CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

Source: CVE-2023-39174

CVE-2023-39173

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

Source: CVE-2023-39173

CVE-2023-34093

Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue.

Source: CVE-2023-34093

CVE-2023-3548

An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.

Source: CVE-2023-3548

CVE-2023-34017

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions.

Source: CVE-2023-34017

CVE-2023-36385

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.

Source: CVE-2023-36385

CVE-2023-34369

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.

Source: CVE-2023-34369

CVE-2023-36501

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions.

Source: CVE-2023-36501

CVE-2023-36503

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions.

Source: CVE-2023-36503

CVE-2023-36502

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cththemes Balkon plugin <= 1.3.2 versions.

Source: CVE-2023-36502