CVE-ID |
Description |
CVSS-Score |
|
|
V2 |
V3 |
CVE-2023-28662 |
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
|
None |
None |
CVE-2023-28661 |
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
|
None |
None |
CVE-2023-28660 |
The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.
|
None |
None |
CVE-2023-28659 |
The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action.
|
None |
None |
CVE-2023-28655 |
A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users.
|
None |
None |
CVE-2023-28652 |
An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition.
|
None |
None |
CVE-2023-28650 |
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security ...
|
None |
None |
CVE-2023-28640 |
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permissio...
|
None |
None |
CVE-2023-28638 |
Snappier is a high performance C# implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to ...
|
None |
None |
CVE-2023-28630 |
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or My...
|
None |
None |
CVE-2023-28629 |
GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser d...
|
None |
None |
CVE-2023-28628 |
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authorit...
|
None |
None |
CVE-2023-28627 |
pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings with arbitrary...
|
None |
None |
CVE-2023-28617 |
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
|
None |
7.8 |
CVE-2023-28611 |
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions.
|
None |
None |
CVE-2023-28610 |
The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system.
|
None |
9.8 |
CVE-2023-28609 |
api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication.
|
None |
9.8 |
CVE-2023-28607 |
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
|
None |
6.1 |
CVE-2023-28606 |
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
|
None |
6.1 |
CVE-2023-28597 |
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker pos...
|
None |
None |