Security Vulnerabilities, CVEs

CVE-2023-49578

SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.
Max CVSS
3.5
Published
2023-12-12
Updated
2023-12-15
EPSS
0.04%

CVE-2023-49577

The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
Max CVSS
6.1
Published
2023-12-12
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49563

Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver.
Max CVSS
6.1
Published
2023-12-12
Updated
2023-12-14
EPSS
0.05%

CVE-2023-49494

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php.
Max CVSS
0.0
Published
2023-12-11
Updated
2023-12-12
EPSS
0.05%

CVE-2023-49493

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.
Max CVSS
0.0
Published
2023-12-07
Updated
2023-12-07
EPSS
0.05%

CVE-2023-49492

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php.
Max CVSS
0.0
Published
2023-12-07
Updated
2023-12-07
EPSS
0.05%

CVE-2023-49490

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.
Max CVSS
0.0
Published
2023-12-11
Updated
2023-12-12
EPSS
0.05%

CVE-2023-49489

Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.
Max CVSS
6.1
Published
2023-12-19
Updated
2023-12-22
EPSS
0.05%

CVE-2023-49488

A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter.
Max CVSS
6.1
Published
2023-12-11
Updated
2023-12-13
EPSS
0.05%

CVE-2023-49487

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
Max CVSS
5.4
Published
2023-12-08
Updated
2023-12-12
EPSS
0.05%

CVE-2023-49486

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.
Max CVSS
5.4
Published
2023-12-08
Updated
2023-12-12
EPSS
0.05%

CVE-2023-49485

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.
Max CVSS
5.4
Published
2023-12-08
Updated
2023-12-12
EPSS
0.05%

CVE-2023-49484

Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.
Max CVSS
5.4
Published
2023-12-08
Updated
2023-12-11
EPSS
0.05%

CVE-2023-49469

Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function.
Max CVSS
0.0
Published
2023-12-28
Updated
2023-12-28
EPSS
0.05%

CVE-2023-49468

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
Max CVSS
8.8
Published
2023-12-07
Updated
2023-12-30
EPSS
0.09%

CVE-2023-49467

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.
Max CVSS
8.8
Published
2023-12-07
Updated
2023-12-30
EPSS
0.09%

CVE-2023-49465

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.
Max CVSS
8.8
Published
2023-12-07
Updated
2023-12-30
EPSS
0.09%

CVE-2023-49464

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.
Max CVSS
8.8
Published
2023-12-07
Updated
2023-12-11
EPSS
0.09%

CVE-2023-49463

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
Max CVSS
8.8
Published
2023-12-07
Updated
2023-12-11
EPSS
0.09%

CVE-2023-49462

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
Max CVSS
8.8
Published
2023-12-07
Updated
2023-12-11
EPSS
0.09%

CVE-2023-49460

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
Max CVSS
8.8
Published
2023-12-07
Updated
2023-12-11
EPSS
0.09%

CVE-2023-49448

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
Max CVSS
8.8
Published
2023-12-05
Updated
2023-12-09
EPSS
0.06%

CVE-2023-49447

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
Max CVSS
8.8
Published
2023-12-05
Updated
2023-12-09
EPSS
0.06%

CVE-2023-49446

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
Max CVSS
8.8
Published
2023-12-05
Updated
2023-12-09
EPSS
0.06%

CVE-2023-49444

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.
Max CVSS
5.4
Published
2023-12-08
Updated
2023-12-11
EPSS
0.05%
50 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 ...... 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50