Search Results (366627 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-5629 1 Schneider-electric 32 Eb450, Eb450 Firmware, Eb45e and 29 more 2024-11-21 8.2 High
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.
CVE-2023-5627 1 Moxa 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more 2024-11-21 7.5 High
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
CVE-2023-5626 1 Sfu 1 Open Journal System 2024-11-21 8.8 High
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.
CVE-2023-5624 1 Tenable 1 Nessus Network Monitor 2024-11-21 7.2 High
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.
CVE-2023-5623 1 Tenable 1 Nessus Network Monitor 2024-11-21 7 High
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
CVE-2023-5622 1 Tenable 1 Nessus Network Monitor 2024-11-21 7.1 High
Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.
CVE-2023-5620 1 Webpushr 1 Web Push Notifications 2024-11-21 5.4 Medium
The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.
CVE-2023-5610 1 S-sols 1 Seraphinite Accelerator 2024-11-21 5.4 Medium
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect
CVE-2023-5609 1 S-sols 1 Seraphinite Accelerator 2024-11-21 6.1 Medium
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-5607 1 Trellix 1 Application And Change Control 2024-11-21 8.4 High
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.
CVE-2023-5605 1 Kaizencoders 1 Url Shortify 2024-11-21 4.8 Medium
The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-5599 1 Dassault 2 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 2024-11-21 5.4 Medium
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.
CVE-2023-5598 1 Dassault 2 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 2024-11-21 5.4 Medium
Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.
CVE-2023-5595 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.
CVE-2023-5594 1 Eset 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more 2024-11-21 7.5 High
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
CVE-2023-5593 1 Zyxel 1 Secuextender Ssl Vpn 2024-11-21 7.8 High
The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.
CVE-2023-5592 1 Phoenixcontact 2 Multiprog, Proconos Eclr 2024-11-21 7.5 High
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.
CVE-2023-5591 1 Librenms 1 Librenms 2024-11-21 6.5 Medium
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
CVE-2023-5590 1 Selenium 1 Selenium 2024-11-21 7.5 High
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.
CVE-2023-5588 1 Kpherox 1 Pleroma 2024-11-21 2.6 Low
A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.