abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +135 more potentially affected by CVE-2023-25754 via apache-airflow (>=1.8.2 <=2.5.3)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-25754 Source advisory: OSV:PYSEC-2023-59...

OpenProject 代码问题漏洞

OpenProject is an open source Web-based project management software . The software features project planning, task management, bug tracking and cost budgeting. A code issue vulnerability exists in OpenProject versions 7.4.0 through 12.5.4 that stems from an existing login session for a user accou...

Fluid 安全漏洞

Fluid is an open source Kubernetes native distributed dataset orchestrator and gas pedal from the Cloud Native Computing Foundation for data-intensive applications such as Big Data and AI applications. A security vulnerability exists in Fluid versions 0.7.0 through 0.8.6, which stems from the...

PT-2023-16597 · WordPress · The Pickup | Delivery | Dine-In Date Time Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Pickup | Delivery | Dine-in date time WordPress plugin versions 1.0.0 through 1.0.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capabili...

IBM Cloud Pak System 代码问题漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. A code issue vulnerability exists in IBM Cloud Pak...

Elastic Filebeat 日志信息泄露漏洞

Elastic Filebeat is a lightweight data probe for forwarding and centralizing log data from Elastic Netherlands. A security vulnerability exists in Elastic Filebeat versions 7.17.9 through 8.6.2. An attacker exploited the vulnerability to cause the contents of the http request Authorization or...

Elastic Kibana 代码注入漏洞

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana versions 8.0.0 through 8.7.0. An attacker could explo...

aaz-dev (>=1.0.2 <=2.10.1), abbr (=0.0.0) +2023 more potentially affected by CVE-2023-30861 via flask (>=0.10.1 <=2.2.4)

flask PYPI version =0.10.1, =1.0.2, =1.8.8, =0.8.44.4, =4.2.0, =1.1.4, =0.4.0, =1.5.2, =0.0.1, =0.26.0, =0.42.0 and more Source cves: CVE-2023-30861 Source advisory: OSV:PYSEC-2023-62...

IBM Safer Payments 安全漏洞

IBM Safer Payments is the first true payment processing cognitive fraud prevention solution from IBM USA. helps clients create customized, user-friendly decision models. A security vulnerability exists in IBM Safer Payments that stems from not properly allocating resources without limiting or...

42Gears Surelock 安全漏洞

42Gears Surelock is an industry-leading tool from 42Gears USA that locks devices into kiosk mode. A security vulnerability exists in 42Gears Surelock Windows versions 2.3.12 through 2.40.0, which stems from a plaintext password in the registry that allows the retrieval of administrator user...

@55hudong/base-module (>=0.0.1 <=0.0.2), @dingxihu/react-mobile-template (=1.0.0) +22 more potentially affected by CVE-2023-30363 via vconsole (>=2.5.2 <=3.15.0)

vconsole NPM version =2.5.2, =0.0.1, =0.0.1, =0.1.0, =0.2.1, =0.0.5, =0.0.35, =1.12.1, =1.1.2, =1.0.0, =0.0.1, =0.0.5, =0.2.3-beta and more Source cves: CVE-2023-30363 Source advisory: OSV:GHSA-F737-3FH6-JF6W...

GHSA-F9XV-Q969-PQX4 Uncaught Exception in yaml

Uncaught Exception in GitHub repository eemeli/yaml starting at version 2.0.0-5 and prior to 2.2.2...

@chargeover/strapi (=0.0.1-rc1.1), @cowprotocol/cms (=0.1.0-rc.5) +27 more potentially affected by unknown CVE via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.5.1)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =2.1.0, =1.0.0, =0.1.1, =0.0.1, =0.1.0, =1.0.10, =4.3.15 - robsen-strapi-site =0.1.0 - sneakmax =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XV3Q-JRMM-4FXV...

CVE-2023-21959

Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A SQL injection vulnerability exists in PrestaShop versions 1.4.0 to 1.8.2, which ste...

Qualys Cloud Agent 竞争条件问题漏洞

Qualys Cloud Agent is a lightweight application from Qualys USA, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent versions prior to 3.1.3.34 through 4.5.3.1 that stems from the presence of a race condition, which could be...

PT-2023-2557 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.3.0 through 12.2.1.4.0 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks can result in unauthorized update,...

PT-2023-2671 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.11 Description: The issue is related to insufficient input validation in the GUI component of the Oracle Application Object Library. This can be exploited by a remote attacker to cause a...

UBUNTU-CVE-2021-33797

Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when jsstrtod reads in floating point exponent, which leads to a buffer overflow in the pointer d...

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +468 more potentially affected by CVE-2023-30541 via @openzeppelin/contracts-upgradeable (>=3.4.0 <=4.8.2)

@openzeppelin/contracts-upgradeable NPM version =3.4.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =0.0.1, =0.0.1, =4.0.0, =4.3.3 and more Source cves: CVE-2023-30541 Source advisory: OSV:GHSA-MX2Q-35M2-X2RH...