Total
3753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4767 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.1 Medium |
| A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. | ||||
| CVE-2023-4478 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. | ||||
| CVE-2023-4393 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 5.4 Medium |
| HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | ||||
| CVE-2023-4197 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 High |
| Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | ||||
| CVE-2023-4157 | 1 Omeka | 2 Omeka, Omeka S | 2024-11-21 | 5.2 Medium |
| CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3. | ||||
| CVE-2023-49964 | 1 Hyland | 1 Alfresco Content Services | 2024-11-21 | 8.8 High |
| An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873. | ||||
| CVE-2023-49328 | 2 Linux, Wolterskluwer | 2 Linux Kernel, B.point | 2024-11-21 | 7.2 High |
| On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module. | ||||
| CVE-2023-49214 | 1 Usedesk | 1 Usedesk | 2024-11-21 | 9.8 Critical |
| Usedesk before 1.7.57 allows chat template injection. | ||||
| CVE-2023-48841 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | 8.8 High |
| Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | ||||
| CVE-2023-48835 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | 8.8 High |
| Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | ||||
| CVE-2023-48830 | 1 Phpjabbers | 1 Shuttle Booking Software | 2024-11-21 | 8.8 High |
| Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. | ||||
| CVE-2023-48826 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | 8.8 High |
| Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. | ||||
| CVE-2023-48205 | 1 Jorani | 1 Leave Management System | 2024-11-21 | 5.3 Medium |
| Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. | ||||
| CVE-2023-47119 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.3 Medium |
| Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | ||||
| CVE-2023-46726 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.2 High |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue. | ||||
| CVE-2023-46468 | 1 Juzaweb | 1 Juzaweb Cms | 2024-11-21 | 7.8 High |
| An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | ||||
| CVE-2023-46456 | 1 Gl-inet | 2 Gl-ar300m, Gl-ar300m Firmware | 2024-11-21 | 9.8 Critical |
| In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. | ||||
| CVE-2023-45540 | 1 Jorani | 1 Leave Management System | 2024-11-21 | 6.5 Medium |
| An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. | ||||
| CVE-2023-45303 | 1 Thingsboard | 1 Thingsboard | 2024-11-21 | 8.4 High |
| ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | ||||
| CVE-2023-44373 | 1 Siemens | 142 6ag1206-2bb00-7ac2, 6ag1206-2bb00-7ac2 Firmware, 6ag1206-2bs00-7ac2 and 139 more | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V2.4.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.4.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V2.4.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V2.4.0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions < V2.4.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V2.4.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.4.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V2.4.0), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions < V2.4.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.4.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.4.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V2.4.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V2.4.0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions < V2.4.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V2.4.0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions < V2.4.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323. | ||||