Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41676 1 Fortinet 1 Fortisiem 2024-11-21 4.2 Medium
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs.
CVE-2023-41675 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 4.8 Medium
A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.
CVE-2023-41673 1 Fortinet 1 Fortiadc 2024-11-21 6.9 Medium
An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.
CVE-2023-41672 1 Remileclercq 1 Hide Admin Notices - Admin Notification Center Plugin 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions.
CVE-2023-41670 1 Palasthotel 1 Use Memcached 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions.
CVE-2023-41669 1 Daext 1 Live News 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions.
CVE-2023-41668 1 Leadster 1 Leadster 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.
CVE-2023-41667 1 Ulfbenjaminsson 1 Wp-dtree 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.
CVE-2023-41666 1 Stockdio 1 Stock Quotes List 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions.
CVE-2023-41661 1 Smarty 1 Smarty 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.
CVE-2023-41660 1 Wpsynchro 1 Wp Synchro 2024-11-21 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions.
CVE-2023-41659 1 Bdwm 1 Responsive Gallery Grid 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.
CVE-2023-41658 1 I13websolution 1 Web Solution Photo Gallery Slideshow \& Masonry Tiled Gallery 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions.
CVE-2023-41657 1 Groundhogg 1 Hollerbox 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions.
CVE-2023-41653 1 Bearthemes 1 Sermon\'e - Sermons Online 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
CVE-2023-41650 1 Remove\/hide Author\, Date\, Category Like Entry-meta Project 1 Remove\/hide Author\, Date\, Category Like Entry-meta 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions.
CVE-2023-41646 1 Perrymitchell 1 Buttercup 2024-11-21 5.3 Medium
Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/
CVE-2023-41642 1 Grupposcai 1 Realgimm 2024-11-21 6.1 Medium
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.
CVE-2023-41640 1 Grupposcai 1 Realgimm 2024-11-21 8.8 High
An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.
CVE-2023-41638 1 Grupposcai 1 Realgimm 2024-11-21 8.8 High
An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.