U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 244,349 matching records.
Displaying matches 29,361 through 29,380.
Vuln ID Summary CVSS Severity
CVE-2023-46119

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.

Published: October 25, 2023; 2:17:36 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-46118

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Published: October 25, 2023; 2:17:36 PM -0400
V4.0:(not available)
V3.1: 4.9 MEDIUM
V2.0:(not available)
CVE-2023-46102

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.

Published: October 25, 2023; 2:17:36 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-46071

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-46070

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-46069

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7 versions.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-46068

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-46010

An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-45990

Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 8.0 HIGH
V2.0:(not available)
CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.  This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-45844

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 6.8 MEDIUM
V2.0:(not available)
CVE-2023-45837

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-45835

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-45833

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin <= 0.7.4 versions.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-45832

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson WP GoToWebinar plugin <= 14.45 versions.

Published: October 25, 2023; 2:17:35 PM -0400
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-45829

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress plugin <= 2.0.1 versions.

Published: October 25, 2023; 2:17:34 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-45772

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions.

Published: October 25, 2023; 2:17:34 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-45770

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions.

Published: October 25, 2023; 2:17:34 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-45769

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.

Published: October 25, 2023; 2:17:34 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-45768

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephanie Leary Next Page plugin <= 1.5.2 versions.

Published: October 25, 2023; 2:17:34 PM -0400
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0:(not available)