Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-43297: CVE-reports/CVE-2023-43297.md at main · syz913/CVE-reports

An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

CVE
Open in Source
#vulnerability#git
CVE-2023-43836: CVE-2023-43836

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information

CVE-2023-5344

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

CVE-2023-43835: Super Store Finder 3.7 Remote Command Execution ≈ Packet Storm

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.

CVE-2023-43890: CVE/netis_N3/command injection bypass filter.md at main · adhikara13/CVE

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.

CVE-2023-0809: Version 2.0.16 released.

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

CVE-2023-37605

Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.

CVE-2023-4659: Cross Site Request Forgery Free5gc | INCIBE-CERT

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.

CVE-2015-10124

A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability.

CVE-2023-3744: Server Side Request Forgery Slims | INCIBE-CERT

Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.