NodeBB 2.x < 2.8.13, 3.x < 3.1.3 Information Disclosure Vulnerability

NodeBB is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

CUPS < 2.4.7 Buffer Overflow Vulnerability

CUPS is prone to a heap-based buffer overflow vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openprinting:cups"; ...

Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer

Impact A Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the beforeFind query trigger which can be an additional vulnerability for deployments where the beforeFind trigger is used as a security layer to modify an incoming query. Patches The...

XWiki 4.0-milestone-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.1 XSS Vulnerability (GHSA-44h9-xxvx-pg6x)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2023-40013

creationtimestamp| type| source ---|---|--- 2023-08-14 10:51:32+00:00| published-proof-of-concept| https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8...

CUPS < 2.4.3 DoS Vulnerability

CUPS is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openprinting:cups"; if...

CUPS 2.2.0 < 2.4.6 Use After Free Vulnerability

CUPS is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openprinting:cups"; if...

CVE-2023-39965

creationtimestamp| type| source ---|---|--- 2023-08-10 06:47:11+00:00| published-proof-of-concept| https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555...

Intelliants Subrion CMS 4.2.1 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE', 'Description' = %q This module exploits an authenticated file upload...

CVE-2023-32302

Rejected reason: Authoritative user requested CVE rejection https://github.com/github/advisory-database/pull/2575issuecomment-1745811653...

Cross site scripting in widgets with units

Date : 2023-07-25 CVE ID : CVE-2023-36806 Authenticated users can inject malicious code in widgets with units, which is then executed both in the element preview back end and on the website front end. Thanks to Christian Pöschl and Fabian Brenner from usd AG for reporting this vulnerability...

Redis < 6.0.20, 6.2.x < 6.2.13, 7.x < 7.0.12 Heap Overflow Vulnerability

Redis is prone to a heap overflow vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if description...

Piwigo < 13.8.0 SQLi Vulnerability

Piwigo is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...

Openfire 3.10 < 4.6.8 / 4.7 < 4.7.5 Authentication Bypass

The remote host is running a version of Openfire that is affected by an authentication bypass vulnerability. Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack...

CVE-2023-35925

creationtimestamp| type| source ---|---|--- 2023-06-22 10:47:22+00:00| published-proof-of-concept| https://github.com/IntellectualSites/FastAsyncWorldEdit/security/advisories/GHSA-whj9-m24x-qhhp...

CVE-2023-35169

creationtimestamp| type| source ---|---|--- 2023-06-21 18:58:05+00:00| published-proof-of-concept| https://github.com/Webklex/php-imap/security/advisories/GHSA-47p7-xfcc-4pv9...

Discourse < 3.0.4 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...

Exploit for SQL Injection in Osgeo Geoserver

CVE-2023-25157-checker A script, written in golang. POC for CV...

Path traversal

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

CVE-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...