Search Results (363351 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27877 1 Ibm 1 Cloud Pak For Data 2024-11-21 5.3 Medium
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.
CVE-2023-27866 1 Ibm 1 Informix Jdbc Driver 2024-11-21 6.3 Medium
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.
CVE-2023-27857 1 Rockwellautomation 1 Thinmanager 2024-11-21 7.5 High
In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer.  An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.
CVE-2023-27846 1 Themevolty 1 Theme Volty Cms Blog 2024-11-21 9.8 Critical
SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components.
CVE-2023-27845 1 Kerawen 1 Omnichannel Stocks 2024-11-21 9.8 Critical
SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.
CVE-2023-27812 1 Bloofox 1 Bloofoxcms 2024-11-21 9.1 Critical
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
CVE-2023-27795 1 Ixpdata 1 Easyinstall 2024-11-21 7.8 High
An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.
CVE-2023-27793 1 Ixpdata 1 Easyinstall 2024-11-21 7.8 High
An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.
CVE-2023-27792 1 Ixpdata 1 Easyinstall 2024-11-21 7.8 High
An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories.
CVE-2023-27791 1 Ixpdata 1 Easyinstall 2024-11-21 8.1 High
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG.
CVE-2023-27636 1 Progress 1 Sitefinity 2024-11-21 6.5 Medium
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
CVE-2023-27634 1 Intrepidity Project 1 Intrepidity 2024-11-21 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.
CVE-2023-27631 1 Mmrs151 1 Daily Prayer Time 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.
CVE-2023-27629 1 Geminilabs 1 Site Reviews 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.
CVE-2023-27628 1 Sitekit Project 1 Sitekit 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions.
CVE-2023-27624 1 Redirect After Login Project 1 Redirect After Login 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.
CVE-2023-27623 1 Jenst 1 Wp Page Numbers 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions.
CVE-2023-27622 1 Guruwalk 1 Guruwalk Affiliates 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions.
CVE-2023-27621 1 Mrdemonwolf 1 Livestream Notice 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions.
CVE-2023-27618 1 Agilelogix 1 Store Locator 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.