Search Results (363381 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-26563 1 Syncfusion 1 Nodejs File System Provider 2024-11-21 9.8 Critical
The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.
CVE-2023-26562 1 Zimbra 1 Collaboration 2024-11-21 6.5 Medium
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
CVE-2023-26543 1 Wp-meteor 1 Wp Meteor 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions.
CVE-2023-26541 1 Asmember Project 1 Asmember 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.
CVE-2023-26539 1 Advanced Text Widget Project 1 Advanced Text Widget 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions.
CVE-2023-26538 1 Chat Bee Project 1 Chat Bee 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions.
CVE-2023-26532 1 Accesspressthemes 1 Social Auto Poster 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
CVE-2023-26531 1 Wbolt 1 All-in-one Search Automatic Push Management 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7.
CVE-2023-26530 1 Updraftplus 1 Updraft 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Kehrer Updraft plugin <= 0.6.1 versions.
CVE-2023-26528 1 Shipyaari 1 Shipping Management 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jinit9906 Shipyaari Shipping Management plugin <= 1.0 versions.
CVE-2023-26527 1 Wpindeed 1 Debug Assistant 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.
CVE-2023-26523 1 Codepeople 1 Calculated Fields Form 2024-11-21 4.3 Medium
Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.
CVE-2023-26518 1 Accesspressthemes 1 Wp Tfeed 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions.
CVE-2023-26516 1 Wpindeed 1 Debug Assistant 2024-11-21 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.
CVE-2023-26515 1 Simple Slug Translate Project 1 Simple Slug Translate 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions.
CVE-2023-26469 1 Jorani 1 Jorani 2024-11-21 9.8 Critical
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
CVE-2023-26455 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 5.6 Medium
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
CVE-2023-26454 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 7.6 High
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
CVE-2023-26453 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 7.6 High
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
CVE-2023-26452 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 7.6 High
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.