CVE-2023-30782
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <=Â 3.7.5 versions.
Source: CVE-2023-30782
[월:] 2023년 08월
CVE-2023-30473
CVE-2023-30473
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <=Â 3.10.7 versions.
Source: CVE-2023-30473
CVE-2023-39507
CVE-2023-39507
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.
Source: CVE-2023-39507
CVE-2023-4374
CVE-2023-4374
The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the ‘refresh_logs_async’ functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.
Source: CVE-2023-4374
CVE-2023-3958
CVE-2023-3958
The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the ‘notify_ping_remote’ AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.
Source: CVE-2023-3958
CVE-2023-26140
CVE-2023-26140
Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.
Source: CVE-2023-26140
CVE-2023-39850
CVE-2023-39850
Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
Source: CVE-2023-39850
CVE-2023-39851
CVE-2023-39851
webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.
Source: CVE-2023-39851
CVE-2023-39849
CVE-2023-39849
Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at incfunction.php.
Source: CVE-2023-39849
CVE-2023-20564
CVE-2023-20564
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzenâ„¢ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
Source: CVE-2023-20564