Latest medium severity Vulnerabilities

CVE-2023-6651
code-projects Matrimonial Site sql injection
CVE-2023-6650
SourceCodester Simple Invoice Generator System login.php cross site scripting
CVE-2023-6649
PHPGurukul Teacher Subject Allocation Management System index.php cross site scripting
CVE-2023-6648
PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection
CVE-2023-6647
AMTT HiBOS sql injection
CVE-2023-6120
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for admini...
CVE-2023-5756
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on ...
CVE-2020-25835
Micro Focus ArcSight Management Center Remote Vulnerability
CVE-2023-49797
Local Privilege Escalation in pyinstaller on Windows
pip/pyinstaller<5.13.1
GHSA-9w2p-rh8c-v9g5
### Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. ...
pip/pyinstaller<5.13.1
CVE-2023-49799
Server-Side Request Forgery in nuxt-api-party
CVE-2023-49800
Denial of service by abusing `fetchOptions.retry` in nuxt-api-party
CVE-2023-49798
Duplicated execution of subcalls in OpenZeppelin Contracts
CVE-2023-6337
Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-49782
Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
CVE-2023-49788
Improper handling of browser-side provided input in richdocuments path handling
CVE-2023-6507
Groups not dropped before running subprocess when using empty 'extra_groups' parameter
CVE-2023-6619
SourceCodester Simple Student Attendance System class_form.php sql injection
CVE-2023-6618
SourceCodester Simple Student Attendance System index.php file inclusion
CVE-2023-6617
SourceCodester Simple Student Attendance System attendance.php sql injection
CVE-2023-32968
QTS, QuTS hero
CVE-2023-23372
QTS, QuTS hero
CVE-2023-32975
QTS, QuTS hero
CVE-2023-47565
Legacy VioStor NVR
CVE-2023-6612
Totolink X5000R cstecgi.cgi setWizardCfg os command injection
GHSA-7787-p7x6-fq3j
### Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with `empty` data type. For example, if the payload is `record { * ; empty }` and the canister inte...
rust/candid>=0.9.0<0.9.10
GHSA-9j5w-2cqc-cwj9
From HackerOne report [#1948040](https://hackerone.com/reports/1948040) by Halit AKAYDIN (hltakydn) ### Impact _What kind of vulnerability is it? Who is impacted?_ The TinyMCE WYSIWYG editor fails t...
composer/openmage/magento-lts<20.2.0
CVE-2023-6611
Tongda OA 2017 delete.php sql injection
CVE-2023-48311
Any image allowed by default
pip/dockerspawner>=0.11.0<13.0.0
GHSA-hfgr-h3vc-p6c2
### Impact Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable image, inste...
pip/dockerspawner>=0.11.0<13.0.0
CVE-2023-6608
Tongda OA 2017 delete.php sql injection
CVE-2023-6245
Infinite decoding loop through specially crafted payload
rust/candid>=0.9.0<0.9.10
CVE-2023-6146
Stored XSS Vulnerability in QualysGuard VM/PC
CVE-2023-6607
Tongda OA 2017 delete.php sql injection
REDHAT-BUG-2253632
CVE-2023-6622
Kernel: null pointer dereference vulnerability in nft_dynset_init()
REDHAT-BUG-2253614
CVE-2023-6610
Kernel: oob access in smb2_dump_detail
REDHAT-BUG-2253611
CVE-2023-6606
Kernel: out-of-bounds read vulnerability in smbcalcsize
CVE-2023-32460
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. ...
CVE-2023-26158
All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying att...
CVE-2023-6061
Phantom DLL Vulnerabilities in Iconics Suite
CVE-2023-5008
Student Information System v1.0 - Unauthenticated SQL Injection
CVE-2023-4122
Student Information System v1.0 - Insecure File Upload
CVE-2023-6581
D-Link DAR-7000 workidajax.php sql injection
CVE-2023-6580
D-Link DIR-846 QoS POST deserialization
CVE-2023-6579
osCommerce POST Parameter shopping-cart sql injection
CVE-2023-6578
Software AG WebMethods access control
CVE-2023-6577
Beijing Baichuo PatrolFlow 2530Pro mailsendview.php path traversal

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2023 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203