Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34210 1 Easyuse 1 Mailhunter Ultimate 2024-11-21 7.7 High
SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.
CVE-2023-34209 1 Easyuse 1 Mailhunter Ultimate 2024-11-21 5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.
CVE-2023-34208 1 Easyuse 1 Mailhunter Ultimate 2024-11-21 6.5 Medium
Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.
CVE-2023-34207 1 Easyuse 1 Mailhunter Ultimate 2024-11-21 9.9 Critical
Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.
CVE-2023-34197 1 Zohocorp 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus 2024-11-21 5.4 Medium
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.
CVE-2023-34196 1 Keyfactor 1 Ejbca 2024-11-21 8.2 High
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.
CVE-2023-34195 1 Insyde 1 Insydeh2o 2024-11-21 7.8 High
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set.
CVE-2023-34193 1 Zimbra 1 Collaboration 2024-11-21 8.8 High
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.
CVE-2023-34187 1 Alantien 1 Call Now Icon Animate 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Tien Call Now Icon Animate plugin <= 0.1.0 versions.
CVE-2023-34184 1 Bhavikpatel 1 Woocommerce-order-address-print 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions.
CVE-2023-34183 1 Unitegallery 1 Unite Gallery Lite 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.
CVE-2023-34180 1 Kaplugins 1 Free-google-fonts 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <= 3.0.0 versions.
CVE-2023-34176 1 Chilexpress 1 Chilexpress-oficial 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <= 1.2.9 versions.
CVE-2023-34175 1 Login Configurator Project 1 Login Configurator 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.
CVE-2023-34174 1 Bbsetheme 1 Bbs E-popup 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions.
CVE-2023-34173 1 Yandex Metrica Counter Project 1 Yandex Metric Counter 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Semikashev Yandex Metrica Counter plugin <= 1.4.3 versions.
CVE-2023-34172 1 Miled 1 Wordpress Social Login 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.
CVE-2023-34164 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.
CVE-2023-34150 1 Apache 1 Any23 2024-11-21 6.5 Medium
** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.
CVE-2023-34143 3 Hitachi, Linux, Microsoft 3 Device Manager, Linux Kernel, Windows 2024-11-21 5.6 Medium
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.