critical9.82024-01-09An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices.
CVE-2023-49236Critical9.82024-01-09A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution.
CVE-2023-49235Critical9.82024-01-09An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices.
CVE-2023-26999Critical9.82024-01-09An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.
CVE-2022-46025Critical9.12024-01-10Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control.
CVE-2023-50982Critical9.02024-01-08Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension.
CVE-2023-51949High8.82024-01-12Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller
CVE-2023-51749High8.82024-01-11ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip.
CVE-2023-51748High8.82024-01-11ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used.
CVE-2023-50159High8.82024-01-11In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed.
CVE-2023-47890High8.82024-01-08pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.
CVE-2023-50932High8.32024-01-09An issue was discovered in savignano S/Notify before 4.0.2 for Confluence.
CVE-2023-50931High8.32024-01-09An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket.
CVE-2023-50930High8.32024-01-09An issue was discovered in savignano S/Notify before 4.0.2 for Jira.
CVE-2023-48166High7.52024-01-12A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system.
CVE-2023-49427High7.52024-01-10Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.
CVE-2023-48864High7.52024-01-10SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.
CVE-2023-27098High7.52024-01-09TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
CVE-2023-49961High7.52024-01-08WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.
CVE-2023-46474High7.22024-01-11File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.
CVE-2023-50162High7.22024-01-09SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function.
CVE-2023-51978Medium6.52024-01-12In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection.
CVE-2023-52271Medium6.52024-01-08The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time).
CVE-2024-0304Medium6.32024-01-08A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical.
CVE-2024-0303Medium6.32024-01-08A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3.
CVE-2023-51790Medium6.12024-01-12Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.
CVE-2023-52274Medium6.12024-01-11member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.
CVE-2020-26628Medium6.12024-01-10A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page a…
CVE-2023-27000Medium6.12024-01-09Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).
CVE-2023-37644Medium5.52024-01-11SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf.
CVE-2024-22368Medium5.52024-01-09The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document.
CVE-2023-36629Medium5.52024-01-09The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read.
CVE-2023-51806Medium5.42024-01-12File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.
CVE-2023-51252Medium5.42024-01-10PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-26998Medium5.42024-01-09Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
CVE-2020-26630Medium4.92024-01-10A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab af…
CVE-2020-26627Medium4.92024-01-10A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queri…
CVE-2024-0459Medium4.72024-01-12A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical.

Apple · 60 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40414Critical9.82024-01-10A use-after-free issue was addressed with improved memory management.
CVE-2023-42866High8.82024-01-10The issue was addressed with improved memory handling.
CVE-2023-42833High8.82024-01-10A correctness issue was addressed with improved checks.
CVE-2023-41060High8.82024-01-10A type confusion issue was addressed with improved checks.
CVE-2023-42933High7.82024-01-10This issue was addressed with improved checks.
CVE-2023-42871High7.82024-01-10The issue was addressed with improved memory handling.
CVE-2023-42870High7.82024-01-10A use-after-free issue was addressed with improved memory management.
CVE-2023-42828High7.82024-01-10This issue was addressed by removing the vulnerable code.
CVE-2023-42826High7.82024-01-10The issue was addressed with improved checks.
CVE-2023-41974High7.8KEV2024-01-10A use-after-free issue was addressed with improved memory management.
CVE-2023-41075High7.82024-01-10A type confusion issue was addressed with improved checks.
CVE-2023-32401High7.82024-01-10A buffer overflow was addressed with improved bounds checking.
CVE-2023-32383High7.82024-01-10This issue was addressed by forcing hardened runtime on the affected binaries at the system level.
CVE-2023-32378High7.82024-01-10A use-after-free issue was addressed with improved memory management.
CVE-2023-32366High7.82024-01-10An out-of-bounds write issue was addressed with improved input validation.
CVE-2022-47965High7.82024-01-10The issue was addressed with improved memory handling.
CVE-2022-47915High7.82024-01-10The issue was addressed with improved memory handling.
CVE-2022-46721High7.82024-01-10The issue was addressed with improved memory handling.
CVE-2023-42869High7.52024-01-10Multiple memory corruption issues were addressed with improved input validation.
CVE-2023-40393High7.52024-01-10An authentication issue was addressed with improved state management.
CVE-2023-42876High7.12024-01-10The issue was addressed with improved bounds checks.
CVE-2023-38610High7.12024-01-10A memory corruption issue was addressed by removing the vulnerable code.
CVE-2023-32436High7.12024-01-10The issue was addressed with improved bounds checks.
CVE-2023-42832High7.02024-01-10A race condition was addressed with improved state handling.
CVE-2022-48618High7.0KEV2024-01-09The issue was addressed with improved checks.
CVE-2023-42865Medium6.52024-01-10An out-of-bounds read was addressed with improved input validation.
CVE-2023-42862Medium6.52024-01-10An out-of-bounds read was addressed with improved input validation.
CVE-2023-40385Medium6.52024-01-10This issue was addressed by removing the vulnerable code.
CVE-2023-42929Medium5.52024-01-10The issue was addressed with improved checks.
CVE-2023-42872Medium5.52024-01-10The issue was addressed with additional permissions checks.
CVE-2023-42831Medium5.52024-01-10This issue was addressed by removing the vulnerable code.
CVE-2023-42829Medium5.52024-01-10The issue was addressed with additional restrictions on the observability of app states.
CVE-2023-41994Medium5.52024-01-10A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14.
CVE-2023-41987Medium5.52024-01-10This issue was addressed with improved checks.
CVE-2023-41069Medium5.52024-01-10This issue was addressed by improving Face ID anti-spoofing models.
CVE-2023-40438Medium5.52024-01-10An issue was addressed with improved handling of temporary files.
CVE-2023-40437Medium5.52024-01-10A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-40433Medium5.52024-01-10A logic issue was addressed with improved checks.
CVE-2023-40430Medium5.52024-01-10A logic issue was addressed with improved checks.
CVE-2023-40411Medium5.52024-01-10This issue was addressed with improved data protection.
CVE-2023-38607Medium5.52024-01-10The issue was addressed with improved handling of caches.
CVE-2023-32424Medium5.52024-01-10The issue was addressed with improved memory handling.
CVE-2023-28185Medium5.52024-01-10An integer overflow was addressed through improved input validation.
CVE-2022-48577Medium5.52024-01-10An access issue was addressed with improved access restrictions.
CVE-2022-48504Medium5.52024-01-10The issue was addressed with improved handling of caches.
CVE-2022-46710Medium5.52024-01-10A logic issue was addressed with improved checks.
CVE-2022-42816Medium5.52024-01-10A logic issue was addressed with improved state management.
CVE-2022-32931Medium5.52024-01-10This issue was addressed with improved data protection.
CVE-2023-42941Medium4.82024-01-10The issue was addressed with improved checks.
CVE-2022-32919Medium4.72024-01-10The issue was addressed with improved UI handling.
CVE-2023-42934Medium4.22024-01-10An information disclosure issue was addressed by removing the vulnerable code.
CVE-2023-42830Low3.32024-01-10A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-40439Low3.32024-01-10A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-40394Low3.32024-01-10The issue was addressed with improved validation of environment variables.
CVE-2023-40383Low3.32024-01-10A path handling issue was addressed with improved validation.
CVE-2023-38612Low3.32024-01-10The issue was addressed with improved checks.
CVE-2023-28197Low3.32024-01-10An access issue was addressed with additional sandbox restrictions.
CVE-2022-42839Low3.32024-01-10This issue was addressed with improved redaction of sensitive information.
CVE-2024-0230Low2.42024-01-12A session management issue was addressed with improved checks.
CVE-2023-40529Low2.42024-01-10This issue was addressed with improved redaction of sensitive information.

Bosch · 26 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48253High8.82024-01-10The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashe…
CVE-2023-48252High8.82024-01-10The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
CVE-2023-49722High8.32024-01-09Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network.
CVE-2023-48266High8.12024-01-10The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48265High8.12024-01-10The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48264High8.12024-01-10The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48263High8.12024-01-10The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48262High8.12024-01-10The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
CVE-2023-48251High8.12024-01-10The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
CVE-2023-48250High8.12024-01-10The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
CVE-2023-48243High8.12024-01-10The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remo…
CVE-2023-48257High7.82024-01-10The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device.
CVE-2023-48249Medium6.52024-01-10The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possib…
CVE-2023-48246Medium6.52024-01-10The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-48245Medium6.52024-01-10The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-48242Medium6.52024-01-10The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-48255Medium6.32024-01-10The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by wa…
CVE-2023-48258Medium5.52024-01-10The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session.
CVE-2023-48248Medium5.52024-01-10The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply…
CVE-2023-48261Medium5.32024-01-10The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVE-2023-48260Medium5.32024-01-10The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVE-2023-48259Medium5.32024-01-10The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVE-2023-48256Medium5.32024-01-10The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.
CVE-2023-48254Medium5.32024-01-10The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
CVE-2023-48247Medium5.32024-01-10The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-48244Medium5.32024-01-10The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.

Juniper · 23 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21591Critical9.82024-01-12An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root pri…
CVE-2024-21616High7.52024-01-12An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
CVE-2024-21614High7.52024-01-12An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Den…
CVE-2024-21612High7.52024-01-12An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
CVE-2024-21611High7.52024-01-12A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
CVE-2024-21606High7.52024-01-12A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
CVE-2024-21604High7.52024-01-12An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
CVE-2024-21602High7.52024-01-12A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
CVE-2024-21595High7.52024-01-12An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
CVE-2024-21589High7.42024-01-12An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configurat…
CVE-2024-21617Medium6.52024-01-12An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS).
CVE-2024-21613Medium6.52024-01-12A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of…
CVE-2024-21603Medium6.52024-01-12An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service.
CVE-2024-21600Medium6.52024-01-12An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
CVE-2024-21599Medium6.52024-01-12A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
CVE-2024-21587Medium6.52024-01-12An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeate…
CVE-2023-36842Medium6.52024-01-12An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in…
CVE-2024-21601Medium5.92024-01-12A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker…
CVE-2024-21585Medium5.92024-01-12An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control…
CVE-2024-21594Medium5.52024-01-12A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS).
CVE-2024-21607Medium5.32024-01-12An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.
CVE-2024-21597Medium5.32024-01-12An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions.
CVE-2024-21596Medium5.32024-01-12A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).

Siemens · 20 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49621Critical9.82024-01-09A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7).
CVE-2023-49251High8.82024-01-09A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7).
CVE-2023-51746High7.82024-01-09A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions <…
CVE-2023-51745High7.82024-01-09A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions <…
CVE-2023-51439High7.82024-01-09A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions <…
CVE-2023-49132High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49131High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49130High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49129High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49128High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49127High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49126High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49124High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49123High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49122High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-49121High7.82024-01-09A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10).
CVE-2023-44120High7.82024-01-09A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4).
CVE-2023-49252High7.52024-01-09A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7).
CVE-2023-42797Medium6.62024-01-09A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20).
CVE-2023-51744Low3.32024-01-09A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions <…
CVESeverityCVSSKEVPublishedSummary
CVE-2023-7221Critical9.82024-01-09A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923.
CVE-2023-7220Critical9.82024-01-09A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical.
CVE-2024-0299High7.32024-01-08A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216.
CVE-2024-0298High7.32024-01-08A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216.
CVE-2024-0297High7.32024-01-08A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical.
CVE-2024-0296High7.32024-01-08A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical.
CVE-2024-0295High7.32024-01-08A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130.
CVE-2024-0294High7.32024-01-08A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130.
CVE-2023-7222High7.22024-01-09A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452.
CVE-2023-7219High7.22024-01-09A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical.
CVE-2023-7218High7.22024-01-08A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012.
CVE-2024-0293Medium6.32024-01-08A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130.
CVE-2024-0292Medium6.32024-01-08A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130.
CVE-2024-0291Medium6.32024-01-08A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130.
CVE-2023-7223Medium5.32024-01-09A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923.

Code-projects · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0474High7.32024-01-12A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0.
CVE-2024-0359High7.32024-01-10A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0.
CVE-2024-0473Medium6.32024-01-12A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0.
CVE-2024-0471Medium6.32024-01-12A vulnerability was found in code-projects Human Resource Integrated System 1.0.
CVE-2024-0470Medium6.32024-01-12A vulnerability was found in code-projects Human Resource Integrated System 1.0.
CVE-2024-0469Medium6.32024-01-12A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical.
CVE-2024-0468Medium6.32024-01-12A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical.
CVE-2024-0464Medium6.32024-01-12A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0.
CVE-2024-0463Medium6.32024-01-12A vulnerability was found in code-projects Online Faculty Clearance 1.0.
CVE-2024-0462Medium6.32024-01-12A vulnerability was found in code-projects Online Faculty Clearance 1.0.
CVE-2024-0461Medium6.32024-01-12A vulnerability was found in code-projects Online Faculty Clearance 1.0.
CVE-2024-0466Medium5.52024-01-12A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0.
CVE-2024-0472Low3.52024-01-12A vulnerability was found in code-projects Dormitory Management System 1.0.
CVE-2024-0465Low3.52024-01-12A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0.

Wwbn · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49599Critical9.82024-01-10An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-47862Critical9.82024-01-10A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-48728Critical9.62024-01-10A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff.
CVE-2023-47861Critical9.02024-01-10A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb.
CVE-2023-49589High8.82024-01-10An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-48730High8.52024-01-10A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-49738High7.52024-01-10An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-49810High7.32024-01-10A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-49864Medium6.52024-01-10An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-49863Medium6.52024-01-10An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-49862Medium6.52024-01-10An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-47171Medium6.52024-01-10An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb.
CVE-2023-50172Medium5.32024-01-10A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb.
CVE-2023-49715Medium4.32024-01-10A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb.

Hongdian · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49262Critical9.82024-01-12The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.
CVE-2023-49255Critical9.82024-01-12The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared.
CVE-2023-49253Critical9.82024-01-12Root user password is hardcoded into the device and cannot be changed in the user interface.
CVE-2023-49257High8.82024-01-12An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.
CVE-2023-49254High8.82024-01-12Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools.
CVE-2023-49261High7.52024-01-12The "tokenKey" value used in user authorization is visible in the HTML source of the login page.
CVE-2023-49259High7.52024-01-12The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.
CVE-2023-49256High7.52024-01-12It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.
CVE-2023-49260Medium6.12024-01-12An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path.
CVE-2023-49258Medium6.12024-01-12User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter.

Ibm · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-31003High8.42024-01-11IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls.
CVE-2023-50948Medium6.52024-01-08IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal…
CVE-2023-45171Medium6.22024-01-11IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service.
CVE-2023-45169Medium6.22024-01-11IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service.
CVE-2023-38267Medium6.22024-01-11IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configurat…
CVE-2023-45175Medium6.22024-01-11IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.
CVE-2023-45173Medium6.22024-01-11IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service.
CVE-2023-31001Medium5.12024-01-11IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user.
CVE-2023-47140Medium4.02024-01-08IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls.

Nvidia · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-31030Critical9.32024-01-12NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet.
CVE-2023-31029Critical9.32024-01-12NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet.
CVE-2023-31024Critical9.02024-01-12NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet.
CVE-2023-31035High7.52024-01-12NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level.
CVE-2023-31032High7.52024-01-12NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access.
CVE-2023-31033Medium6.82024-01-12NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network .
CVE-2023-31034Medium6.62024-01-12NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow.
CVE-2023-31025Medium6.52024-01-12NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection.
CVE-2023-31031Medium4.22024-01-12NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access.

Ami · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-3043Critical9.62024-01-09AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network.
CVE-2023-37293Critical9.62024-01-09AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network.
CVE-2023-37297High8.32024-01-09AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network.
CVE-2023-37296High8.32024-01-09AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network.
CVE-2023-37295High8.32024-01-09AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network.
CVE-2023-37294High8.32024-01-09AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network.
CVE-2023-34333High7.82024-01-09AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network.
CVE-2023-34332High7.82024-01-09AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network.

Csdeshang · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0415Medium6.32024-01-11A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0.
CVE-2024-0417Medium5.42024-01-11A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5.
CVE-2024-0416Medium5.42024-01-11A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3.
CVE-2024-0414Medium5.32024-01-11A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1.
CVE-2024-0413Medium5.32024-01-11A vulnerability was found in DeShang DSKMS up to 3.1.2.
CVE-2024-0412Medium5.32024-01-11A vulnerability was found in DeShang DSShop up to 3.1.0.
CVE-2024-0411Medium5.32024-01-11A vulnerability was found in DeShang DSMall up to 6.1.0.
CVE-2024-0358Medium5.32024-01-10A vulnerability was found in DeShang DSO2O up to 4.1.0.

Canonical · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2021-3600High7.82024-01-08It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations.
CVE-2022-3328High7.82024-01-08Race condition in snap-confine's must_mkdir_and_open_with_perms()
CVE-2022-2602Medium5.32024-01-08io_uring UAF, Unix SCM garbage collection
CVE-2022-2588Medium5.32024-01-08It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVE-2022-2586Medium5.3KEV2024-01-08It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
CVE-2022-2585Medium5.32024-01-08It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
CVE-2023-1032Medium4.72024-01-08The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c.

Mediawiki · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-23179Medium6.12024-01-12An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2.
CVE-2024-23177Medium6.12024-01-12An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2.
CVE-2024-23173Medium6.12024-01-12An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2.
CVE-2024-23178Medium5.42024-01-12An issue was discovered in the Phonos extension in MediaWiki before 1.40.2.
CVE-2024-23174Medium5.42024-01-12An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2.
CVE-2024-23172Medium5.42024-01-12An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2.
CVE-2024-23171Medium5.42024-01-12An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2.

Sap · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21737High8.42024-01-09In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly.
CVE-2024-22125High7.42024-01-09Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confid…
CVE-2024-21735High7.32024-01-09SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks.
CVE-2024-21736Medium6.42024-01-09SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks.
CVE-2024-22124Medium4.12024-01-09Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WE…
CVE-2024-21738Medium4.12024-01-09SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality o…
CVE-2024-21734Low3.72024-01-09SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the applica…

Codeastro · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0345Medium4.32024-01-09A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0.
CVE-2024-0343Medium4.32024-01-09A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6.
CVE-2024-0424Low3.52024-01-11A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0.
CVE-2024-0423Low3.52024-01-11A vulnerability was found in CodeAstro Online Food Ordering System 1.0.
CVE-2024-0422Low3.52024-01-11A vulnerability was found in CodeAstro POS and Inventory Management System 1.0.
CVE-2024-0346Low3.52024-01-09A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic.

Freeimage_project · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47994High8.82024-01-09An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.
CVE-2023-47992High8.82024-01-09An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.
CVE-2023-47997Medium6.52024-01-10An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
CVE-2023-47996Medium6.52024-01-09An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.
CVE-2023-47995Medium6.52024-01-09Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.
CVE-2023-47993Medium6.52024-01-09A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.

Open-xchange · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-29048High8.82024-01-08A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user.
CVE-2023-29051High8.12024-01-08User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API.
CVE-2023-29050High7.62024-01-08The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy.
CVE-2023-41710Medium5.42024-01-08User-defined script code could be stored for a upsell related shop URL.
CVE-2023-29052Medium5.42024-01-08Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly.
CVE-2023-29049Medium5.42024-01-08The "upsell" widget at the portal page could be abused to inject arbitrary script code.

Phpgurukul · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0364Medium5.52024-01-10A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0.
CVE-2024-0363Medium5.52024-01-10A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0.
CVE-2024-0362Medium5.52024-01-10A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0.
CVE-2024-0361Medium5.52024-01-10A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0.
CVE-2024-0360Medium5.52024-01-10A vulnerability was found in PHPGurukul Hospital Management System 1.0.
CVE-2024-0355Medium5.52024-01-10A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1.

Engineers_online_portal_project · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0348Medium4.32024-01-09A vulnerability was found in SourceCodester Engineers Online Portal 1.0.
CVE-2024-0349Low3.72024-01-09A vulnerability was found in SourceCodester Engineers Online Portal 1.0.
CVE-2024-0347Low3.72024-01-09A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic.
CVE-2024-0351Low3.12024-01-09A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0.
CVE-2024-0350Low3.12024-01-09A vulnerability was found in SourceCodester Engineers Online Portal 1.0.

Fedoraproject · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41056High8.12024-01-10Redis is an in-memory database that persists on disk.
CVE-2023-5455Medium6.52024-01-10A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.
CVE-2024-23301Medium5.52024-01-12Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y.
CVE-2024-0443Medium5.52024-01-12A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem.
CVE-2024-0333Medium5.32024-01-10Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page.

Fortinet · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-44250High8.82024-01-10An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated…
CVE-2023-46712High7.22024-01-10A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.
CVE-2023-37932Medium6.52024-01-10An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via se…
CVE-2023-48783Medium5.42024-01-10An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user wit…
CVE-2023-37934Medium4.32024-01-10An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high freque…

Gitlab · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7028Critical10.0KEV2024-01-12An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which…
CVE-2023-4812High7.62024-01-12An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2.
CVE-2023-5356High7.32024-01-12Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integr…
CVE-2023-6955Medium6.62024-01-12A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2.
CVE-2023-2030Low3.52024-01-12An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

Hozard · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50123High8.12024-01-11The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited.
CVE-2023-50126Medium6.52024-01-11Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm…
CVE-2023-50127Medium5.92024-01-11Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication.
CVE-2023-50125Medium5.92024-01-11A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state.
CVE-2023-50128Medium5.32024-01-11The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed…

Kashipara · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0307High7.32024-01-08A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0.
CVE-2024-0306High7.32024-01-08A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0.
CVE-2024-0290Medium6.32024-01-08A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0.
CVE-2024-0289Medium6.32024-01-08A vulnerability classified as critical was found in Kashipara Food Management System 1.0.
CVE-2024-0288Medium6.32024-01-08A vulnerability classified as critical has been found in Kashipara Food Management System 1.0.

Debian · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6040High7.82024-01-12An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tab…
CVE-2023-51782High7.02024-01-11An issue was discovered in the Linux kernel before 6.6.8.
CVE-2023-51781High7.02024-01-11An issue was discovered in the Linux kernel before 6.6.8.
CVE-2023-51780High7.02024-01-11An issue was discovered in the Linux kernel before 6.6.8.

Discourse · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48297High8.62024-01-12Discourse is a platform for community discussion.
CVE-2024-21655Medium4.32024-01-12Discourse is a platform for community discussion.
CVE-2023-49098Low3.52024-01-12Discourse-reactions is a plugin that allows user to add their reactions to the post.
CVE-2023-49099Low3.12024-01-12Discourse is a platform for community discussion.
CVESeverityCVSSKEVPublishedSummary
CVE-2023-51987Critical9.82024-01-11D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords.
CVE-2023-51984Critical9.82024-01-11D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function.
CVE-2023-51123Critical9.82024-01-10An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.
CVE-2023-41603Medium5.32024-01-10D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic.

Jfinalcms_project · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22494Medium5.42024-01-12A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22493Medium5.42024-01-12A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2024-22492Medium5.42024-01-12A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVE-2023-50136Medium5.42024-01-09Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.

Ptc · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-29445High7.82024-01-10An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
CVE-2023-29444Medium6.32024-01-10An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
CVE-2023-29447Medium5.72024-01-10An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
CVE-2023-29446Medium4.72024-01-10An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file.

0xjacky · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22197High7.72024-01-11Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time.
CVE-2024-22198High7.12024-01-11Nginx-UI is a web interface to manage Nginx configurations.
CVE-2024-22196High7.02024-01-11Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time.

Ashanjay · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6244Medium6.52024-01-11The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free).
CVE-2023-6242Medium6.52024-01-11The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free).
CVE-2023-6158Medium6.52024-01-10The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up t…

Checkmk · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6740High8.82024-01-12Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
CVE-2023-6735High8.82024-01-12Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
CVE-2023-31211High8.82024-01-12Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

Flycms_project · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52074High8.82024-01-08FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
CVE-2023-52073High8.82024-01-08FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.
CVE-2023-52072High8.82024-01-08FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.

G5plus · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6140High8.82024-01-08The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code e…
CVE-2023-6139Medium6.52024-01-08The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.
CVE-2023-6141Medium5.42024-01-08The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks.

Givewp · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-4248Medium5.42024-01-11The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3.
CVE-2023-4247Medium5.42024-01-11The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3.
CVE-2023-4246Medium4.32024-01-11The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3.

Gpac · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0321Critical9.82024-01-08Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2024-0322Critical9.12024-01-08Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-50120Medium5.52024-01-10MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c.

Inis_project · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0342Medium6.32024-01-09A vulnerability classified as critical has been found in Inis up to 2.0.1.
CVE-2024-0308Medium6.32024-01-08A vulnerability was found in Inis up to 2.0.1.
CVE-2024-0341Low3.52024-01-09A vulnerability was found in Inis up to 2.0.1.

Ivanti · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21887Critical9.1KEV2024-01-12A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the a…
CVE-2023-39336High8.82024-01-09An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authenticat…
CVE-2023-46805High8.2KEV2024-01-12An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Pimcore · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21667Medium6.52024-01-11pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore.
CVE-2024-21666Medium6.52024-01-11The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation.
CVE-2024-21665Medium4.32024-01-11ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle.

Qualys · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6149Medium5.72024-01-09Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
CVE-2023-6148Medium5.72024-01-09Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
CVE-2023-6147Medium5.72024-01-09Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.

Svnlabs · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52202Critical9.12024-01-08Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0.
CVE-2023-52205Critical9.12024-01-08Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0.
CVE-2023-52207Critical9.12024-01-08Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0.

Thimpress · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6567Critical9.82024-01-11The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient pre…
CVE-2023-6634High8.12024-01-11The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function.
CVE-2023-6223Medium4.32024-01-11The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlle…

Tianocore · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-36765High7.02024-01-09EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network.
CVE-2022-36764High7.02024-01-09EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network.
CVE-2022-36763High7.02024-01-09EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-21833High8.82024-01-11Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands.
CVE-2024-21773High8.82024-01-11Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in par…
CVE-2024-21821High8.02024-01-11Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.

Xwiki · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21650Critical10.02024-01-08XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
CVE-2024-21648High8.02024-01-09XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
CVE-2024-21651High7.52024-01-09XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

Backupbliss · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6266High7.52024-01-11The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6.
CVE-2023-6750High7.52024-01-08The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.

Carazo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6583Medium6.62024-01-11The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality.
CVE-2023-6624Medium4.92024-01-11The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escapi…

Carmelogarcia · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0460Medium6.32024-01-12A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical.
CVE-2024-0467Low3.52024-01-12A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0.

Fhs-opensource · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0302Medium6.32024-01-08A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE.
CVE-2024-0301Medium6.32024-01-08A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE.

Flient · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50124Medium6.82024-01-11Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials.
CVE-2023-50129Medium6.52024-01-11Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter.

Flir · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51126Critical9.82024-01-10Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.
CVE-2023-51127High7.52024-01-10FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction.

Foru · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0426Medium6.32024-01-11A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23.
CVE-2024-0425Medium5.32024-01-11A vulnerability classified as critical was found in ForU CMS up to 2020-06-23.

Gl-inet · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50919Critical9.82024-01-12An issue was discovered on GL.iNet devices before version 4.5.0.
CVE-2023-50920Medium5.52024-01-12An issue was discovered on GL.iNet devices before version 4.5.0.

Go-git · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49569Critical9.82024-01-12A path traversal vulnerability was discovered in go-git versions prior to v5.11.
CVE-2023-49568High7.52024-01-12A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11.

Joynext · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28898Medium5.32024-01-12The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero.
CVE-2023-28897Medium4.02024-01-12The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware.

Korenix · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5347Critical9.82024-01-09An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmwa…
CVE-2023-5376High8.62024-01-09An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.

Linux · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-48619Medium5.52024-01-12An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10.
CVE-2024-0340Medium4.42024-01-09A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg()…

Manageengine · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-47211Critical9.12024-01-08A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258.
CVE-2024-0252High8.82024-01-11ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component.

Melapress · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6520Medium4.32024-01-11The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0.
CVE-2023-6506Medium4.32024-01-11The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user con…

Microchip · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51438Critical10.02024-01-09A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All…
CVE-2024-22216Critical10.02024-01-08In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information di…

Omron · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45794High8.62024-01-10An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.
CVE-2022-45793Medium5.52024-01-10Sysmac Studio installs executables in a directory with poor permissions.

Pyload · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21644High7.52024-01-08pyLoad is the free and open-source Download Manager written in pure Python.
CVE-2024-21645Medium5.32024-01-08pyLoad is the free and open-source Download Manager written in pure Python.

Qkmc-rk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-4959Low3.52024-01-11A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0.
CVE-2022-4958Low3.52024-01-11A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0.

Roxnor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6788Medium5.42024-01-09The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1.
CVE-2023-6582Medium5.32024-01-11The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function.

Splunk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22165Medium6.52024-01-09In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS).
CVE-2024-22164Medium4.32024-01-09In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation.

Strategy11 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6830Medium6.52024-01-09The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7.
CVE-2023-6842Medium4.42024-01-09The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versi…

Themeisle · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6781Medium6.42024-01-11The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user su…
CVE-2023-7019Medium4.32024-01-11The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and in…

10web · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6924Medium4.42024-01-11The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes.

3dflipbook · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6776Medium6.42024-01-11The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping.

Aarboard · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-48909High8.82024-01-12An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.

Acritum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2010-10011Medium4.32024-01-12A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04.

Advancedcustomfields · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-40696Low3.72024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

Aertherwide · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50671High7.82024-01-11In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address.

Alobaidi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-4962Medium6.42024-01-11The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes.

Amd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-20573Low3.22024-01-11A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.

Anton Bond · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52218Critical10.02024-01-08Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8.

Apache · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49619Low3.12024-01-10Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.

Apolloconfig · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-4962Medium4.32024-01-12A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic.

Appwrite · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50974Medium5.52024-01-09In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions.

Aresit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6699Critical9.12024-01-11The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter.

Arm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5091Medium5.52024-01-08Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.

Automattic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52222Medium4.32024-01-08Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.

Avimegladon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5448High8.82024-01-11The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9.

Awesomemotive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2018-25095Critical9.82024-01-08The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files.

Ays-pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22027Medium6.52024-01-12Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.

Barassistant · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49471High8.82024-01-10Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execut…

Blueastral · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52206High7.72024-01-08Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25.

Bowo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6383High7.52024-01-08The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data

Bpsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0429High7.32024-01-11A denial service vulnerability has been found on  Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown.

Brian D. Goad · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52201High7.62024-01-08Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D.

Buffalo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51073High8.12024-01-11An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh.

Byzoro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0300Medium6.32024-01-08A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101.

Cassianetworks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-31446Critical9.82024-01-10In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized.

Centralsquare · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-40362Medium4.32024-01-12An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023.

Cformsii_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52203Medium5.92024-01-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.

Chanzhaoyu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7215Low3.52024-01-08A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1.

Chromiumembedded · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21639Medium5.32024-01-12CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications.

Cisco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-31488Critical9.82024-01-10Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fa…

Clerk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22206Critical9.02024-01-12Clerk helps developers build user management.

Cloud Foundry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34061High7.52024-01-12Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack.

Cloudfavorites · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-4960Low3.52024-01-12A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0.

Codecabin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6627Medium6.12024-01-08The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

Codepeople · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6446Medium4.42024-01-11The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping.

Coderd-repos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0357Medium5.52024-01-10A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical.

Codexonics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6505High7.52024-01-08The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.

Collect.chat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5691Medium4.42024-01-11The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping.

Constant Contact · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52208Medium5.32024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2.

Cool Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52142High7.62024-01-08Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3…

Cozmoslabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6504Medium4.32024-01-11The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler functio…

Cusrev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6979High8.82024-01-11The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9.

Cyber-domain-ontology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22194Low2.22024-01-11cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs.

Daan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6637Medium6.52024-01-11The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14.

Dataiku · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51717Critical9.82024-01-09Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.

Demon1a · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21663Critical9.92024-01-09Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server.

Easycorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49394Medium6.12024-01-10Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.

Easysocialfeed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6883Medium4.32024-01-11The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2.

Easyxdm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-27739Medium6.12024-01-08easyXDM 2.5 allows XSS via the xdm_e parameter.

Elan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0454Medium6.02024-01-12ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.

Elitecms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-40361Medium6.12024-01-11Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.

Enviragallery · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6742Medium4.32024-01-11The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and i…

Evernote · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50643Critical9.82024-01-09An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.

Ewels · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52196High7.12024-01-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12.

Extendthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6988Medium6.42024-01-11The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output…

Fastify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51701Medium5.32024-01-08fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server.

Fernandobriano · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6994Medium6.42024-01-11The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user…

Fifu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6561Medium6.42024-01-11The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping.

Follettlearning · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-38827Medium6.12024-01-09Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do.

Fonttools · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-45139High7.52024-01-10fontTools is a library for manipulating fonts, written in Python.

Freeamigos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6496Medium5.32024-01-11The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function.

Fuyanglipengjun · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-4961Medium5.52024-01-12A vulnerability was found in Weitong Mall 1.0.0.

Gecka · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52219Critical9.92024-01-08Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1.

Gentoo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2016-20021Critical9.82024-01-12In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification.

Get-simple · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51246Medium5.42024-01-08A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.

Gitpython-developers · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22190High7.82024-01-11GitPython is a python library used to interact with Git repositories.

Goauthentik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21637High7.62024-01-11Authentik is an open-source Identity Provider.

Gofiber · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22199Critical9.32024-01-11This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface.

Gradle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49238Critical9.82024-01-09In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password.

Guangzhou Yingke Electronic Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0305Medium5.32024-01-08A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic.

Gutengeek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6638Medium6.52024-01-11The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4.

Hamidrezasepehr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5911Medium4.82024-01-08The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when t…

Hostinger · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6751High7.32024-01-11The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7.

Httpdx_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0419Medium5.32024-01-11A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic.

Hyperledger · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21669Critical9.92024-01-11Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.

I13websolution · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6555Medium6.12024-01-08The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such a…

Impactpixel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52197Medium5.92024-01-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0.

Inc2734 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6316Critical9.82024-01-11The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1.

Infoblox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-28975Medium5.42024-01-09A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.

Inpsyde · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5504High8.72024-01-11The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder.

Isharer And Upredsun · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0418Medium5.32024-01-11A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic.

Jannisthuemmig · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7070Medium6.42024-01-11The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input san…

Javik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52204High8.52024-01-08Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.

Jetbrains · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22370Medium4.62024-01-09In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

Jordy Meow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51508Medium5.32024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8.

Juzaweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-46906Medium4.92024-01-09juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code.

Kofax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5118Medium5.42024-01-11The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized a…

Kutethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5235High8.82024-01-08The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register'…

Kyocera · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-50916High7.22024-01-10Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path.

Laybuy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21745Medium6.52024-01-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a t…

Leechesnutt · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6878High8.82024-01-11The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11.

Lestrrat-go · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21664Medium4.32024-01-09jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies.

Lif-platforms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49801Medium4.22024-01-12Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts.

Likeshop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0352High7.32024-01-09A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311.

Limitloginattempts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6934Medium6.42024-01-11The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on u…

Litespeedtech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-4372Medium6.42024-01-11The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes.

Live555 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-37117Critical9.82024-01-12A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.

Magazine3 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6782Medium6.42024-01-11The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escapi…

Mandelo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0356Medium4.32024-01-10A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic.

Mapster · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21744Medium6.52024-01-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc.

Mate-desktop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51698Critical9.62024-01-12Atril is a simple multi-page document viewer.

Matroska · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52339Medium6.52024-01-12In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing.

Maxfoundry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6594Medium4.42024-01-09The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping.

Meetyoucrop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7226Medium6.32024-01-11A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical.

Metagauss · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-36352Medium6.32024-01-08Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.

Michiel Van Eerd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52198Medium6.52024-01-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125.

Mongodb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-0437Medium5.32024-01-12When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e.

Motopress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6042High7.52024-01-08Any unauthenticated user may send e-mail from the site with any title or content to the admin

Mrousavy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21668Medium4.42024-01-09react-native-mmkv is a library that allows easy use of MMKV inside React Native applications.

Myrecorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6369Medium5.42024-01-11The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9.

Naziinfotech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5957High7.22024-01-08The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RC…

Netapp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21982Medium4.82024-01-12ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an adm…

Ninja Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51406Medium5.32024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.

Openssl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6129Medium6.52024-01-09Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions.

Openvpn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7224High7.82024-01-08OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

Oxygen Builder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6938Medium6.42024-01-11The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping.

Pallets · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22195Medium5.42024-01-11Jinja is an extensible templating engine.

Pickplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6645Medium6.42024-01-11The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escapin…

Piotnet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6220High8.12024-01-11The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.28.

Pluginus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6556Medium5.42024-01-11The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output…

Premio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7048Low3.12024-01-11The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6.

Prestashow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6921Critical9.82024-01-08Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification.

Proofpoint · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-5770Medium5.32024-01-09Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject.

Puma · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21647Medium5.92024-01-08Puma is a web server for Ruby/Rack applications built for parallelism.

Qemu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6683Medium6.52024-01-12A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages.

Quic-go · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-49295Medium6.42024-01-10quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go.

Red Hat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6476Medium6.52024-01-09A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined.

Repute Infosystems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52200Critical9.62024-01-08Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership…

Reputeinfosystems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6828High7.22024-01-11The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due…

Rextheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6529Medium6.12024-01-08The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vu…

Rocklobster · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6630Medium4.32024-01-11The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing…

Rubygems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21654Medium4.82024-01-12Rubygems.org is the Ruby community's gem hosting service.

Rymera · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-34344Medium5.42024-01-08Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Pri…

Saadiqbal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6875Critical9.82024-01-11The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app RE…

Schneider Electric · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7032High7.82024-01-09A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object.

Shortpixel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6737Medium4.72024-01-11The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping.

Simple-membership-plugin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6882Medium6.12024-01-11The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping.

Softaculous · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6598Medium4.32024-01-11The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedyca…

Sourcecodester · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0389Medium6.32024-01-10A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0.

Soxft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0344Medium5.52024-01-09A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1.

Strangerstudios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6855Medium5.32024-01-11The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability…

Studiowombat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51408Medium5.32024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing…

Subnet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6631High7.82024-01-08PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.

Synopsys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0226Medium4.82024-01-09Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.

Tagbox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52225Critical10.02024-01-08Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3…

Tasmoadmin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6552Medium6.12024-01-08Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.

Tecnick · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6554Medium6.52024-01-11When access to the "admin" folder is not protected by some external authorization mechanisms e.g.

Thehappymonster · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6632Medium6.12024-01-11The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sa…

Themepunch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6528High8.82024-01-08The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

Themeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6161Medium6.12024-01-08The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Theresehansen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6845High8.82024-01-08The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Trellix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0213High8.22024-01-09A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which run…

Ukrsolution · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52215Critical9.32024-01-08Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders.

Unknown · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6532High8.82024-01-08The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Unknown-o · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0354Medium5.32024-01-10A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8.

Videowhisper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52213High7.12024-01-08Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJ…

Vowelweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6684Medium6.42024-01-11The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width'…

Wazuh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-42463High7.42024-01-12Wazuh is a free and open source platform used for threat prevention, detection, and response.

Wclovers · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-4960Medium6.42024-01-11The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attribut…

Weavertheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6990Medium5.42024-01-11The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head…

Webtoffee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6558High7.22024-01-11The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8.

Wedevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21747High7.62024-01-08Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete…

Wp Swings · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52190High7.52024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.

Wpchill · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45354Medium5.32024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.

Wpdeveloper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-7071Medium6.42024-01-11The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient in…

Wpmu Dev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-51490Medium5.32024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a…

Wpsoul · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6636High7.22024-01-11The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2.

Yevhen Kotelnytskyi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-52216Medium4.32024-01-08Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3.

Zte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-41781Medium5.72024-01-10There is a Cross-site scripting (XSS)  vulnerability in ZTE MF258.

Škoda · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28899Medium4.72024-01-12By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed.