CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-31129 The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation... | 7.5 | HIGH | — | 0 |
| CVE-2023-31133 Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation w... | 7.5 | HIGH | — | 0 |
| CVE-2023-36777 Microsoft Exchange Server Information Disclosure Vulnerability | 5.7 | MEDIUM | — | 0 |
| CVE-2023-31140 OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device f... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-31141 OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access con... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-31178 AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request. | 8.1 | HIGH | — | 0 |
| CVE-2023-31179 AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-31180 WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-31181 WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal | 7.5 | HIGH | — | 0 |
| CVE-2023-31182 EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method. | 8.1 | HIGH | — | 0 |
| CVE-2023-23894 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-24376 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-22710 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-22813 A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile A... | 3.3 | LOW | — | 0 |
| CVE-2023-28762 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network ... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-23732 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-28764 SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker wi... | 3.7 | LOW | — | 0 |
| CVE-2023-29188 SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 80... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-38685 In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-30740 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, ther... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-30741 Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious l... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-30742 SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 8... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-30743 Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CS... | 7.1 | HIGH | — | 0 |
| CVE-2023-30744 In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to in... | 8.2 | HIGH | — | 0 |
| CVE-2023-31404 Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restric... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-23733 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-31406 Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious l... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-31407 SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, a... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-32111 In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory managemen... | 7.5 | HIGH | — | 0 |
| CVE-2023-32112 Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perf... | 2.8 | LOW | — | 0 |
| CVE-2023-32113 SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the aut... | 7.5 | HIGH | — | 0 |
| CVE-2023-2590 Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. | 3.5 | LOW | — | 0 |
| CVE-2023-23863 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-41640 Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-23664 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-23793 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-2866 If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the ... | 7.3 | HIGH | — | 0 |
| CVE-2023-23734 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-23862 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-23883 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-23884 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-24372 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-46822 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions. | 7.1 | HIGH | — | 0 |
| CVE-2022-46844 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-46858 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions. | 7.1 | HIGH | — | 0 |
| CVE-2022-46864 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-23647 Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-27407 A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injec... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-27408 A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple appl... | 3.3 | LOW | — | 0 |
| CVE-2023-27409 A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenti... | 2.5 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.