Search Results (363303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-5105 1 Najeebmedia 1 Frontend File Manager Plugin 2024-11-21 6.5 Medium
The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`
CVE-2023-5103 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 4.3 Medium
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe.
CVE-2023-5100 1 Sick 2 Apu0200, Apu0200 Firmware 2024-11-21 5.9 Medium
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted.
CVE-2023-5079 1 Lenovo 1 Lecloud 2024-11-21 7.5 High
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.
CVE-2023-5078 1 Lenovo 40 Thinkpad L13 Gen 2, Thinkpad L13 Gen 2 Firmware, Thinkpad L13 Gen 3 and 37 more 2024-11-21 6.7 Medium
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
CVE-2023-5077 2 Hashicorp, Redhat 3 Vault, Openshift, Openshift Data Foundation 2024-11-21 7.6 High
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
CVE-2023-5075 1 Lenovo 2 Ideapad Duet 3 10igl5, Ideapad Duet 3 10igl5 Firmware 2024-11-21 6.7 Medium
A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
CVE-2023-5074 1 Dlink 1 D-view 8 2024-11-21 9.8 Critical
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28
CVE-2023-5060 1 Librenms 1 Librenms 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
CVE-2023-5057 1 Automattic 1 Activitypub 2024-11-21 5.4 Medium
The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks
CVE-2023-5055 1 Zephyrproject 1 Zephyr 2024-11-21 8.3 High
Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.
CVE-2023-5053 1 Projectworlds 1 Hospital Management System In Php 2024-11-21 9.8 Critical
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
CVE-2023-5038 1 Hanwhavision 366 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 363 more 2024-11-21 7.5 High
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
CVE-2023-5037 1 Hanwhavision 366 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 363 more 2024-11-21 7.2 High
badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
CVE-2023-5036 1 Usememos 1 Memos 2024-11-21 8.8 High
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
CVE-2023-5035 1 Moxa 2 Eds-g503, Eds-g503 Firmware 2024-11-21 3.1 Low
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVE-2023-5034 1 My Food Recipe Project 1 My Food Recipe 2024-11-21 6.3 Medium
A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239878 is the identifier assigned to this vulnerability.
CVE-2023-5033 1 Openrapid 1 Rapidcms 2024-11-21 6.3 Medium
A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /admin/category/cate-edit-run.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239877 was assigned to this vulnerability.
CVE-2023-5032 1 Openrapid 1 Rapidcms 2024-11-21 6.3 Medium
A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/article/article-edit-run.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239876.
CVE-2023-5031 1 Openrapid 1 Rapidcms 2024-11-21 6.3 Medium
A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239875.