Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-3821

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE
#xss#git
CVE-2023-3820: [Bug]: Quote sorting key (#15523) · pimcore/pimcore@e641968

SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE-2023-3819: Confidential information provided to user with no permissions (#15530) · pimcore/pimcore@0237527

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE-2023-3822: Fix Xss in the link Editable · pimcore/pimcore@d75888a

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.

CVE-2023-3484

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.

CVE-2023-35087: ASUS RT-AX56U V2 & RT-AC86U - Format String - 2

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

CVE-2023-35086: ASUS RT-AX56U V2 & RT-AC86U - Format String -1

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

CVE-2023-28730: Programming Software Control FPWIN Pro

A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

CVE-2023-3815: Xss文件上传方法检测到漏洞 · Issue #I7IL85 · 若依/RuoYi - Gitee.com

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.

CVE-2023-37292: 桓基科技 HGiga iSherlock - Command Injection

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.