Search Results (366890 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2316 3 Linux, Microsoft, Typora 3 Linux Kernel, Windows, Typora 2024-11-21 7.4 High
Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.
CVE-2023-2315 1 Opencart 1 Opencart 2024-11-21 8.1 High
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
CVE-2023-2309 1 Gvectors 1 Wpforo Forum 2024-11-21 6.1 Medium
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.
CVE-2023-2294 1 Ucms Project 1 Ucms 2024-11-21 3.5 Low
A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability.
CVE-2023-2293 1 Purchase Order Management System Project 1 Purchase Order Management System 2024-11-21 2.4 Low
A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463.
CVE-2023-2272 1 Tiempo 1 Tiempo 2024-11-21 6.1 Medium
The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-2271 1 Tiempo 1 Tiempo 2024-11-21 4.3 Medium
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack
CVE-2023-2270 2 Microsoft, Netskope 2 Windows, Netskope 2024-11-21 7 High
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine.
CVE-2023-2269 5 Debian, Fedoraproject, Linux and 2 more 14 Debian Linux, Fedora, Linux Kernel and 11 more 2024-11-21 4.4 Medium
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.
CVE-2023-2268 1 Plane 1 Plane 2024-11-21 7.1 High
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.
CVE-2023-2267 1 Selinc 2 Sel-411l, Sel-411l Firmware 2024-11-21 4.3 Medium
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
CVE-2023-2266 1 Selinc 2 Sel-411l, Sel-411l Firmware 2024-11-21 4.3 Medium
An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
CVE-2023-2265 1 Selinc 2 Sel-411l, Sel-411l Firmware 2024-11-21 4.3 Medium
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details.
CVE-2023-2263 1 Rockwellautomation 2 Kinetix 5700, Kinetix 5700 Firmware 2024-11-21 7.5 High
The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing.  The new ENIP connections cannot be established if impacted by this vulnerability,  which prohibits operational capabilities of the device resulting in a denial-of-service attack.
CVE-2023-2262 1 Rockwellautomation 66 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 63 more 2024-11-21 9.8 Critical
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
CVE-2023-2255 3 Debian, Libreoffice, Redhat 3 Debian Linux, Libreoffice, Enterprise Linux 2024-11-21 5.3 Medium
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.
CVE-2023-2254 1 Ko-fi 1 Ko-fi Button 2024-11-21 4.8 Medium
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.
CVE-2023-2244 1 Oretnom23 1 Online Eyewear Shop 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227229 was assigned to this vulnerability.
CVE-2023-2243 1 Complaint Management System Project 1 Complaint Management System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file users/registration.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227228.
CVE-2023-2242 1 Oretnom23 1 Online Computer And Laptop Store 2024-11-21 6.3 Medium
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227.