CVE-2023-2917

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.  Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.  A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.

Source: CVE-2023-2917

CVE-2023-31079

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Roberts Tippy plugin <= 6.2.1 versions.

Source: CVE-2023-31079

CVE-2023-31072

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen Goswami Advanced Category Template plugin <= 0.1 versions.

Source: CVE-2023-31072

CVE-2023-28783

Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.

Source: CVE-2023-28783

CVE-2023-28693

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasaheb Bhise Advanced Youtube Channel Pagination plugin <= 1.0 version.

Source: CVE-2023-28693

CVE-2023-40272

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.
It is recommended to upgrade to a version that is not affected.

Source: CVE-2023-40272

CVE-2023-34412

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker to store an arbitrary JavaScript payload on the diagnosis page of the device.
That page is loaded immediately after login in to the device and runs the stored payload, allowing the
attacker to read and write browser data and reduce system performance.

Source: CVE-2023-34412

CVE-2023-38902

An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P218, RG-EG series business VPN routers v.EG_3.0(1)B11P216, EAP and RAP series wireless access points v.AP_3.0(1)B11P218, and NBC series wireless controllers v.AC_3.0(1)B11P86 allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub_40DA38.

Source: CVE-2023-38902

CVE-2023-4394

A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information

Source: CVE-2023-4394

CVE-2023-38838

SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component.

Source: CVE-2023-38838