Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-34838: CVE-2023-34838/README.md at main · sahiloj/CVE-2023-34838

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.

CVE
Open in Source
#xss#vulnerability#windows#auth
CVE-2023-34836: CVE-2023-34836/README.md at main · sahiloj/CVE-2023-34836

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.

CVE-2023-34839: CVE-2023-34839/README.md at main · sahiloj/CVE-2023-34839

A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.

CVE-2023-26273: Security Bulletin: IBM QRadar SIEM is vulnerable to Hazardous Input Validation (CVE-2023-26273)

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.

CVE-2023-26274: Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2023-26274)

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.

CVE-2023-26276: IBM QRadar information disclosure CVE-2023-26276 Vulnerability Report

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.

CVE-2023-33566: GitHub - 16yashpatel/CVE-2023-33566: Unauthorized Node Injection Vulnerability in ROS2 Foxy Fitzroy

An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior.

CVE-2023-33567: GitHub - 16yashpatel/CVE-2023-33567: Unauthorized Access Vulnerability in ROS2 Foxy Fitzroy

An unauthorized access vulnerability has been discovered in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.

CVE-2023-34835: CVE-2023-34835/README.md at main · sahiloj/CVE-2023-34835

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.

CVE-2022-34352: Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure between tenants (CVE-2022-34352)

IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403.