UBUNTU-CVE-2023-49990

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c...

PT-2023-7785 · Vmware · Workspace One Launcher

Name of the Vulnerable Software and Affected Versions: Workspace ONE Launcher affected versions not specified Description: A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup and gain access to sensitive information. The...

CVE-2023-5757

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Design/Logic Flaw

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

CVE-2023-5955 Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to Get TripAdvisor Reviews...

Exploit for CVE-2023-50685

Hipcam RealServer/V1.0 RTSP Format Validation Vulnerability Pr...

OESA-2023-1890 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in setupasyncwork in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.CVE-2023-119...

OESA-2023-1889 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in setupasyncwork in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.CVE-2023-119...

The vulnerability of the Intel Setup and Configuration Software (SCS) data collection tool for the System Center Configuration Manager software platform, related to improperly used standard permissions, allows a perpetrator to increase their privileges.

The vulnerability of the Intel Setup and Configuration Software SCS data collection tool for the System Center Configuration Manager IT infrastructure management software is related to the improper use of standard permissions. Exploiting this vulnerability can allow attackers to increase their...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2023-46604 Lab This lab guides on exploiting vulnerabiliti...

CVE-2023-33042

Transient DOS in Modem after RRC Setup message is received...

Design/Logic Flaw

Transient DOS in Modem after RRC Setup message is received...

CVE-2023-33042 Improper Input Validation in Modem

Transient DOS in Modem after RRC Setup message is received...

CVE-2023-33042

CVE-2023-33042 describes a DoS in Qualcomm/X55/X60 modem firmware triggered by malformed RRC frames after an RRC Setup message. Connected sources confirm the issue is tied to 5G modem behavior and improper input handling, with exploitation potentially limited to proximity (radio range). Patches h...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a denial of service in the modem after receiving an RRC setup message...

CVE-2023-5137

The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...