Search Results (366430 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4951 1 Greenrocketsecurity 1 Greenradius 2024-11-21 2 Low
A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.
CVE-2023-4949 2 Gnu, Xen 2 Grub, Xen 2024-11-21 8.1 High
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
CVE-2023-4933 1 Awsm 1 Wp Job Openings 2024-11-21 5.3 Medium
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
CVE-2023-4932 1 Sas 1 Integration Technologies 2024-11-21 6.3 Medium
SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.
CVE-2023-4931 1 Plesk 1 Plesk 2024-11-21 6.3 Medium
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.
CVE-2023-4929 1 Moxa 227 Nport 5100, Nport 5100a, Nport 5100ai M12 and 224 more 2024-11-21 6.5 Medium
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.
CVE-2023-4928 1 Instantcms 1 Icms2 2024-11-21 7.2 High
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.
CVE-2023-4922 1 Wpb Show Core Project 1 Wpb Show Core 2024-11-21 9.8 Critical
The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.
CVE-2023-4918 1 Redhat 2 Keycloak, Red Hat Single Sign On 2024-11-21 8.8 High
A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.
CVE-2023-4914 1 Cecil 1 Cecil 2024-11-21 7.5 High
Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.
CVE-2023-4913 1 Cecil 1 Cecil 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1.
CVE-2023-4899 1 Mintplexlabs 1 Anything-llm 2024-11-21 8.8 High
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
CVE-2023-4898 1 Mintplexlabs 1 Anything-llm 2024-11-21 7.5 High
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
CVE-2023-4897 1 Mintplexlabs 1 Anythingllm 2024-11-21 9.8 Critical
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
CVE-2023-4896 1 Arubanetworks 1 Airwave 2024-11-21 6.8 Medium
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
CVE-2023-4892 1 Sismics 1 Teedy 2024-11-21 5.7 Medium
Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.
CVE-2023-4891 2 Lenovo, Microsoft 2 View Driver, Windows 2024-11-21 5.5 Medium
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.
CVE-2023-4885 1 Open5gs 1 Open5gs 2024-11-21 6.5 Medium
Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.
CVE-2023-4884 1 Open5gs 1 Open5gs 2024-11-21 6.5 Medium
An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.
CVE-2023-4883 1 Open5gs 1 Open5gs 2024-11-21 7.5 High
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.