Export limit exceeded: 10185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10185 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4448 | 1 Openrapid | 1 Rapidcms | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability. | ||||
| CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2024-11-21 | 4.3 Medium |
| Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
| CVE-2023-4346 | 1 Knx | 1 Connection Authorization | 2024-11-21 | 7.5 High |
| KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way. | ||||
| CVE-2023-4258 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.6 High |
| In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | ||||
| CVE-2023-4230 | 1 Moxa | 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. | ||||
| CVE-2023-4218 | 1 Eclipse | 3 Eclipse Ide, Org.eclipse.core.runtime, Pde | 2024-11-21 | 5 Medium |
| In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch). | ||||
| CVE-2023-4217 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2024-11-21 | 3.1 Low |
| A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | ||||
| CVE-2023-4214 | 1 Apppresser | 1 Apppresser | 2024-11-21 | 8.1 High |
| The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. | ||||
| CVE-2023-4190 | 1 Admidio | 1 Admidio | 2024-11-21 | 6.5 Medium |
| Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. | ||||
| CVE-2023-4126 | 1 Answer | 1 Answer | 2024-11-21 | 8.8 High |
| Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0. | ||||
| CVE-2023-4101 | 1 Qsige | 1 Qsige | 2024-11-21 | 8.8 High |
| The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | ||||
| CVE-2023-4099 | 1 Qsige | 1 Qsige | 2024-11-21 | 7.6 High |
| The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | ||||
| CVE-2023-4096 | 1 Fujitsu | 1 Arconte Aurea | 2024-11-21 | 8.6 High |
| Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user. | ||||
| CVE-2023-4030 | 1 Lenovo | 9 Thinkpad, Thinkpad P14s Gen 2, Thinkpad P14s Gen 2 Firmware and 6 more | 2024-11-21 | 8.4 High |
| A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. | ||||
| CVE-2023-4005 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. | ||||
| CVE-2023-49812 | 1 Wppa | 1 Wp Photo Album Plus | 2024-11-21 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | ||||
| CVE-2023-49800 | 1 Johannschopplich | 1 Nuxt Api Party | 2024-11-21 | 7.5 High |
| `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options. | ||||
| CVE-2023-49798 | 1 Openzeppelin | 2 Contracts, Contracts Upgradeable | 2024-11-21 | 5.9 Medium |
| OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-49765 | 1 Blazzdev | 1 Rate My Post | 2024-11-21 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1. | ||||
| CVE-2023-49347 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-11-21 | 6 Medium |
| Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. | ||||