Show filters
469 Total Results
Displaying 181-190 of 469
Sort by:
Attacker Value
Unknown

CVE-2023-30985

Disclosure Date: May 09, 2023 (last updated February 24, 2025)
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)
Attacker Value
Unknown

CVE-2023-0894

Disclosure Date: May 08, 2023 (last updated October 08, 2023)
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Attacker Value
Unknown

CVE-2022-4568

Disclosure Date: May 01, 2023 (last updated February 24, 2025)
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
Attacker Value
Unknown

CVE-2023-0179

Disclosure Date: March 27, 2023 (last updated February 24, 2025)
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
Attacker Value
Unknown

CVE-2023-0494

Disclosure Date: March 27, 2023 (last updated February 24, 2025)
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Attacker Value
Unknown

CVE-2023-28665

Disclosure Date: March 22, 2023 (last updated February 24, 2025)
The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.
Attacker Value
Unknown

CVE-2023-27905

Disclosure Date: March 10, 2023 (last updated February 24, 2025)
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
Attacker Value
Unknown

CVE-2023-1277

Disclosure Date: March 08, 2023 (last updated February 24, 2025)
A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600.
Attacker Value
Unknown

CVE-2021-32859

Disclosure Date: February 21, 2023 (last updated February 24, 2025)
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user leading to XSS. There are no known patches for this issue.
Attacker Value
Unknown

CVE-2022-41314

Disclosure Date: February 16, 2023 (last updated February 24, 2025)
Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.