CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-31173 Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appe... | 7.7 | HIGH | — | 0 |
| CVE-2023-31174 A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an ... | 7.4 | HIGH | — | 0 |
| CVE-2023-31175 An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level ... | 8.8 | HIGH | — | 0 |
| CVE-2023-34391 Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See I... | 7.4 | HIGH | — | 0 |
| CVE-2023-34392 A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed dev... | 8.2 | HIGH | — | 0 |
| CVE-2023-41717 Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41744 Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before bui... | 7.8 | HIGH | — | 0 |
| CVE-2025-58874 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in josepsitjar StoryMap wp-storymap allows DOM-Based XSS.This issue affects StoryMap: from n/a throug... | N/A | NONE | — | 0 |
| CVE-2023-4681 NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-4682 Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-4683 NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41034 Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-41044 Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation ... | 3.3 | LOW | — | 0 |
| CVE-2023-39355 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in ... | 7.0 | HIGH | — | 0 |
| CVE-2023-41045 Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bo... | 3.7 | LOW | — | 0 |
| CVE-2023-41745 Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41746 Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41748 Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39685 An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. | 7.5 | HIGH | — | 0 |
| CVE-2023-46188 Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-41749 Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) ... | 7.5 | HIGH | — | 0 |
| CVE-2023-41750 Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41751 Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-4299 Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. | 9.0 | CRITICAL | — | 0 |
| CVE-2023-4688 Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-40187 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_... | 7.3 | HIGH | — | 0 |
| CVE-2023-40574 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-40575 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_B... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-40576 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This O... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-4481 An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of... | 7.5 | HIGH | — | 0 |
| CVE-2023-4695 Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 8.1 | HIGH | — | 0 |
| CVE-2023-4696 Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4697 Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | 8.8 | HIGH | — | 0 |
| CVE-2023-4698 Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | 7.5 | HIGH | — | 0 |
| CVE-2023-24674 Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. | 7.8 | HIGH | — | 0 |
| CVE-2023-24675 Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-41364 In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4704 External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.9 | MEDIUM | — | 0 |
| CVE-2022-46527 ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser. | 7.5 | HIGH | — | 0 |
| CVE-2022-4343 An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in whic... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-0120 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to imp... | 3.5 | LOW | — | 0 |
| CVE-2023-1279 An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was... | 2.6 | LOW | — | 0 |
| CVE-2023-1555 An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespac... | 2.7 | LOW | — | 0 |
| CVE-2023-24412 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25042 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25044 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25477 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25488 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-37994 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-3915 An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an e... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.