Total
9890 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6136 | 1 Bowo | 1 Debug Log Manager | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. | ||||
| CVE-2023-6001 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 5.3 Medium |
| Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment. | ||||
| CVE-2023-5968 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.9 Medium |
| Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | ||||
| CVE-2023-5718 | 1 Vuejs | 1 Devtools | 2024-11-21 | 4.3 Medium |
| The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource. | ||||
| CVE-2023-5642 | 1 Advantech | 1 R-seenet | 2024-11-21 | 9.8 Critical |
| Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. | ||||
| CVE-2023-5579 | 1 Yzh66 | 1 Sandbox | 2024-11-21 | 3.5 Low |
| A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144. | ||||
| CVE-2023-5552 | 1 Sophos | 1 Firewall | 2024-11-21 | 7.1 High |
| A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | ||||
| CVE-2023-5551 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
| Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | ||||
| CVE-2023-5545 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
| H5P metadata automatically populated the author with the user's username, which could be sensitive information. | ||||
| CVE-2023-5339 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 4.7 Medium |
| Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. | ||||
| CVE-2023-5256 | 1 Drupal | 1 Drupal | 2024-11-21 | 7.5 High |
| In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected. | ||||
| CVE-2023-5166 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 8 High |
| Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | ||||
| CVE-2023-5160 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 Medium |
| Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled | ||||
| CVE-2023-52286 | 1 Tencent | 1 Tencent Distributed Sql | 2024-11-21 | 7.5 High |
| Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. | ||||
| CVE-2023-52185 | 1 Everestthemes | 1 Everest Backup | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9. | ||||
| CVE-2023-52148 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30. | ||||
| CVE-2023-52147 | 2024-11-21 | 3.7 Low | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4. | ||||
| CVE-2023-51688 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26. | ||||
| CVE-2023-51687 | 1 Implecode | 1 Product Catalog Simple | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6. | ||||
| CVE-2023-51527 | 1 Aipower | 1 Aipower | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2. | ||||