CVE-2023-6483

The vulnerability exists in ADiTaaS Allied Digital Integrated Tool-as-a-Service version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable...

CVE-2023-5476

Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-41675

A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching pro...

CVE-2023-39985

UNSUPPORTED WHEN ASSIGNED Out-of-bounds Write vulnerability in Hitachi EH-VIEW Designer allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: Thi...

CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

CVE-2023-27919

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...

CVE-2023-27639

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter filename in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to...

CVE-2023-20264

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

CVE-2023-24019

A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-2715

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

CVE-2022-43539

A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a...

CVE-2022-34350

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

CVE-2022-41777

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 PC Version v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash...

CVE-2022-40984

Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name...

CVE-2022-48020

Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting XSS vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser...

CVE-2022-24594

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address...

CVE-2022-33869

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2022-27930

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed...

CVE-2022-22364

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...