EUVD-2023-45497

Malicious code in bioql PyPI...

CVE-2023-23862

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Vertical scroll recent post plugin = 14.0 versions...

Next.js 14.0.x < 14.2.10 Cache Poisoning

The version of Next.js installed on the remote host is 13.5.1 prior to 13.5.7 or 14.0.x prior to 14.2.10. It is, therefore, affected by a Cache Poisoning. Note that the scanner has not attempted to exploit this issue but has instead relied only on application's self-reported version number. No...

CVE-2023-41862

Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0...

Security Bulletin: IBM Master Data Management is vulnerable to prototype pollution from vulnerability found in Dojo (CVE-2021-23450)

Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to prototype pollution from vulnerability found in Dojo. Dojo could allow a remote attacker to cause a denial of service, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from improper management of user rights. The following versions are affected: versions 13.10.4 through 14.0-rc-1, 14.2 through...

BIT-GITLAB-2023-0518

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart...

B&R Industrial Automation GmbH Runtime Encryption Issue Vulnerability

B&R Industrial Automation GmbH Runtime is a major component of AS from B&R Industrial Automation, an Austrian company. A cryptographic issue vulnerability exists in B&R Industrial Automation GmbH Runtime versions 14.0 through 14.93, which arises from the use of corrupted or risky cryptographic...

GitLab 11.9 < 13.11.6 / 13.12 < 13.12.6 / 14.0 < 14.0.2 (CVE-2021-22223)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...

GitLab 14.0 < 14.0.9 / 14.1 < 14.1.4 / 14.2 < 14.2.2 (CVE-2021-22257)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route...

GitLab 13.3 < 13.12.9 / 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22250)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account CVE-2021-22250 Note that...

FreeBSD Security Vulnerabilities

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD versions 13.2 and 14.0, which stems from an information disclosure vulnerability in the NFS client...

CVE-2023-47671

Cross-Site Request Forgery CSRF vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0...

XWiki 14.0-rc-1 < 14.4.8, 14.5 < 14.10.4 Privilege Escalation Vulnerability (GHSA-rwwx-6572-mp29)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

CVE-2023-40957

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/baseclient.py compone...

PT-2023-4589 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS version 14.0 Description: A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS...

XWiki 2.5-milestone-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.1 Information Disclosure Vulnerability (GHSA-m3c3-9qj7-7xmx)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 6.0-rc-1 < 13.10.10, 14.0-rc-1 < 14.4.4, 14.5 < 14.8 Open Redirect Vulnerability (GHSA-xwph-x6xj-wggv)

Xwiki is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

XWiki 10.11.1 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.3 Privilege Escalation Vulnerability (GHSA-gpq5-7p34-vqx5)

Xwiki is prone to an privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

WordPress plugin Vertical scroll recent post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...