Search Results (363357 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25782 1 Plustime 1 Service Area Postcode Checker 2024-11-21 5.9 Medium
Auth. (admin+) vulnerability in Second2none Service Area Postcode Checker plugin <= 2.0.8 versions.
CVE-2023-25781 1 Upload File Type Settings Plugin Project 1 Upload File Type Settings Plugin 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions.
CVE-2023-25779 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 6.7 Medium
Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25777 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 7.9 High
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25774 1 Softether 1 Vpn 2024-11-21 7.5 High
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.
CVE-2023-25773 1 Intel 1 Unite 2024-11-21 7.5 High
Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25770 1 Honeywell 2 C300, C300 Firmware 2024-11-21 9.8 Critical
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-25769 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 5.5 Medium
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-25757 1 Intel 1 Unison 2024-11-21 7.3 High
Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.
CVE-2023-25753 1 Apache 1 Shenyu 2024-11-21 6.5 Medium
There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch  https://github.com/apache/shenyu/pull/4776  .
CVE-2023-25716 1 Announce From The Dashboard Project 1 Announce From The Dashboard 2024-11-21 5.9 Medium
Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.
CVE-2023-25706 1 Pagup 1 Better Robots.txt 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.
CVE-2023-25697 1 Gamipress 1 Gamipress 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.
CVE-2023-25696 1 Apache 1 Apache-airflow-providers-apache-hive 2024-11-21 9.8 Critical
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.
CVE-2023-25682 1 Ibm 1 Sterling B2b Integrator 2024-11-21 6.2 Medium
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.
CVE-2023-25651 1 Zte 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more 2024-11-21 4.3 Medium
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
CVE-2023-25649 1 Zte 2 Mf286r, Mf286r Firmware 2024-11-21 6.8 Medium
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVE-2023-25647 1 Zte 8 Axon 30, Axon 30 Firmware, Axon 40 Pro and 5 more 2024-11-21 4.7 Medium
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
CVE-2023-25643 1 Zte 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more 2024-11-21 8.4 High
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.
CVE-2023-25642 1 Zte 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more 2024-11-21 5.9 Medium
There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack.