Search Results (336596 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24391 1 Spiderteams 1 Applyonline - Application Form Builder And Manager 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.
CVE-2023-24390 1 Wesecur 1 Wesecur 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.
CVE-2023-24389 1 Brandid 1 Social Proof \(testimonial\) Slider 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.
CVE-2023-24388 1 Wpdevart 1 Booking Calendar 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
CVE-2023-24385 1 Davidlingren 1 Media Library Assistant 2024-11-21 5.9 Medium
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.
CVE-2023-24381 1 Nsthemes 1 Advanced Social Pixel 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.
CVE-2023-24380 1 Webbjocke 1 Simple Wp Sitemap 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.
CVE-2023-24379 2024-11-21 6.8 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through 3.1.9.9.
CVE-2023-24294 1 Zumtobel 2 Netlink Ccd, Netlink Ccd Firmware 2024-11-21 7.5 High
Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.
CVE-2023-24256 1 Nio 3 Aspen, Ec6, Ec6 Aspen 2024-11-21 7.8 High
An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.
CVE-2023-24229 1 Draytek 2 Vigor2960, Vigor2960 Firmware 2024-11-21 7.8 High
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24135 1 Jensenofscandinavia 2 Eagle 1200ac, Eagle 1200ac Firmware 2024-11-21 7.8 High
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter.
CVE-2023-24099 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24095 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24070 1 Misp-project 1 Malware Information Sharing Platform 2024-11-21 6.1 Medium
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
CVE-2023-24069 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2024-11-21 3.3 Low
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
CVE-2023-24068 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2024-11-21 7.8 High
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
CVE-2023-24055 1 Keepass 1 Keepass 2024-11-21 5.5 Medium
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
CVE-2023-24052 1 Connectize 2 Ac21000 G6, Ac21000 G6 Firmware 2024-11-21 8.8 High
An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.
CVE-2023-24051 1 Connectize 2 Ac21000 G6, Ac21000 G6 Firmware 2024-11-21 8.8 High
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks.