Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-34196: Home

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.

CVE
Open in Source
#web#mac#red_hat#dos#git#oauth#auth#ssl
CVE-2023-4110

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-38958: CVE-2023-38958

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.

CVE-2023-38956: CVE-2023-38956

A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.

CVE-2023-38955: CVE-2023-38955

ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.

CVE-2023-38954: CVE-2023-38954

ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.

CVE-2023-36255: Security Advisory 2303-01 - Trovent Security GmbH

An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.

CVE-2023-36212: Total CMS 1.7.4 Shell Upload ≈ Packet Storm

File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.

CVE-2023-26979

Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication.

CVE-2020-20808: vuln/qibosoft_cross_Site_Scripting.md at master · alorfm/vuln

Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.