Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2319 2 Clusterlabs, Redhat 4 Pcs, Enterprise Linux, Enterprise Linux High Availability and 1 more 2025-01-22 9.8 Critical
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.
CVE-2023-2295 2 Libreswan, Redhat 7 Libreswan, Enterprise Linux, Enterprise Linux Eus and 4 more 2025-01-22 7.5 High
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
CVE-2023-7072 1 Pickplugins 1 Post Grid Combo 2025-01-22 7.5 High
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.
CVE-2024-2107 1 Blossomthemes 1 Blossom Spa 2025-01-22 5.8 Medium
The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts.
CVE-2023-6999 1 Podsfoundation 1 Pods 2025-01-22 8.8 High
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.
CVE-2023-31902 1 Mobilemouse 1 Mobile Mouse 2025-01-22 9.8 Critical
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
CVE-2023-31847 1 Davinci Project 1 Davinci 2025-01-22 6.5 Medium
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.
CVE-2023-31724 1 Yasm Project 1 Yasm 2025-01-22 7.8 High
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.
CVE-2023-31723 1 Yasm Project 1 Yasm 2025-01-22 5.5 Medium
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.
CVE-2022-42443 1 Ibm 2 Trusteer Android Sdk For Mobile, Trusteer Ios Sdk For Mobile 2025-01-22 2.2 Low
An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.
CVE-2023-30438 1 Ibm 17 Power System E1050, Power System E1080, Power System E950 and 14 more 2025-01-22 9.3 Critical
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.
CVE-2025-0206 1 Code-projects 1 Online Shoe Store 2025-01-22 5.3 Medium
A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-31871 1 Opentext 1 Documentum Content Server 2025-01-22 7.8 High
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root.
CVE-2024-34722 1 Google 1 Android 2025-01-21 7.4 High
In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-33506 1 Fortinet 1 Fortimanager 2025-01-21 3.1 Low
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.
CVE-2024-1645 1 Wobbie 1 Mollie Forms 2025-01-21 4.3 Medium
The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.
CVE-2024-12398 1 Zyxel 46 Nwa110ax, Nwa110ax Firmware, Nwa1123acv3 and 43 more 2025-01-21 8.8 High
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device.
CVE-2023-4626 1 Ladipage 1 Ladipage 2025-01-21 4.3 Medium
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option.
CVE-2023-33240 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-01-21 7.8 High
Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.
CVE-2024-24975 1 Mattermost 1 Mattermost Mobile 2025-01-21 3.5 Low
Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mobile app.