1849 matches found
CVE-2023-23675
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Catchsquare WP Smart Preloader plugin = 1.15 versions...
CVE-2023-6447
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...
CVE-2023-42935
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen...
CVE-2023-24396
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...
CVE-2023-40333
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Qode Interactive Bridge Core plugin = 3.0.9 versions...
CVE-2023-41879
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would...
CVE-2023-41066
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields...
CVE-2023-44477
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Boxy Studio Cooked plugin = 1.7.13 versions...
CVE-2023-50053
An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce random number...
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
CVE-2023-42891
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission...
CVE-2023-42845
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication...
CVE-2023-41116
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions...
CVE-2023-40418
An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app...
CVE-2023-3958
The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...
CVE-2023-39415
Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an...
CVE-2023-34563
netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication...
CVE-2023-46096
A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents...
CVE-2023-33179
Xibo is a content management system CMS. An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the nameFilter function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafte...
CVE-2023-32759
An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL...