651
|
5.4 |
MEDIUM
Network
|
brightplugins
|
pre-orders_for_woocommerce
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-46783
|
2024-10-30 04:35 |
2023-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
652
|
5.4 |
MEDIUM
Network
|
chrisyee
|
momentopress_for_momento360
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <= 1.0.1 versions.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-46782
|
2024-10-30 04:35 |
2023-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
653
|
5.5 |
MEDIUM
Local
|
nta
|
e-tax
|
e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arb…
Update
|
CWE-611
XXE
|
CVE-2023-46802
|
2024-10-30 04:35 |
2023-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
654
|
5.4 |
MEDIUM
Network
|
sixapart
|
movable_type
|
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and ea…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-45746
|
2024-10-30 04:35 |
2023-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
655
|
4.3 |
MEDIUM
Network
|
vmware
|
vcenter_server
|
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
Update
|
NVD-CWE-noinfo
|
CVE-2023-34056
|
2024-10-30 04:35 |
2023-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
656
|
3.3 |
LOW
Local
|
apple
|
iphone_os macos watchos ipados
|
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user…
Update
|
NVD-CWE-noinfo
|
CVE-2023-35990
|
2024-10-30 04:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
657
|
7.1 |
HIGH
Local
|
hcltech
|
dryice_mycloud
|
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2023-23346
|
2024-10-30 04:35 |
2023-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
658
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the fil…
Update
|
NVD-CWE-noinfo
|
CVE-2023-35983
|
2024-10-30 04:35 |
2023-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
659
|
8.8 |
HIGH
Adjacent
|
axis
|
a1001_firmware
|
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when
communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which
is handling the OSDP comm…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-21406
|
2024-10-30 04:35 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
660
|
6.5 |
MEDIUM
Adjacent
|
axis
|
a1001_firmware a1210_\(-b\)_firmware a1601_firmware a1610_\(-b\)_firmware axis_os
|
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network
Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes
the pacsiod pro…
Update
|
NVD-CWE-noinfo
|
CVE-2023-21405
|
2024-10-30 04:35 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|