Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-48631 |
@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Published: December 14, 2023; 8:15:54 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-49708 |
SQLi vulnerability in Starshop component for Joomla. Published: December 14, 2023; 4:15:42 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-49707 |
SQLi vulnerability in S5 Register module for Joomla. Published: December 14, 2023; 4:15:42 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48925 |
SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). Published: December 14, 2023; 4:15:42 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-46750 |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. Published: December 14, 2023; 4:15:42 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-46348 |
SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods. Published: December 14, 2023; 4:15:42 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-40659 |
A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40658 |
A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40657 |
A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40656 |
A reflected XSS vulnerability was discovered in the Quickform component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40655 |
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40630 |
Unauthenticated LFI/SSRF in JCDashboards component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-40629 |
SQLi vulnerability in LMS Lite component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-40628 |
A reflected XSS vulnerability was discovered in the Extplorer component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-40627 |
A reflected XSS vulnerability was discovered in the LivingWord component for Joomla. Published: December 14, 2023; 4:15:41 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-25644 |
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack. Published: December 14, 2023; 3:15:38 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-25643 |
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands. Published: December 14, 2023; 3:15:38 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-25642 |
There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack. Published: December 14, 2023; 3:15:37 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-1904 |
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. Published: December 14, 2023; 3:15:36 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-48085 |
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. Published: December 14, 2023; 2:15:09 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |