Search Results (365174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29724 1 Bt21 X Bts Wallpaper Project 1 Bt21 X Bts Wallpaper 2025-01-08 7.8 High
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.
CVE-2023-28469 1 Arm 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver 2025-01-08 5.5 Medium
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0.
CVE-2023-28177 1 Mozilla 1 Firefox 2025-01-08 8.8 High
Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111.
CVE-2023-28176 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-08 8.8 High
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
CVE-2023-27640 1 Tshirtecommerce 1 Custom Product Designer 2025-01-08 7.5 High
An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.
CVE-2023-6103 1 Intelbras 2 Rx 1500, Rx 1500 Firmware 2025-01-08 2.4 Low
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-34092 1 Vitejs 1 Vite 2025-01-08 7.5 High
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`['.env', '.env.*', '*.{crt,pem}']`). Only users explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5, vite@3.2.7, and vite@2.9.16.
CVE-2023-47117 1 Humansignal 1 Label Studio 2025-01-08 7.5 High
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-47697 1 Wp-eventmanager 1 Wp Event Manager 2025-01-08 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <= 3.1.39 versions.
CVE-2023-47696 1 Gravitymaster 1 Product Enquiry For Woocommerce 2025-01-08 7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.
CVE-2023-47695 1 Scribit 1 Shortcodes Finder 2025-01-08 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <= 1.5.3 versions.
CVE-2023-47690 1 Antonbond 1 Additional Order Filters For Woocommerce 2025-01-08 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions.
CVE-2023-47684 1 Themepunch 1 Essential Grid 2025-01-08 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions.
CVE-2023-47680 1 Qodeinteractive 1 Qi Addons For Elementor 2025-01-08 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions.
CVE-2023-47673 1 Thecrowned 1 Post Pay Counter 2025-01-08 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano Ottolenghi Post Pay Counter plugin <= 2.784 versions.
CVE-2023-47665 1 Plainviewplugins 1 Plainview Protect Passwords 2025-01-08 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_plainview Plainview Protect Passwords plugin <= 1.4 versions.
CVE-2023-34339 1 Jetbrains 1 Ktor 2025-01-08 3.3 Low
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
CVE-2023-47662 1 Goldbroker 1 Live Gold Price \& Silver Price Charts Widgets 2025-01-08 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GoldBroker.Com Live Gold Price & Silver Price Charts Widgets plugin <= 2.4 versions.
CVE-2023-47710 1 Ibm 1 Security Guardium 2025-01-08 5.4 Medium
IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525.
CVE-2024-45345 2025-01-08 N/A
reserved but not needed