The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2023-49978 | Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. | -- | Mar 21, 2024 | n/a |
CVE-2023-49837 | Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6. | -- | Mar 21, 2024 | n/a |
CVE-2023-48903 | Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter imgType via in uploadCarImages.php. | -- | Mar 21, 2024 | n/a |
CVE-2023-48902 | An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. | -- | Mar 21, 2024 | n/a |
CVE-2023-48901 | A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter id within the getPhotosByCarId function call in details.php. | -- | Mar 21, 2024 | n/a |
CVE-2023-47715 | IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538. | -- | Mar 21, 2024 | n/a |
CVE-2023-46841 | Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called shadow stacks, holding little more than return addresses. Shadow stacks aren\'t writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn\'t right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing. | -- | Mar 20, 2024 | n/a |
CVE-2023-46840 | Incorrect placement of a preprocessor directive in source code results in logic that doesn\'t operate as intended when support for HVM guests is compiled out of Xen. | -- | Mar 20, 2024 | n/a |
CVE-2023-46839 | PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while some of the phantom functions are assigned to a different domain. | -- | Mar 20, 2024 | n/a |
CVE-2023-45177 | IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. | -- | Mar 21, 2024 | n/a |
CVE-2023-42954 | A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests. | -- | Mar 21, 2024 | n/a |
CVE-2023-41877 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters. | -- | Mar 20, 2024 | n/a |
CVE-2023-41038 | Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available. | -- | Mar 20, 2024 | n/a |
CVE-2023-38825 | SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php. | -- | Mar 21, 2024 | n/a |
CVE-2023-35899 | IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354. | -- | Mar 21, 2024 | n/a |
CVE-2023-35888 | IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. | -- | Mar 20, 2024 | n/a |
CVE-2023-7246 | The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks | -- | Mar 20, 2024 | n/a |
CVE-2023-6500 | The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'shariff\' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as \'secondarycolor\' and \'maincolor\'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | Mar 21, 2024 | n/a |
CVE-2022-44595 | Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. | -- | Mar 21, 2024 | n/a |
CVE-2022-4963 | A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516. | -- | Mar 21, 2024 | n/a |
CVE-2020-26942 | An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account. | -- | Mar 21, 2024 | n/a |
CVE-2024-29156 | In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service\'s MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information. | -- | Mar 18, 2024 | n/a |
CVE-2024-29154 | danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. | -- | Mar 18, 2024 | n/a |
CVE-2024-29151 | Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. | -- | Mar 18, 2024 | n/a |
CVE-2024-29143 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2. | -- | Mar 19, 2024 | n/a |
CVE-2024-29142 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0. | -- | Mar 19, 2024 | n/a |
CVE-2024-29141 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. | -- | Mar 19, 2024 | n/a |
CVE-2024-29140 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22. | -- | Mar 19, 2024 | n/a |
CVE-2024-29139 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mark Tilly MyCurator Content Curation allows Reflected XSS.This issue affects MyCurator Content Curation: from n/a through 3.76. | -- | Mar 19, 2024 | n/a |
CVE-2024-29138 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in DEV Institute Restrict User Access – Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through 2.5. | -- | Mar 19, 2024 | n/a |
CVE-2024-29137 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7. | -- | Mar 19, 2024 | n/a |
CVE-2024-29136 | Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17. | -- | Mar 19, 2024 | n/a |
CVE-2024-29135 | Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15. | -- | Mar 19, 2024 | n/a |
CVE-2024-29134 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themefic Tourfic allows Stored XSS.This issue affects Tourfic: from n/a through 2.11.8. | -- | Mar 19, 2024 | n/a |
CVE-2024-29130 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0. | -- | Mar 19, 2024 | n/a |
CVE-2024-29129 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4. | -- | Mar 19, 2024 | n/a |
CVE-2024-29128 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6. | -- | Mar 19, 2024 | n/a |
CVE-2024-29127 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. | -- | Mar 19, 2024 | n/a |
CVE-2024-29126 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jose Mortellaro Specific Content For Mobile – Customize the mobile version without redirections allows Reflected XSS.This issue affects Specific Content For Mobile – Customize the mobile version without redirections: from n/a through 0.1.9.5. | -- | Mar 19, 2024 | n/a |
CVE-2024-29125 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7. | -- | Mar 19, 2024 | n/a |
CVE-2024-29124 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. | -- | Mar 19, 2024 | n/a |
CVE-2024-29123 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6. | -- | Mar 19, 2024 | n/a |
CVE-2024-29122 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. | -- | Mar 19, 2024 | n/a |
CVE-2024-29121 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Firassaidi WooCommerce License Manager allows Reflected XSS.This issue affects WooCommerce License Manager: from n/a through 5.3.1. | -- | Mar 19, 2024 | n/a |
CVE-2024-29118 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Scrollsequence allows Stored XSS.This issue affects Scrollsequence: from n/a through 1.5.4. | -- | Mar 19, 2024 | n/a |
CVE-2024-29117 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0. | -- | Mar 19, 2024 | n/a |
CVE-2024-29116 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3. | -- | Mar 19, 2024 | n/a |
CVE-2024-29115 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. | -- | Mar 19, 2024 | n/a |
CVE-2024-29114 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84. | -- | Mar 19, 2024 | n/a |
CVE-2024-29113 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | -- | Mar 19, 2024 | n/a |