Search Results (366632 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-30591 1 Nodebb 1 Nodebb 2024-11-21 7.5 High
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
CVE-2023-30576 1 Apache 1 Guacamole 2024-11-21 6.8 Medium
Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.
CVE-2023-30575 1 Apache 1 Guacamole 2024-11-21 6.5 Medium
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
CVE-2023-30565 1 Bd 1 Guardrails Cqi Reporter 2024-11-21 3.5 Low
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.
CVE-2023-30564 1 Bd 1 Alaris Systems Manager 2024-11-21 6.9 Medium
Alaris Systems Manager does not perform input validation during the Device Import Function.
CVE-2023-30563 1 Bd 1 Alaris Systems Manager 2024-11-21 8.2 High
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
CVE-2023-30562 1 Bd 1 Alaris Guardrails Editor 2024-11-21 3 Low
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.
CVE-2023-30561 1 Bd 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware 2024-11-21 6.1 Medium
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.
CVE-2023-30560 2 Bd, Becton Dickinson And Co 3 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware, Bd Alarisa Point Of Care Unit Model 8015 2024-11-21 6.8 Medium
The configuration from the PCU can be modified without authentication using physical connection to the PCU.
CVE-2023-30559 1 Bd 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware 2024-11-21 5.2 Medium
The firmware update package for the wireless card is not properly signed and can be modified.
CVE-2023-30500 1 Wpforms 2 Contact Form, Wpforms 2024-11-21 5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions.
CVE-2023-30499 1 Foliovision 1 Fv Flowplayer Video Player 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions.
CVE-2023-30498 1 Codeflavors 1 Vimeotheque 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <= 2.2.1 versions.
CVE-2023-30496 1 Mage-people 1 Bus Ticket Booking With Seat Reservation 2024-11-21 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions.
CVE-2023-30494 1 Imagerecycle 1 Imagerecycle Pdf \& Image Compression 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.10 versions.
CVE-2023-30493 1 Themefic 1 Ultimate Addons For Contact Form 7 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions.
CVE-2023-30491 1 Codebard 1 Codebard\'s Patron Button And Widgets For Patreon 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions.
CVE-2023-30489 1 I13websolution 1 Email Subscription Popup 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.
CVE-2023-30485 1 Solwininfotech 1 Avartan-slider-lite 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin <= 1.5.3 versions.
CVE-2023-30483 1 Kibokolabs 1 Watu Quiz 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.9.2 versions.