Search Results (366658 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-5906 1 Themehigh 1 Job Manager \& Career 2024-11-21 7.5 High
The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.
CVE-2023-5901 1 Sfu 1 Pkp Web Application Library 2024-11-21 3.5 Low
Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5889 1 Pkp 1 Pkp Web Application Library 2024-11-21 8.2 High
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2023-5886 1 Soflyy 2 Export Any Wordpress Data To Xml\/csv, Wp All Export 2024-11-21 8.8 High
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution.
CVE-2023-5885 1 Franklinfueling 2 Colibri, Colibri Firmware 2024-11-21 6.5 Medium
The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.
CVE-2023-5884 1 Back2nature 1 Word Balloon 2024-11-21 6.5 Medium
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
CVE-2023-5881 1 Geniecompany 2 Aladdin Connect Garage Door Opener, Aladdin Connect Garage Door Opener Firmware 2024-11-21 8.2 High
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.
CVE-2023-5880 1 Geniecompany 2 Aladdin Connect Garage Door Opener, Aladdin Connect Garage Door Opener Firmware 2024-11-21 8.8 High
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser. 
CVE-2023-5876 1 Mattermost 1 Mattermost Desktop 2024-11-21 3.1 Low
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
CVE-2023-5875 1 Mattermost 1 Mattermost Desktop 2024-11-21 3.7 Low
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
CVE-2023-5866 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 5.7 Medium
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
CVE-2023-5865 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 9.8 Critical
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
CVE-2023-5864 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
CVE-2023-5863 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
CVE-2023-5862 1 Hamza417 1 Inure 2024-11-21 3.3 Low
Missing Authorization in GitHub repository hamza417/inure prior to Build95.
CVE-2023-5861 1 Microweber 1 Microweber 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5847 3 Linux, Microsoft, Tenable 4 Linux Kernel, Windows, Nessus and 1 more 2024-11-21 6.7 Medium
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
CVE-2023-5846 1 Franklinfueling 2 Ts-550 Evo, Ts-550 Evo Firmware 2024-11-21 8.3 High
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.
CVE-2023-5845 1 Wpbrigade 1 Simple Social Buttons 2024-11-21 5.3 Medium
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
CVE-2023-5842 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.