Search Results (362508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-6020 1 Ray Project 1 Ray 2024-11-21 7.5 High
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.
CVE-2023-6018 1 Lfprojects 1 Mlflow 2024-11-21 9.8 Critical
An attacker can overwrite any file on the server hosting MLflow without any authentication.
CVE-2023-6017 1 H2o 1 H2o 2024-11-21 7.1 High
H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.
CVE-2023-6016 1 H2o 1 H2o 2024-11-21 9.8 Critical
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.
CVE-2023-6015 1 Lfprojects 1 Mlflow 2024-11-21 7.5 High
MLflow allowed arbitrary files to be PUT onto the server.
CVE-2023-6014 1 Lfprojects 1 Mlflow 2024-11-21 9.8 Critical
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVE-2023-6012 1 Lanaccess 1 Onsafe Monitorhm 2024-11-21 8.3 High
An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure.
CVE-2023-6002 1 Yugabyte 1 Yugabytedb 2024-11-21 6.5 Medium
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
CVE-2023-6001 1 Yugabyte 1 Yugabytedb 2024-11-21 5.3 Medium
Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.
CVE-2023-5998 1 Gpac 1 Gpac 2024-11-21 7.5 High
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5993 2024-11-21 7.8 High
A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access.
CVE-2023-5991 1 Motopress 1 Hotel Booking Lite 2024-11-21 9.8 Critical
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
CVE-2023-5990 1 Funnelforms 1 Funnelforms Free 2024-11-21 6.5 Medium
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks
CVE-2023-5987 1 Schneider-electric 1 Ecostruxure Power Monitoring Expert 2024-11-21 6.1 Medium
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
CVE-2023-5985 1 Schneider-electric 4 Ion8650, Ion8650 Firmware, Ion8800 and 1 more 2024-11-21 4.8 Medium
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values.
CVE-2023-5979 1 Implecode 1 Ecommerce Product Catalog 2024-11-21 6.5 Medium
The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products
CVE-2023-5976 1 Microweber 1 Microweber 2024-11-21 4.3 Medium
Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5972 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2024-11-21 7 High
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
CVE-2023-5970 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-11-21 8.8 High
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
CVE-2023-5969 1 Mattermost 1 Mattermost 2024-11-21 5.3 Medium
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.