VulnCheck KEV: CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access...

PT-2023-24637 · Unknown · Rakib Hasan Dynamic Qr Code Generator

Name of the Vulnerable Software and Affected Versions: Rakib Hasan Dynamic QR Code Generator plugin versions 0.0.0 through 0.0.5 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the...

@a-la-fois/doc-handler (>=0.0.6 <=0.0.16), @a-la-fois/models (>=0.0.3 <=0.0.16) +375 more potentially affected by CVE-2021-32050 via mongodb (>=4.0.1 <=4.16.0)

mongodb NPM version =4.0.1, =0.0.6, =0.0.3, =0.1.66, =0.5.134, =3.9.0, =0.0.1, =2.0.0-beta, =0.1.0, =2.0.0-beta.3, =1.4.5, =1.1.217, =0.0.1, =0.0.1, =0.1.0, =3.0.14 and more Source cves: CVE-2021-32050 Source advisory: OSV:GHSA-VXVM-QWW3-2FH7...

@emiliogonzalezpe/comp (>=1.6.0 <=1.6.1), @monax/hoard (>=9.0.0-dev.5644f38 <=9.1.0) +80 more potentially affected by CVE-2023-41037 via openpgp (>=0.11.1 <=4.10.10)

openpgp NPM version =0.11.1, =1.6.0, =9.0.0-dev.5644f38, =1.0.1, =0.0.1, =1.6.0, =1.4.0, =1.6.0, =0.0.0-semantic-release, =0.4.2, =0.0.1, =0.1.0, =0.3.0 and more Source cves: CVE-2023-41037 Source advisory: OSV:GHSA-CH3C-V47X-4PGP...

Badaso 跨站脚本漏洞

Badaso is an open source Laravel Vue headless CMS from Uasoft. A security vulnerability exists in Badaso versions v.0.0.1 through v.2.9.7, which stems from a vulnerability that allows remote attackers to execute arbitrary code via a crafted payload on the rack number parameter in the add new rack...

IBM Storage Copy Data Management 加密问题漏洞

IBM Storage Copy Data Management is a data storage system from International Business Machines IBM. A security vulnerability exists in IBM Storage Copy Data Management versions 2.2.0.0 through 2.2.19.0 that stems from the use of an insufficiently strong encryption algorithm...

PT-2023-26578 · Ibm · Ibm Storage Copy Data Management

Name of the Vulnerable Software and Affected Versions: IBM Storage Copy Data Management versions 2.2.0.0 through 2.2.19.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information...

PT-2023-23589

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...

PT-2023-29399 · Gerbv +4 · Gerbv +4

Name of the Vulnerable Software and Affected Versions: Gerbv versions 2.4.0 through 2.10.0 Description: A user able to control file input to Gerbv can cause a crash and denial-of-service with a specially crafted Gerber RS-274X file. Recommendations: For Gerbv versions 2.4.0 through 2.10.0, update...

Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in Rust versions prior to 1.60.0 through 1.72, which stems from a cross-site scripting XSS vulnerability due to not properly escaping the Cargo feature name...

DEBIAN-CVE-2022-47011

An issue was discovered function parsestabstructfields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks...

UBUNTU-CVE-2022-45582

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the successurl parameter...

3d-kit (>=0.0.1 <=0.0.14), @0x4447/broccoli (>=1.0.0 <=1.0.16) +144 more potentially affected by CVE-2023-38894 via tree-kit (>=0.0.4 <=0.6.2)

tree-kit NPM version =0.0.4, =0.0.1, =1.0.0, =2.0.0, =1.0.0, =1.18.0, =0.0.1, =1.0.5-master.20190403074739, =1.0.0-master.20180909013449, =0.1.0-master.20191109234452, =0.1.0-ipcrm-custom-event.20191122150318, =1.1.0, =0.1.0-master.20190319050251, =0.1.9-update-dependencies.20190319120645,...

PT-2023-27378 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian versions prior to 2023.1.5 Description: The issue allows any user with the ROLE FILESYSTEM EDITOR to easily escalate their privileges to ROLE ADMIN or any other role. The affected softwa...

IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A code issue...

agent-actors (=0.1.0), agent-lab-sdk (>=0.1.7 <=0.1.16) +279 more potentially affected by CVE-2023-39659 via langchain (>=0.0.100 <=0.0.323)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.5, =0.0.14, =0.0.18 - athina =0.1.0 and more Source cves: CVE-2023-39659 Source advisory: OSV:GHSA-PRGP-W7VF-CH62...

agent-actors (=0.1.0), agent-reader (>=0.2.1 <=0.2.2) +176 more potentially affected by CVE-2023-38860 via langchain (>=0.0.100 <=0.0.246)

langchain PYPI version =0.0.100, =0.2.1, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.5, =0.0.14, =0.1.9, =0.0.33, =0.1.0a0, =0.2.0, =0.1.3, =0.1.5 and more Source cves: CVE-2023-38860 Source advisory: OSV:PYSEC-2023-145...

SUSE CVE-2023-40274

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...

svelecte-element (>=1.0.0 <=1.4.1) potentially affected by CVE-2023-38687 via svelecte (>=1.1.0 <=1.4.1)

svelecte NPM version =1.1.0, =1.0.0, =1.4.1 Source cves: CVE-2023-38687 Source advisory: OSV:GHSA-7H45-GRC5-89WQ...

CVE-2023-30186

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...