CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-46078 Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-38275 IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-4939 The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callb... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-46298 Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via t... | 7.5 | HIGH | — | 0 |
| CVE-2023-46300 iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46301 iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46897 views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-46898 views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //examp... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-46306 The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters ... | 8.4 | HIGH | — | 0 |
| CVE-2023-46085 Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-46089 Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-46095 Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-46315 The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without... | 7.5 | HIGH | — | 0 |
| CVE-2023-46317 Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. | 7.5 | HIGH | — | 0 |
| CVE-2023-5693 A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argum... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-5694 A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of th... | 3.5 | LOW | — | 0 |
| CVE-2023-5695 A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The... | 3.5 | LOW | — | 0 |
| CVE-2023-5696 A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The man... | 3.5 | LOW | — | 0 |
| CVE-2023-46319 WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. | 7.5 | HIGH | — | 0 |
| CVE-2023-46321 iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-46322 iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside th... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5697 A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument a... | 3.5 | LOW | — | 0 |
| CVE-2023-5698 A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argum... | 3.5 | LOW | — | 0 |
| CVE-2023-5699 A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipul... | 3.5 | LOW | — | 0 |
| CVE-2023-5700 A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwroutecon... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-46324 pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been valida... | 7.5 | HIGH | — | 0 |
| CVE-2023-5701 A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipu... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-5702 A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to d... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-43624 CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted proj... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-26734 Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated cont... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-26735 The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | 6.7 | MEDIUM | — | 0 |
| CVE-2021-26736 Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to e... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-26737 The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-26738 Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. | 7.8 | HIGH | — | 0 |
| CVE-2023-28793 Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 7.8 | HIGH | — | 0 |
| CVE-2023-28795 Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 7.8 | HIGH | — | 0 |
| CVE-2023-47693 Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contac... | 7.5 | HIGH | — | 0 |
| CVE-2023-28796 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 7.1 | HIGH | — | 0 |
| CVE-2023-28797 Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-28803 An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: b... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-28804 An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | 8.2 | HIGH | — | 0 |
| CVE-2023-28805 An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 | 6.7 | MEDIUM | — | 0 |
| CVE-2023-42295 An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | 8.8 | HIGH | — | 0 |
| CVE-2023-43065 Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-27152 DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43074 Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the... | 5.2 | MEDIUM | — | 0 |
| CVE-2023-46127 Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-5718 The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-43066 Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issui... | 5.1 | MEDIUM | — | 0 |
| CVE-2023-43067 Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. | 4.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.