Search Results (363351 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27617 1 Carrcommunications 1 Rsvpmaker 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
CVE-2023-27616 1 Carrcommunications 1 Rsvpmaker 2024-11-21 7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
CVE-2023-27615 1 Dipakgajjar 1 Wp Super Minify 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions.
CVE-2023-27613 1 Monitorclick 1 Forms Ada 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada – Form Builder plugin <= 1.0 versions.
CVE-2023-27612 1 Geminilabs 1 Site Reviews 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.
CVE-2023-27611 1 Jeanbaptisteaudras 1 Reusable Blocks Extended 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions.
CVE-2023-27606 1 Wp Reroute Email Project 1 Wp Reroute Email 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.
CVE-2023-27604 1 Apache 1 Airflow Sqoop Provider 2024-11-21 8.8 High
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.
CVE-2023-27603 1 Apache 1 Linkis 2024-11-21 9.8 Critical
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.
CVE-2023-27576 1 Phplist 1 Phplist 2024-11-21 6.7 Medium
An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified request (manipulating both the ID parameter and the associated username) can bypass the intended email confirmation requirement. For example, the attacker can start from an updatepassword=1 request with their own ID number, and change the ID number to 1 (representing the super admin account) and change the username to admin2. In the first step, the attacker changes the super admin's email address to one under the attacker's control. In the second step, the attacker performs a password reset for the super admin account. The new password allows login as the super admin, i.e., a successful account takeover.
CVE-2023-27540 2 Ibm, Redhat 3 Cloud Pak For Data, Watson Cp4d Data Stores, Openshift 2024-11-21 5.9 Medium
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.
CVE-2023-27537 4 Broadcom, Haxx, Netapp and 1 more 13 Brocade Fabric Operating System Firmware, Libcurl, Active Iq Unified Manager and 10 more 2024-11-21 5.9 Medium
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
CVE-2023-27526 1 Apache 1 Superset 2024-11-21 4.3 Medium
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. 
CVE-2023-27525 1 Apache 1 Superset 2024-11-21 3.1 Low
An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1
CVE-2023-27523 1 Apache 1 Superset 2024-11-21 5 Medium
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
CVE-2023-27516 1 Softether 1 Vpn 2024-11-21 7.3 High
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.
CVE-2023-27515 1 Intel 1 Driver \& Support Assistant 2024-11-21 8.1 High
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2023-27509 1 Intel 1 Ispc Software Installer 2024-11-21 6.6 Medium
Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access.
CVE-2023-27506 1 Intel 1 Optimization For Tensorflow 2024-11-21 5.5 Medium
Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-27505 1 Intel 1 Advanced Link Analyzer 2024-11-21 6.7 Medium
Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.