CVE-2023-23681
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.
Source: CVE-2023-23681
[월:] 2023년 03월
CVE-2023-25040
CVE-2023-25040
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.
Source: CVE-2023-25040
CVE-2023-24399
CVE-2023-24399
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.
Source: CVE-2023-24399
CVE-2023-23677
CVE-2023-23677
Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.
Source: CVE-2023-23677
CVE-2023-23675
CVE-2023-23675
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.
Source: CVE-2023-23675
CVE-2023-23670
CVE-2023-23670
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.
Source: CVE-2023-23670
CVE-2023-28935
CVE-2023-28935
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Source: CVE-2023-28935
CVE-2023-1712
CVE-2023-1712
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.
Source: CVE-2023-1712
CVE-2023-1699
CVE-2023-1699
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.
Source: CVE-2023-1699
CVE-2023-1014
CVE-2023-1014
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.This issue affects Vira-Investing: before 1.0.84.86.
Source: CVE-2023-1014