CVE-2023-2263
The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. Â The new ENIP connections cannot be established if impacted by this vulnerability, Â which prohibits operational capabilities of the device resulting in a denial-of-service attack.
Source: CVE-2023-2263
CVE-2023-31441
In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.
Source: CVE-2023-31441
CVE-2023-36120
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2023-36120
CVE-2022-47421
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.
Source: CVE-2022-47421
CVE-2023-36383
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <=Â 3.9.5 versions.
Source: CVE-2023-36383
CVE-2020-36762
A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248.
Source: CVE-2020-36762
CVE-2023-36384
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <=Â 1.2.40 versions.
Source: CVE-2023-36384
CVE-2023-24390
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <=Â 1.2.1 versions.
Source: CVE-2023-24390
CVE-2023-30906
The vulnerability could be locally exploited to allow escalation of privilege.
Source: CVE-2023-30906
CVE-2022-41409
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.
Source: CVE-2022-41409