Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41734 1 Nigauri 1 Insert Estimated Reading Time 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions.
CVE-2023-41733 1 Yydevelopment 1 Back To The Top Button 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions.
CVE-2023-41732 1 Dwbooster 1 Cp Blocks 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.
CVE-2023-41731 1 I13websolution 1 Wordpress Publish Post Email Notification 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions.
CVE-2023-41726 1 Ivanti 1 Avalanche 2024-11-21 7.8 High
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
CVE-2023-41725 1 Ivanti 1 Avalanche 2024-11-21 7.8 High
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
CVE-2023-41723 1 Veeam 1 One 2024-11-21 4.3 Medium
A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.
CVE-2023-41721 1 Ui 6 Unifi Dream Machine, Unifi Dream Machine Pro, Unifi Dream Machine Special Edition and 3 more 2024-11-21 5.3 Medium
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.
CVE-2023-41720 1 Ivanti 1 Connect Secure 2024-11-21 7.8 High
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.
CVE-2023-41719 1 Ivanti 1 Connect Secure 2024-11-21 7.2 High
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
CVE-2023-41717 1 Zscaler 1 Zscaler Proxy 2024-11-21 5.5 Medium
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.
CVE-2023-41713 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-11-21 7.5 High
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
CVE-2023-41712 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-11-21 6.5 Medium
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
CVE-2023-41711 1 Sonicwall 61 Nsa2700, Nsa3700, Nsa4700 and 58 more 2024-11-21 6.5 Medium
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
CVE-2023-41699 1 Payara 1 Payara 2024-11-21 6.1 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.
CVE-2023-41697 1 Nikunjsoni 1 Easy Wp Cleaner 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions.
CVE-2023-41693 1 Plainviewplugins 1 Mycryptocheckout 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.
CVE-2023-41692 1 Hennessey 1 Attorney 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <= 3 theme.
CVE-2023-41691 1 Pensopay 1 Woocommerce Pensopay 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.
CVE-2023-41687 1 Goods Catalog Project 1 Goods Catalog 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions.