CVE-2023-6687

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest,...

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

Elastic Security Breach

Elastic is the Netherlands Elastic company's set of open source distributed RESTful search engine built on Lucene . The product is mainly used in cloud computing and supports data indexing using JSON over HTTP. A security vulnerability exists in Elastic Agent and Beats versions 7.0.0 through...

Vulnerability of the MySQL Server component of the database management system: This component allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves errors in resource release. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

IBM Informix Dynamic Server Buffer Error Vulnerability

IBM Informix Dynamic Server IDS is a scalable object-relational database server from International Business Machines IBM that provides clustered data centers with features such as continuous data availability and disaster recovery. A security vulnerability exists in IBM Informix Dynamic Server...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current libxml2 Multiple Vulnerabilities (SSA:2023-343-01)

The version of libxml2 installed on the remote host is prior to 2.12.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-343-01 advisory. - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser...

Open redirect

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP Open Charge Point Protocol for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing...

Microweber Business Logic Errors

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.0. Unpublished and deleted products can be added to checkout...

CVE-2023-6566

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...

CVE-2023-6566

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...

Code injection

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0...

CVE-2023-6566

CVE-2023-6566 describes business logic errors in microweber/microweber prior to 2.0. The root cause, as reflected in multiple sources, is a flaw in the CartManager.php get function that fails to verify whether items are unpublished or deleted before checkout. Affected product: microweber/microweb...

PT-2023-9584 · Oracle · Virtualbox

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 7.0.22 Description: The issue is related to errors in resource release due to insufficient input validation in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker...

CVE-2023-49957

CVE-2023-49957 affects Dalmann OCPP.Core prior to 1.3.0. The issue allows multiple transactions using the same connectorId and idTag, violating ConcurrentTx expectations and potentially causing billing/transaction management errors. Affected software: Dalmann OCPP.Core (

Phoenix SecureCore Input Validation Error Vulnerability

Phoenix SecureCore is a computer-based input/output system from Phoenix Contact Phoenix of Germany. An input validation error vulnerability exists in Phoenix SecureCore Technology 4 that stems from improper input validation and could lead to a denial of service attack or arbitrary code execution...

CVE-2023-44099

Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption...

SUSE CVE-2023-49080

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

The vulnerability of the PowerShell command interpreter for Windows operating systems allows attackers to exploit it to disclose sensitive information.

The vulnerability of PowerShell command interpreters on Windows operating systems is related to authentication process errors. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information remotely...

The vulnerability of the FortiOS operating system and the FortiProxy proxy server, related to numerical truncation errors, allows attackers to trigger a service failure.

The vulnerability of the FortiOS operating system and the FortiProxy proxy server, related to numerical truncation errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

The vulnerability of the Updater service in Parallels Desktop hypervisor allows a hacker to execute arbitrary code and increase their privileges.

The vulnerability of the Toolgate controller in Parallels Desktop lies in initialization errors. Exploiting this vulnerability allows an attacker to execute arbitrary code and enhance their privileges...