Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-39548: NVNV23-009_en: セキュリティ情報 | NEC

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CVE
#vulnerability#web#windows#linux#auth
CVE-2023-38324: Release OpenNDS v10.1.2 release · openNDS/openNDS

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default).

CVE-2023-47675: CubeCart 6.5.3 Released - Security Update

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.

CVE-2023-48659: Comparing v2.4.175...v2.4.176 · MISP/MISP

An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.

CVE-2023-48649: 2023-11-09 Security Blog about updated CVEs and new releases

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

CVE-2023-48031

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.

CVE-2023-45387

In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`

CVE-2023-48078: GitHub - esasadam06/Simple-CRUD-Functionality-SQLi-POC

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter.

CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol()

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-47687: WordPress Woo Custom and Sequential Order Number plugin <= 2.6.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions.