CVE-2023-46300
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
Source: CVE-2023-46300
CVE-2023-46300
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
Source: CVE-2023-46300
CVE-2023-46301
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
Source: CVE-2023-46301
CVE-2023-46298
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
Source: CVE-2023-46298
CVE-2023-38276
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.
Source: CVE-2023-38276
CVE-2023-38735
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.
Source: CVE-2023-38735
CVE-2023-38275
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.
Source: CVE-2023-38275
CVE-2023-46078
Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <=Â 1.6.3 versions.
Source: CVE-2023-46078
CVE-2023-46067
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <=Â 1.2.3 versions.
Source: CVE-2023-46067
CVE-2023-5205
The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_custom_body_class’ value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Source: CVE-2023-5205
CVE-2023-4635
The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Source: CVE-2023-4635