Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-35048 1 Magepeople 1 Booking \& Rental Manager 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions.
CVE-2023-35047 1 Areoi 1 All Bootstrap Blocks 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions.
CVE-2023-35044 1 Securimage-wp-fixed Project 1 Securimage-wp-fixed 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.
CVE-2023-35043 1 Recent Posts Slider Project 1 Recent Posts Slider 2024-11-21 7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
CVE-2023-35041 1 Webpushr 1 Web Push Notifications 2024-11-21 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0 versions.
CVE-2023-35038 1 Wpexperts 1 Wp Pdf Generator 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.
CVE-2023-35030 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 8.8 High
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
CVE-2023-35029 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 6.1 Medium
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
CVE-2023-35024 1 Ibm 1 Cloud Pak For Business Automation 2024-11-21 4.6 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.
CVE-2023-35020 3 Ibm, Linux, Microsoft 5 Aix, Linux On Ibm Z, Sterling Control Center and 2 more 2024-11-21 5.4 Medium
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.
CVE-2023-35019 1 Ibm 1 Security Verify Governance 2024-11-21 7.2 High
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.
CVE-2023-35018 1 Ibm 1 Security Verify Governance 2024-11-21 3.3 Low
IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382.
CVE-2023-35016 1 Ibm 1 Security Verify Governance 2024-11-21 6.5 Medium
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.
CVE-2023-35013 1 Ibm 1 Security Verify Governance 2024-11-21 2.3 Low
IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769.
CVE-2023-35012 3 Ibm, Linux, Microsoft 5 Aix, Db2, Db2 For Linux Unix And Windows and 2 more 2024-11-21 6.7 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.
CVE-2023-35005 1 Apache 1 Airflow 2024-11-21 6.5 Medium
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.
CVE-2023-35003 1 Intel 1 Virtual Raid On Cpu 2024-11-21 6.7 Medium
Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34999 1 Bosch 1 Rts Vlink Virtual Matrix 2024-11-21 8.4 High
A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface.
CVE-2023-34997 1 Intel 1 Server Configuration Utility 2024-11-21 6.7 Medium
Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34995 1 Piigab 2 M-bus 900s, M-bus 900s Firmware 2024-11-21 7.5 High
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.