Search for vulnerabilities


CVE-ID
Description
CVSS-Score
V2
V3
CVE-2023-28662 The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.

None

None

CVE-2023-28661 The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.

None

None

CVE-2023-28660 The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.

None

None

CVE-2023-28659 The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action.

None

None

CVE-2023-28655 A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users.

None

None

CVE-2023-28652 An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition.

None

None

CVE-2023-28650 An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security ...

None

None

CVE-2023-28640 Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permissio...

None

None

CVE-2023-28638 Snappier is a high performance C# implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to ...

None

None

CVE-2023-28630 GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or My...

None

None

CVE-2023-28629 GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser d...

None

None

CVE-2023-28628 lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authorit...

None

None

CVE-2023-28627 pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings with arbitrary...

None

None

CVE-2023-28617 org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

None

7.8

CVE-2023-28611 Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions.

None

None

CVE-2023-28610 The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system.

None

9.8

CVE-2023-28609 api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication.

None

9.8

CVE-2023-28607 js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.

None

6.1

CVE-2023-28606 js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.

None

6.1

CVE-2023-28597 Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker pos...

None

None