Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-47327 The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navi... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-48628 Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio... | 7.8 | HIGH | — | 0 |
| CVE-2023-48629 Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio... | 7.8 | HIGH | — | 0 |
| CVE-2023-48630 Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio... | 7.8 | HIGH | — | 0 |
| CVE-2023-48632 Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curr... | 7.8 | HIGH | — | 0 |
| CVE-2023-48633 Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current us... | 7.8 | HIGH | — | 0 |
| CVE-2023-48634 Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of th... | 7.8 | HIGH | — | 0 |
| CVE-2023-48635 Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leve... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-48636 Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker co... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-48637 Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker co... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-48638 Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker co... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-48639 Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of ... | 7.8 | HIGH | — | 0 |
| CVE-2023-6756 A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-50364 A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execut... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-6757 A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-6758 A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-6759 A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads t... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-6760 A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated rem... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-6761 A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation lead... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6762 A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The mani... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-49363 Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-50764 Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary fi... | 8.1 | HIGH | — | 0 |
| CVE-2023-50765 A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50766 A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as... | 8.8 | HIGH | — | 0 |
| CVE-2023-50767 Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the respons... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-50769 Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified c... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50778 A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. | 8.8 | HIGH | — | 0 |
| CVE-2023-50770 Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Je... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-50772 Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permiss... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50773 Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50774 A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. | 8.1 | HIGH | — | 0 |
| CVE-2023-50775 A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50776 Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Exten... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50333 Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | 3.7 | LOW | — | 0 |
| CVE-2023-50779 Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6765 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function prepare of the file email_setup.php. The manipu... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-6766 A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6767 A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the ar... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-43813 GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 conta... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-40659 A reflected XSS vulnerability was discovered in the Easy Quick Contact module for Joomla. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-46726 GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary c... | 7.2 | HIGH | — | 0 |
| CVE-2023-46727 GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 c... | 8.6 | HIGH | — | 0 |
| CVE-2023-6771 A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php.... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-6772 A vulnerability, which was classified as critical, was found in OTCMS 7.01. Affected is an unknown function of the file /admin/ind_backstage.php. The manipulation of the argument sqlContent leads to s... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-6789 A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then,... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-50073 EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-6790 A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when t... | 8.8 | HIGH | — | 0 |
| CVE-2023-6791 A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations ... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-6792 An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with lim... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-6793 An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML AP... | 2.7 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.