Search Results (363341 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25033 1 Sumo 1 Social Share Boost 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions.
CVE-2023-25032 1 Printfriendly 1 Print\, Pdf\, Email By Printfriendly 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <= 5.5.1 versions.
CVE-2023-25029 1 Wp Social Bookmarking Light Project 1 Wp Social Bookmarking Light 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions.
CVE-2023-25028 1 Cc Custom Taxonomy Project 1 Cc Custom Taxonomy 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <= 1.0.1 versions.
CVE-2023-25025 1 Chetangole 1 Wp-copyprotect \[protect Your Blog Posts\] 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.
CVE-2023-25019 1 Premio 1 Chaty 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <= 3.0.9 versions
CVE-2023-24971 1 Ibm 2 B2b Advanced Communications, Multi-enterprise Integration Gateway 2024-11-21 7.5 High
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.
CVE-2023-24965 2 Ibm, Linux 2 Aspera Faspex, Linux Kernel 2024-11-21 5.8 Medium
IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.
CVE-2023-24959 1 Ibm 1 Infosphere Information Server 2024-11-21 5.3 Medium
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.
CVE-2023-24831 1 Apache 1 Iotdb 2024-11-21 9.8 Critical
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.
CVE-2023-24737 1 Sigb 1 Pmb 2024-11-21 6.1 Medium
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.
CVE-2023-24736 1 Sigb 1 Pmb 2024-11-21 9.8 Critical
PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.
CVE-2023-24735 1 Sigb 1 Pmb 2024-11-21 6.1 Medium
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL.
CVE-2023-24733 1 Sigb 1 Pmb 2024-11-21 6.1 Medium
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.
CVE-2023-24726 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 9.8 Critical
Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page.
CVE-2023-24698 1 Foswiki 1 Foswiki 2024-11-21 7.5 High
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.
CVE-2023-24675 1 Bludit 1 Bludit 2024-11-21 4.8 Medium
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL.
CVE-2023-24674 1 Bludit 1 Bludit 2024-11-21 7.8 High
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter.
CVE-2023-24621 1 Esotericsoftware 1 Yamlbeans 2024-11-21 7.8 High
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
CVE-2023-24620 1 Esotericsoftware 1 Yamlbeans 2024-11-21 5.5 Medium
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.