CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...

CVE-2023-27396

FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...

GHSA-4588-7X48-JRGJ Magento Open Source allows Server-Side Request Forgery (SSRF)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

CVE-2021-4354 PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwpsplashscreenuploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites...

PT-2023-24761 · Sabnzbd +1 · Sabnzbd +1

Name of the Vulnerable Software and Affected Versions: SABnzbd versions prior to 4.0.2 Description: A design flaw in SABnzbd could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd...

PT-2023-4723 · Papercut · Papercut Ng

Name of the Vulnerable Software and Affected Versions: PaperCut NG affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this issue. The specific flaw exists within...

CVE-2023-0921 Allocation of Resources Without Limits or Throttling in GitLab

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

CVE-2023-2406 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficien...

CVE-2023-34257

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified and, by default, authentication is not required. Some configuration fields related to SNMP e.g., masterAgentName or masterAgentStartLine result in code execution when the agent is restarted...

PT-2023-3423 · Unified Automation · Uagateway

Name of the Vulnerable Software and Affected Versions: Unified Automation UaGateway affected versions not specified Description: The issue is related to a use-after-free condition, which can be exploited by remote attackers to create a denial-of-service condition on affected installations. The...

PT-2023-3424 · Unified Automation · Unified Automation Uagateway

Name of the Vulnerable Software and Affected Versions: Unified Automation UaGateway affected versions not specified Description: This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to...

Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the handling of NodeManagerOpc...

PT-2023-2873 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this issue. The specific flaw exists within...

PT-2023-2874 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this issue. The specific flaw...

PT-2023-2875 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of D-Link D-View, with authentication required to exploit it. The specific flaw exists within th...

PT-2023-7403 · Trend Micro · Trend Micro Apex Central

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex Central versions affected versions not specified Description: The issue exists due to inadequate protection of the web page structure. It may allow a remote attacker to conduct a cross-site scripting attack. The exploitation...

UBUNTU-CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

CVE-2023-27410

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. A heap-based buffer overflow vulnerability was found in the edgeboxwebapp binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker t...

PT-2023-5685 · Unknown · Control Web Panel

Name of the Vulnerable Software and Affected Versions: Control Web Panel affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. The specific flaw exists within the dns zone editor module, resulting...

(Pwn2Own) Canon imageCLASS MF743Cdw CADM resourceStart2 Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the resourceStart2 command in the CADM...