Search Results (365312 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-45958 1 Thirtybees 1 Thirty Bees 2024-11-21 6.1 Medium
Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload.
CVE-2023-45957 1 Thirtybees 1 Thirty Bees 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e->getMessage() error mishandling.
CVE-2023-45956 1 Govee 2 Led Strip, Led Strip Firmware 2024-11-21 7.5 High
An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands.
CVE-2023-45955 1 Nanoleaf 2 Lightstrip, Lightstrip Firmware 2024-11-21 7.5 High
An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.
CVE-2023-45952 1 Lylme 1 Lylme Spage 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-45951 1 Lylme 1 Lylme Spage 2024-11-21 9.8 Critical
lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.
CVE-2023-45909 1 Zzzcms 1 Zzzphp 2024-11-21 6.1 Medium
zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.
CVE-2023-45899 1 Idnovate 1 Superuser 2024-11-21 7.5 High
An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call.
CVE-2023-45897 2 Namjaejeon, Redhat 2 Exfatprogs, Enterprise Linux 2024-11-21 5.5 Medium
exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.
CVE-2023-45894 1 Parallels 1 Remote Application Server 2024-11-21 10.0 Critical
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques.
CVE-2023-45893 1 Floorsightsoftware 1 Customer Portal 2024-11-21 7.5 High
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
CVE-2023-45887 1 Nintendo 1 Ds Wireless Communication 2024-11-21 9.8 Critical
DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message.
CVE-2023-45886 2 F5, Ipinfusion 6 Big-ip Global Traffic Manager, Big-ip Local Traffic Manager, Big-ip Next and 3 more 2024-11-21 7.5 High
The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
CVE-2023-45885 1 Nasa 1 Openmct 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
CVE-2023-45884 1 Nasa 1 Openmct 2024-11-21 6.5 Medium
Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.
CVE-2023-45883 3 Enghouse, Microsoft, Qumu 3 Qumu, Windows, Mulitcast Extension 2024-11-21 7.8 High
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.
CVE-2023-45881 1 Gibbonedu 1 Gibbon 2024-11-21 6.1 Medium
GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response.
CVE-2023-45880 1 Gibbonedu 1 Gibbon 2024-11-21 7.2 High
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.
CVE-2023-45879 1 Gibbonedu 1 Gibbon 2024-11-21 5.4 Medium
GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.
CVE-2023-45875 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.