Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-40677 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-41074 The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | HIGH | — | 0 |
| CVE-2023-41235 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <= 1.1.7 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-41236 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-41237 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose Pro theme <= 1.0.8 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-4316 Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. | 7.5 | HIGH | — | 0 |
| CVE-2023-41238 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.3 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-41241 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <= 2.5.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-41242 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-41305 Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | HIGH | — | 0 |
| CVE-2023-41306 Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable. | 3.7 | LOW | — | 0 |
| CVE-2023-41307 Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability. | 7.5 | HIGH | — | 0 |
| CVE-2023-41308 Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | HIGH | — | 0 |
| CVE-2023-41309 Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. | 7.5 | HIGH | — | 0 |
| CVE-2023-41310 Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background. | 3.3 | LOW | — | 0 |
| CVE-2023-41311 Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-41326 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged ... | 8.1 | HIGH | — | 0 |
| CVE-2023-41312 Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-41320 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout... | 8.1 | HIGH | — | 0 |
| CVE-2023-41321 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API us... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-41322 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user wi... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-41323 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauth... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-41324 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API us... | 8.1 | HIGH | — | 0 |
| CVE-2023-41332 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/... | 3.5 | LOW | — | 0 |
| CVE-2023-41333 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is abl... | 6.9 | MEDIUM | — | 0 |
| CVE-2023-41335 Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. Whil... | 3.7 | LOW | — | 0 |
| CVE-2023-41653 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-41860 Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions. | 5.8 | MEDIUM | — | 0 |
| CVE-2023-41861 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-41878 MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Mete... | 4.6 | MEDIUM | — | 0 |
| CVE-2023-41888 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-41904 Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-42453 Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that... | 3.1 | LOW | — | 0 |
| CVE-2023-44016 Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-42460 Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-42461 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-42462 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The docum... | 7.7 | HIGH | — | 0 |
| CVE-2023-42486 Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. | 6.3 | MEDIUM | — | 0 |
| CVE-2023-42487 Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 7.5 | HIGH | — | 0 |
| CVE-2023-42657 In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rm... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-43232 A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-42819 JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get ... | 8.9 | HIGH | — | 0 |
| CVE-2023-42820 JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which... | 7.0 | HIGH | — | 0 |
| CVE-2023-43154 In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentic... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43187 A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43216 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43222 SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-44043 A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Webs... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-43234 DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43263 A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.