CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: August 16, 2024. 11:01:01 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | September 23, 2023. 03:43:00 | [www.dell.com] |
| CVE-2023-42322 | Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | September 23, 2023. 03:42:00 | [gist.github.com][www.icmsdev.com] |
| CVE-2018-5478 | Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension. | September 23, 2023. 03:42:00 | [security.snyk.io][github.com] |
| CVE-2023-4152 | Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device. | September 23, 2023. 03:41:00 | [cert.vde.com] |
| CVE-2023-34577 | SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. | September 23, 2023. 03:38:00 | [security.friendsofpresta.org] |
| CVE-2023-42810 | systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only). | September 23, 2023. 03:38:00 | [github.com][systeminformation.io] |
| CVE-2023-34576 | SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. | September 23, 2023. 03:35:00 | [security.friendsofpresta.org] |
| CVE-2023-42482 | Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. | September 23, 2023. 03:33:00 | [semiconductor.samsung.com] |
| CVE-2023-41616 | A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload. | September 22, 2023. 23:21:00 | [medium.com] |
| CVE-2023-5016 | A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability. | September 22, 2023. 23:16:00 | [github.com][github.com] |
| CVE-2023-0462 | An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. | September 22, 2023. 23:12:00 | [access.redhat.com][bugzilla.redhat.com] |
| CVE-2023-0118 | An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. | September 22, 2023. 23:10:00 | [access.redhat.com][access.redhat.com] |
| CVE-2023-39045 | An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | September 22, 2023. 23:04:00 | [github.com] |
| CVE-2023-39052 | An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | September 22, 2023. 23:03:00 | [github.com] |
| CVE-2023-38875 | A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'. | September 22, 2023. 22:55:00 | [github.com] |
| CVE-2015-5467 | web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. | September 22, 2023. 22:51:00 | [github.com][www.yiiframework.com] |
| CVE-2023-39041 | An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | September 22, 2023. 22:46:00 | [github.com] |
| CVE-2023-37410 | IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138. | September 22, 2023. 22:39:00 | [exchange.xforce.ibmcloud.com][www.ibm.com] |
| CVE-2023-20597 | Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | September 22, 2023. 22:35:00 | [www.amd.com] |
| CVE-2023-38408 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | September 22, 2023. 21:15:00 | [github.com][www.openssh.com] |
Page 785 of 1338
