Search Results (363426 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28864 1 Progress 1 Chef Infra Server 2024-11-21 5.5 Medium
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
CVE-2023-28863 1 Ami 1 Megarac Sp-x 2024-11-21 9.1 Critical
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
CVE-2023-28830 1 Siemens 4 Jt2go, Solid Edge Se2022, Solid Edge Se2023 and 1 more 2024-11-21 7.8 High
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2023-28823 1 Intel 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more 2024-11-21 6.7 Medium
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-28819 1 Concretecms 1 Concrete Cms 2024-11-21 3.5 Low
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.
CVE-2023-28813 1 Hikvision 1 Localservicecomponents 2024-11-21 8.1 High
An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.
CVE-2023-28811 1 Hikvision 79 Ds-7104ni-q1\(c\), Ds-7104ni-q1\(c\) Firmware, Ds-7104ni-q1\(d\) and 76 more 2024-11-21 7.4 High
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE-2023-28804 1 Zscaler 1 Client Connector 2024-11-21 8.2 High
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105
CVE-2023-28803 1 Zscaler 1 Client Connector 2024-11-21 5.9 Medium
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.
CVE-2023-28801 1 Zscaler 1 Zscaler Internet Access Admin Portal 2024-11-21 9.6 Critical
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r.
CVE-2023-28794 1 Zscaler 1 Client Connector 2024-11-21 4.3 Medium
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.
CVE-2023-28791 1 Webtechforce 1 Simple Org Chart 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
CVE-2023-28790 1 Simple Staff List Project 1 Simple Staff List 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.
CVE-2023-28785 1 Yoast 1 Yoast Seo 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.
CVE-2023-28784 1 Contest-gallery 1 Contest Gallery 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.
CVE-2023-28783 1 Phpradar 1 Woocommerce Tip\/donation 2024-11-21 5.9 Medium
Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.
CVE-2023-28779 1 Simplecoding 1 Terms Descriptions 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.
CVE-2023-28778 1 Bestwebsoft 1 Pagination 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.
CVE-2023-28776 1 I13websolution 1 Continuous Image Carousel With Lightbox 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.
CVE-2023-28775 1 Yoast 1 Yoast Seo 2024-11-21 5.3 Medium
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4.