Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-3304: IDOR in message deletion in admidio

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

CVE
Open in Source
#csrf#vulnerability#web#mac#windows#apple#js#git#php#auth#chrome#webkit
CVE-2023-3303: ecard could sent if album is logged #1432 · Admidio/admidio@3d8bafa

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

CVE-2023-3302: Excel export could lead to execute apps #1433 · Admidio/admidio@c87a707

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.

CVE-2023-34021: WordPress Church Admin plugin <= 3.7.29 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.

CVE-2023-34012: WordPress Premium Addons PRO plugin <= 2.8.24 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions.

CVE-2023-35048: WordPress Booking and Rental Manager plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions.

CVE-2023-30362: net.c: Fix potential overflow in coap_send_internal() by mrdeep1 · Pull Request #1065 · obgm/libcoap

Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.

CVE-2023-28065: DSA-2023-146: Dell Command | Update, Dell Update, and Alienware Update Security Update for a Privilege Escalation Vulnerability

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

CVE-2023-29860: Unauthorized access existed in the Taier. Procedure · Issue #1003 · DTStack/Taier

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.

CVE-2023-30260: Security advisory

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.