Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-42222: GitHub - itssixtyn3in/CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

CVE
Open in Source
#vulnerability#web#mac#git#samba
CVE-2023-5244: huntr – Security Bounties for any GitHub repository

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

CVE-2023-43314: ZYXEL-PMG2005-T20B has a denial of service vulnerability · Issue #1 · Rumble00/Rumble

Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.

CVE-2023-41453: PHPKOBO

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.

CVE-2023-41448: CVE-2023-41448

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.

CVE-2023-43191: cmscve_test/README.md at main · etn0tw/cmscve_test

JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft

CVE-2023-43233: mycve/YZNCMS 1.3.0 XSS.pdf at main · yux1azhengye/mycve

A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

CVE-2023-43320: tfa: add data for rate limiting and blocking · proxmox/proxmox-rs@50b793d

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.

CVE-2023-44080: CVE-2023-44080.md

An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.

CVE-2023-43660: fixed GHSA-3cjp-w4cp-m9c8 - interpreting SSH public key offers as a s… · warp-tech/warpgate@a4df7f7

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.