Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24486 1 Citrix 1 Workspace 2024-11-21 5.5 Medium
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
CVE-2023-24479 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 9.8 Critical
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-24478 1 Intel 1 Quartus Prime 2024-11-21 5.5 Medium
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-24477 1 Nozominetworks 2 Cmc, Guardian 2024-11-21 7 High
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.
CVE-2023-24474 1 Honeywell 4 Direct Station, Engineering Station, Experion Server and 1 more 2024-11-21 7.5 High
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
CVE-2023-24473 1 Openimageio 1 Openimageio 2024-11-21 5.3 Medium
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2023-24471 1 Nozominetworks 2 Cmc, Guardian 2024-11-21 6.5 Medium
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.
CVE-2023-24463 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 4.3 Medium
Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-24451 1 Jenkins 1 Cisco Spark 2024-11-21 4.3 Medium
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2023-24421 1 Wpengine 1 Php Compatibility Checker 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions.
CVE-2023-24420 1 Zestard 1 Admin Side Data Storage For Contact Form 7 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions.
CVE-2023-24419 1 Strategy11 1 Formidable Form Builder 2024-11-21 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.
CVE-2023-24417 1 Tiggerswelt 1 Worthy 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.
CVE-2023-24415 1 Quantumcloud 1 Chatbot 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
CVE-2023-24413 1 I13websolution 1 Wordpress Vertical Image Slider 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions.
CVE-2023-24412 1 Web-settler 1 Image Social Feed 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.
CVE-2023-24405 1 Wpplugin 1 Paypal \& Stripe Add-on 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
CVE-2023-24401 1 Davidsword 1 Mobile Call Now \& Map Buttons 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.
CVE-2023-24397 1 Reservation 1 Reservation.studio 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.
CVE-2023-24396 1 Vikwp 1 Vikbooking Hotel Booking Engine \& Pms 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.