Search Results (363384 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28819 1 Concretecms 1 Concrete Cms 2024-11-21 3.5 Low
Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names.
CVE-2023-28813 1 Hikvision 1 Localservicecomponents 2024-11-21 8.1 High
An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.
CVE-2023-28811 1 Hikvision 79 Ds-7104ni-q1\(c\), Ds-7104ni-q1\(c\) Firmware, Ds-7104ni-q1\(d\) and 76 more 2024-11-21 7.4 High
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE-2023-28804 1 Zscaler 1 Client Connector 2024-11-21 8.2 High
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105
CVE-2023-28803 1 Zscaler 1 Client Connector 2024-11-21 5.9 Medium
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.
CVE-2023-28801 1 Zscaler 1 Zscaler Internet Access Admin Portal 2024-11-21 9.6 Critical
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r.
CVE-2023-28794 1 Zscaler 1 Client Connector 2024-11-21 4.3 Medium
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.
CVE-2023-28791 1 Webtechforce 1 Simple Org Chart 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
CVE-2023-28790 1 Simple Staff List Project 1 Simple Staff List 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.
CVE-2023-28785 1 Yoast 1 Yoast Seo 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.
CVE-2023-28784 1 Contest-gallery 1 Contest Gallery 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.
CVE-2023-28783 1 Phpradar 1 Woocommerce Tip\/donation 2024-11-21 5.9 Medium
Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.
CVE-2023-28779 1 Simplecoding 1 Terms Descriptions 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.
CVE-2023-28778 1 Bestwebsoft 1 Pagination 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.
CVE-2023-28776 1 I13websolution 1 Continuous Image Carousel With Lightbox 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.
CVE-2023-28775 1 Yoast 1 Yoast Seo 2024-11-21 5.3 Medium
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4.
CVE-2023-28774 1 Grade 1 Review Stream 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions.
CVE-2023-28773 1 Kolja-nolte 1 Secondary Title 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions.
CVE-2023-28768 1 Zyxel 22 Xgs2220-30, Xgs2220-30 Firmware, Xgs2220-30f and 19 more 2024-11-21 6.5 Medium
Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.
CVE-2023-28767 1 Zyxel 47 Atp Series Firmware, Usg 20w-vpn, Usg 20w-vpn Firmware and 44 more 2024-11-21 8.8 High
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.