Search Results (363341 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27420 1 Everestthemes 1 Arya Multipurpose 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions.
CVE-2023-27418 1 Wow-company 1 Side Menu Lite 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.
CVE-2023-27417 1 Ifeelweb 1 Affiliate Super Assistent 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions.
CVE-2023-27415 1 Themeqx 1 Letterpress 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.
CVE-2023-27414 1 Ays-pro 1 Popup Box 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
CVE-2023-27413 1 W4 Post List Project 1 W4 Post List 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.
CVE-2023-27412 1 Everestthemes 1 Mocho Blog 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions.
CVE-2023-27395 1 Softether 1 Vpn 2024-11-21 9 Critical
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2023-27392 1 Intel 1 Support 2024-11-21 4.4 Medium
Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-27391 1 Intel 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more 2024-11-21 6.7 Medium
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-27390 1 Diagon Project 1 Diagon 2024-11-21 7.8 High
A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
CVE-2023-27383 1 Intel 5 Advisor, Inspector, Mpi Library and 2 more 2024-11-21 6.8 Medium
Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access.
CVE-2023-27380 1 Peplink 2 Surf Soho, Surf Soho Firmware 2024-11-21 7.2 High
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2023-27379 1 Foxit 1 Pdf Reader 2024-11-21 8.8 High
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
CVE-2023-27377 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27376 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27375 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27319 1 Netapp 1 Ontap Mediator 2024-11-21 5.3 Medium
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.
CVE-2023-27318 1 Netapp 1 Storagegrid 2024-11-21 6.5 Medium
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.
CVE-2023-27315 1 Netapp 1 Snapgathers 2024-11-21 6.5 Medium
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials