PT-2023-24761 · Sabnzbd +1 · Sabnzbd +1

Name of the Vulnerable Software and Affected Versions: SABnzbd versions prior to 4.0.2 Description: A design flaw in SABnzbd could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd...

CVE-2023-0921 Allocation of Resources Without Limits or Throttling in GitLab

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

CVE-2023-2406 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficien...

PT-2023-3423 · Unified Automation · Uagateway

Name of the Vulnerable Software and Affected Versions: Unified Automation UaGateway affected versions not specified Description: The issue is related to a use-after-free condition, which can be exploited by remote attackers to create a denial-of-service condition on affected installations. The...

CVE-2023-34257

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified and, by default, authentication is not required. Some configuration fields related to SNMP e.g., masterAgentName or masterAgentStartLine result in code execution when the agent is restarted...

PT-2023-3424 · Unified Automation · Unified Automation Uagateway

Name of the Vulnerable Software and Affected Versions: Unified Automation UaGateway affected versions not specified Description: This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to...

Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the handling of NodeManagerOpc...

PT-2023-2873 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this issue. The specific flaw exists within...

PT-2023-2874 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this issue. The specific flaw...

PT-2023-2875 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of D-Link D-View, with authentication required to exploit it. The specific flaw exists within th...

PT-2023-7403 · Trend Micro · Trend Micro Apex Central

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex Central versions affected versions not specified Description: The issue exists due to inadequate protection of the web page structure. It may allow a remote attacker to conduct a cross-site scripting attack. The exploitation...

UBUNTU-CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

CVE-2023-27410

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. A heap-based buffer overflow vulnerability was found in the edgeboxwebapp binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker t...

PT-2023-5685 · Unknown · Control Web Panel

Name of the Vulnerable Software and Affected Versions: Control Web Panel affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. The specific flaw exists within the dns zone editor module, resulting...

(Pwn2Own) Canon imageCLASS MF743Cdw CADM resourceStart2 Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the resourceStart2 command in the CADM...

PT-2023-19273 · Unknown +1 · Himanshu Bing Site Verification +1

Name of the Vulnerable Software and Affected Versions: Himanshu Bing Site Verification plugin using Meta Tag plugin version 1.0 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability...

PT-2023-7943 · Unified Automation · Uagateway

Name of the Vulnerable Software and Affected Versions: Unified Automation UaGateway affected versions not specified Description: This issue is a use-after-free vulnerability within the handling of NodeManagerOpcUa objects. The vulnerability allows remote attackers to execute arbitrary code on...

PT-2023-19283 · Unknown · Fullworks Quick Paypal Payments

Name of the Vulnerable Software and Affected Versions: Fullworks Quick Paypal Payments plugin versions = 5.7.25 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions...

PT-2023-14523 · Unknown · 1App Business Forms

Name of the Vulnerable Software and Affected Versions: 1app Business Forms plugin versions prior to 1.0.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication, specifically with author or higher privileges. This vulnerability affects th...

UBUNTU-CVE-2023-22001

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...