CVE-2023-28672

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

Mass Ransomware Attack

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack: TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However,...

Vulnerability in OpenSSL - Invalid certificate policies in leaf certificates are silently ignored

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers at the same time. A path traversal vulnerability exists in Rockwell Automation ThinManager ThinServer, which can be exploite...

Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability (CNVD-2023-49827)

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers at the same time. A path traversal vulnerability exists in Rockwell Automation ThinManager ThinServer, which can be exploite...

CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability

A vulnerability in the IPv6 DHCP version 6 DHCPv6 relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could...

Cisco Access Point Software Association Request Denial of Service Vulnerability

A vulnerability in Cisco access point AP software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this...

Denial Of Service (DoS)

vim is vulnerable to Denial Of Service DoS. The vulnerability exists due to the null pointer dereference in the library, which allows an attacker to cause an application crash...

Design/Logic Flaw

A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the...

CVE-2023-28434

Last updated 21 August 2024...

Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks PoC Run the below command in the developer console of the web browser while being on the blog as a...

CVE-2022-36429

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability...

CVE-2023-25923

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629...

CVE-2023-27874

CVE-2023-27874 affects IBM Aspera Faspex 4.4.2. The vulnerability is an XML External Entity (XXE) injection when processing XML data, enabling a remote authenticated attacker to execute arbitrary commands. IBM X-Force lists the impact as high to critical, with a base score up to 9.9 (CRITICAL in ...

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

Cross-site Scripting (XSS)

enshrined/svg-sanitize is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the cleanUnsafeNodes function in Sanitizer.php does not properly sanitize the HTML elements within CDATA, which allows an attacker to launch an XSS attack with the unsafe SVG file...

Denial Of Service (DoS)

kaml is vulnerable to Denial Of Service DoS. The vulnerability exists because the library by default parses anchors and alias tags, which allows an attacker to cause a billion laugh style attack by providing a malicious input, leading to an application crash...

Design/Logic Flaw

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...