Total
262743 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-38276 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-09-11 | 5.9 Medium |
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | ||||
CVE-2023-34441 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2024-09-11 | 6.8 Medium |
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. | ||||
CVE-2023-40153 | 1 Dexma | 1 Dexgate | 2024-09-11 | 5.4 Medium |
The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software. | ||||
CVE-2023-41088 | 1 Dexma | 1 Dexgate | 2024-09-11 | 6.3 Medium |
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application. | ||||
CVE-2023-42435 | 1 Dexma | 1 Dexgate | 2024-09-11 | 5.5 Medium |
The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user. | ||||
CVE-2023-46067 | 1 Qwerty23 | 1 Rocket Font | 2024-09-11 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions. | ||||
CVE-2023-38735 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2024-09-11 | 5.7 Medium |
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482. | ||||
CVE-2023-46078 | 1 Pluginever | 1 Wc Serial Numbers | 2024-09-11 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. | ||||
CVE-2024-7500 | 2 Angeljudesuarez, Itsourcecode | 2 Airline Reservation System, Airline Reservation System | 2024-09-11 | 6.3 Medium |
A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273626 is the identifier assigned to this vulnerability. | ||||
CVE-2023-27148 | 1 Enhancesoft | 1 Osticket | 2024-09-11 | 4.8 Medium |
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. | ||||
CVE-2023-27149 | 1 Enhancesoft | 1 Osticket | 2024-09-11 | 4.8 Medium |
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. | ||||
CVE-2024-7506 | 2 Angeljudesuarez, Itsourcecode | 2 Tailoring Management System, Tailoring Management System | 2024-09-11 | 6.3 Medium |
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability. | ||||
CVE-2023-27152 | 1 Opnsense | 1 Opnsense | 2024-09-11 | 9.8 Critical |
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | ||||
CVE-2024-7505 | 2 Itsourcecode, Rainniar | 2 Bike Delivery System, Bike Delivery System | 2024-09-11 | 7.3 High |
A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273648. | ||||
CVE-2023-37635 | 1 Uvdesk | 1 Community-skeleton | 2024-09-11 | 9.8 Critical |
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | ||||
CVE-2023-42847 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-11 | 7.5 High |
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication. | ||||
CVE-2023-40421 | 1 Apple | 1 Macos | 2024-09-11 | 5.5 Medium |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data. | ||||
CVE-2024-39817 | 1 Cybozu | 1 Office | 2024-09-11 | 6.5 Medium |
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App. | ||||
CVE-2023-5728 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-09-11 | 7.5 High |
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
CVE-2023-5724 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-09-11 | 7.5 High |
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. |