Newest CVEs

IDDescriptionSeverity
CVE-2023-43319Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.
medium
CVE-2023-42817Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually.
medium
CVE-2023-41871Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.
medium
CVE-2023-41868Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions.
medium
CVE-2023-41867Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.
medium
CVE-2023-41863Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions.
medium
CVE-2023-40581yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\n` will be replaced by `\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead.
high
CVE-2023-39640UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().
critical
CVE-2023-4156A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
low
CVE-2023-5166Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
critical
CVE-2023-5165Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.
high
CVE-2023-5158A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.
medium
CVE-2023-5156A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
high
CVE-2023-4892Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.
No Score
CVE-2023-4631The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
high
CVE-2023-4549The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
medium
CVE-2023-4521The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.
critical
CVE-2023-4502The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters.
medium
CVE-2023-4490The WP Job Portal WordPress plugin through 2.0.3 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
critical
CVE-2023-4476The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
medium
CVE-2023-43382Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.
critical
CVE-2023-43339Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
medium
CVE-2023-43141TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
critical
CVE-2023-4300The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
critical
CVE-2023-4281This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
critical
CVE-2023-4238The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
critical
CVE-2023-4148The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
medium
CVE-2023-40163An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
critical
CVE-2023-39453A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability.
high
CVE-2023-3664The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
critical
CVE-2023-3550Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.
high
CVE-2023-3547The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.
high
CVE-2023-35002A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
high
CVE-2023-32653An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
high
CVE-2023-32614A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
high
CVE-2023-32284An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
critical
CVE-2023-3226The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
medium
CVE-2023-28393A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
high
CVE-2023-23567A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
high
CVE-2023-0633In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
high
CVE-2023-0627Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
high
CVE-2023-0626Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
critical
CVE-2023-0625Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
critical
CVE-2023-43456Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.
medium
CVE-2023-43131General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.
critical
CVE-2023-43256A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.
medium
CVE-2023-41303Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.
high
CVE-2023-41302Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.
high
CVE-2023-41301Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.
high
CVE-2023-41300Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
high