Search Results (366692 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-30867 1 Apache 1 Streampark 2024-11-21 4.9 Medium
In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage. Mitigation: Users are recommended to upgrade to version 2.1.2, which fixes the issue.
CVE-2023-30796 1 Siemens 2 Jt Open Toolkit, Jt Utilities 2024-11-21 7.8 High
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
CVE-2023-30795 1 Siemens 3 Jt Open, Jt Utilities, Parasolid 2024-11-21 7.8 High
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
CVE-2023-30791 1 Plane 1 Plane 2024-11-21 7.1 High
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
CVE-2023-30786 1 Fuzzguard 1 Captcha Them All 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <= 1.3.3 versions.
CVE-2023-30785 1 I13websolution 1 Video Grid 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Grid plugin <= 1.21 versions.
CVE-2023-30784 1 Kayastudio 1 Kaya Qr Code Generator 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kaya Studio Kaya QR Code Generator plugin <= 1.5.2 versions.
CVE-2023-30782 1 Churchadminplugin 1 Church Admin 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.
CVE-2023-30781 1 Themeblvd 1 Tweeple 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <= 0.9.5 versions.
CVE-2023-30779 1 Daggerheart 1 Query Wrangler 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan Daggerhart Query Wrangler plugin <= 1.5.51 versions.
CVE-2023-30778 1 Blubrry 1 Powerpress 2024-11-21 5.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.
CVE-2023-30776 1 Apache 1 Superset 2024-11-21 4.9 Medium
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
CVE-2023-30760 1 Intel 2 Realsense 450 Fa, Realsense 450 Fa Firmware 2024-11-21 3.3 Low
Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-30753 1 Ip Metaboxes Project 1 Ip Metaboxes 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1.
CVE-2023-30752 1 Gingertech 1 External Videos 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silvia Pfeiffer and Andrew Nimmo External Videos plugin <= 2.0.1 versions.
CVE-2023-30751 1 Icontrolwp 1 Article Directory Redux 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions.
CVE-2023-30749 1 Ihomefinder 1 Optima Express \+ Marketboost Idx 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 versions.
CVE-2023-30747 1 Wpgem 1 Woocommerce Easy Duplicate Product 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <= 0.3.0.0 versions.
CVE-2023-30745 1 Ip Metaboxes Project 1 Ip Metaboxes 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1 versions.
CVE-2023-30739 1 Samsung 1 Android 2024-11-21 6.7 Medium
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.