Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-38948: jizhi CMS 1.9.5 has a Arbitrary File Download RCE vulnerability via /A/c/PluginsController.php · Issue #I7LI4E · Pwn师傅/Pwn - Gitee.com

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.

CVE
#vulnerability#web#mac#apple#js#git#java#intel#php#rce#chrome#webkit
CVE-2023-33366: CVE-2023-33366

A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.

CVE-2023-39096: WebBoss.io CMS Persistent (Stored) XSS CVE-2023-39096 | RiSec Advisories

WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.

CVE-2023-39097: WebBoss.io CMS Persistent (Stored) XSS CVE-2023-39097 | RiSec Advisories

WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.

CVE-2023-36298: GitHub - MentalityXt/Dedecms-v5.7.109-RCE

DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).

CVE-2023-36299: Release v1.2.1 · typecho/typecho

A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.

CVE-2022-26838: 不具合情報公開サイト

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.

CVE-2023-25600: Insyde Security Advisory 2023028 | Insyde Software

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.

CVE-2023-3348: Wrangler (command line) · Cloudflare Workers docs

The Wrangler command line tool (<=wrangler@3.1.0) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

CVE-2023-28468: Insyde Security Advisory 2023039 | Insyde Software

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.