Search Results (366805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32163 2 Microsoft, Wacom 3 Windows, Driver, Drivers For Windows 2024-11-21 7.8 High
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.
CVE-2023-32162 2 Microsoft, Wacom 3 Windows, Driver, Drivers For Windows 2024-11-21 7.8 High
Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318.
CVE-2023-32130 1 Danielpowney 1 Multi Rating 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.
CVE-2023-32124 1 Arulprasadj 1 Publish Confirm Message 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.
CVE-2023-32122 1 Spiffyplugins 1 Spiffy Calendar 2024-11-21 5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.
CVE-2023-32119 1 Wpo365 1 Mail Integration For Office 365 \/ Outlook 2024-11-21 5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions.
CVE-2023-32118 1 Wpoperation 1 Salert - Fake Sales Notification Woocommerce 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions.
CVE-2023-32116 1 Totalpress 1 Custom Post Types 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.
CVE-2023-32109 1 Eduva 1 Albo Pretorio Online 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.
CVE-2023-32108 1 Eduva 1 Albo Pretorio Online 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.
CVE-2023-32107 1 Ays-pro 1 Photo Gallery 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.
CVE-2023-32105 1 Wp-pizza 1 Wppizza 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions.
CVE-2023-32104 1 Target-info 1 Mycurator Content Curation 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.
CVE-2023-32103 1 Themepalace 1 Tp Education 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions.
CVE-2023-32102 1 Pexlechris 1 Library Viewer 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <= 2.0.6 versions.
CVE-2023-32091 1 Poeditor 1 Poeditor 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.
CVE-2023-32090 2 Pega, Pegasystems 2 Pega Platform, Pega Platform 2024-11-21 9.8 Critical
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials
CVE-2023-32089 1 Pega 1 Platform 2024-11-21 4.6 Medium
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
CVE-2023-32088 1 Pega 1 Platform 2024-11-21 4.6 Medium
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
CVE-2023-32087 1 Pega 1 Platform 2024-11-21 4.6 Medium
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation