) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Keyword and keyword exact match searches have been re-enabled. Clarifications on how keyword search operates can be found in the documentation for keyword parameters. For questions and concerns you can contact nvd@nist.gov .
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2023-3992 - The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Published: August 30, 2023; 11:15:09 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-41538 - phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
Published: August 30, 2023; 10:15:11 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-41537 - phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
Published: August 30, 2023; 10:15:10 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-34187 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Tien Call Now Icon Animate plugin <= 0.1.0 versions.
Published: August 30, 2023; 10:15:10 AM -0400V3.1: 4.8 MEDIUM
-
CVE-2023-34184 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions.
Published: August 30, 2023; 10:15:09 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-34183 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.
Published: August 30, 2023; 10:15:09 AM -0400V3.1: 4.8 MEDIUM
-
CVE-2020-18912 - An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php.
Published: August 29, 2023; 7:15:07 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-39616 - AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
Published: August 29, 2023; 1:15:12 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-39615 - Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.
Published: August 29, 2023; 1:15:12 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2023-39558 - AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.
Published: August 29, 2023; 7:15:08 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-39559 - AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability.
Published: August 29, 2023; 7:15:08 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2023-41363 - In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
Published: August 29, 2023; 1:15:43 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2023-36481 - An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop.
Published: August 28, 2023; 8:15:09 AM -0400V3.1: 7.5 HIGH
-
CVE-2023-26095 - ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.
Published: August 28, 2023; 8:15:08 AM -0400V3.1: 7.5 HIGH
-
CVE-2023-40787 - In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.
Published: August 29, 2023; 9:15:53 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-32678 - Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messa... read CVE-2023-32678
Published: August 25, 2023; 5:15:08 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2023-40587 - Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is l... read CVE-2023-40587
Published: August 25, 2023; 5:15:09 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2023-4546 - A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads ... read CVE-2023-4546
Published: August 26, 2023; 4:15:08 AM -0400V3.1: 6.5 MEDIUM
-
CVE-2023-3136 - The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... read CVE-2023-3136
Published: August 30, 2023; 5:15:08 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-2906 - Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
Published: August 25, 2023; 5:15:07 PM -0400V3.1: 6.5 MEDIUM