This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T20:58:30+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure Microsoft Edge (Chromium-based) Information Disclosure Vulnerability]]> 2023-11-07T00:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36409 www.secnews.physaphae.fr/article.php?IdArticle=8406962 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Microsoft OneNote Spoofing Vulnerability]]> 2023-11-06T23:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36769 www.secnews.physaphae.fr/article.php?IdArticle=8406963 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.]]> 2023-11-06T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47004 www.secnews.physaphae.fr/article.php?IdArticle=8406879 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.]]> 2023-11-06T22:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45556 www.secnews.physaphae.fr/article.php?IdArticle=8406878 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.]]> 2023-11-06T21:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5771 www.secnews.physaphae.fr/article.php?IdArticle=8406893 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.]]> 2023-11-06T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5777 www.secnews.physaphae.fr/article.php?IdArticle=8406853 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.]]> 2023-11-06T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5719 www.secnews.physaphae.fr/article.php?IdArticle=8406852 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.]]> 2023-11-06T20:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48192 www.secnews.physaphae.fr/article.php?IdArticle=8406846 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn\'t properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins).]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46731 www.secnews.physaphae.fr/article.php?IdArticle=8406850 False Vulnerability None None CVE Liste - Common Vulnerability Exposure capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `--disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn\'t allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46254 www.secnews.physaphae.fr/article.php?IdArticle=8406849 False Vulnerability Uber None CVE Liste - Common Vulnerability Exposure strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39345 www.secnews.physaphae.fr/article.php?IdArticle=8406848 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability.]]> 2023-11-06T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46732 www.secnews.physaphae.fr/article.php?IdArticle=8406851 False Vulnerability None None CVE Liste - Common Vulnerability Exposure MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn\'t escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_): - _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_.]]> 2023-11-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46251 www.secnews.physaphae.fr/article.php?IdArticle=8406787 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.]]> 2023-11-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45827 www.secnews.physaphae.fr/article.php?IdArticle=8406786 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.]]> 2023-11-06T18:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44398 www.secnews.physaphae.fr/article.php?IdArticle=8406784 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system\'s security.]]> 2023-11-06T17:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4535 www.secnews.physaphae.fr/article.php?IdArticle=8406785 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.]]> 2023-11-06T17:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40661 www.secnews.physaphae.fr/article.php?IdArticle=8406783 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user\'s web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).]]> 2023-11-06T15:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5950 www.secnews.physaphae.fr/article.php?IdArticle=8406737 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46780 www.secnews.physaphae.fr/article.php?IdArticle=8406641 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46778 www.secnews.physaphae.fr/article.php?IdArticle=8406639 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46776 www.secnews.physaphae.fr/article.php?IdArticle=8406637 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46781 www.secnews.physaphae.fr/article.php?IdArticle=8406642 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5823 www.secnews.physaphae.fr/article.php?IdArticle=8406647 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46779 www.secnews.physaphae.fr/article.php?IdArticle=8406640 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47186 www.secnews.physaphae.fr/article.php?IdArticle=8406644 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T12:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46777 www.secnews.physaphae.fr/article.php?IdArticle=8406638 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46775 www.secnews.physaphae.fr/article.php?IdArticle=8406636 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47185 www.secnews.physaphae.fr/article.php?IdArticle=8406643 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. ]]> 2023-11-06T11:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4996 www.secnews.physaphae.fr/article.php?IdArticle=8406645 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46824 www.secnews.physaphae.fr/article.php?IdArticle=8406583 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47182 www.secnews.physaphae.fr/article.php?IdArticle=8406586 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.]]> 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46821 www.secnews.physaphae.fr/article.php?IdArticle=8406580 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46783 www.secnews.physaphae.fr/article.php?IdArticle=8406578 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46822 www.secnews.physaphae.fr/article.php?IdArticle=8406581 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47177 www.secnews.physaphae.fr/article.php?IdArticle=8406585 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4.]]> 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46823 www.secnews.physaphae.fr/article.php?IdArticle=8406582 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47184 www.secnews.physaphae.fr/article.php?IdArticle=8406587 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.]]> 2023-11-06T10:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46084 www.secnews.physaphae.fr/article.php?IdArticle=8406575 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46782 www.secnews.physaphae.fr/article.php?IdArticle=8406577 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-11-06T10:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23702 www.secnews.physaphae.fr/article.php?IdArticle=8406545 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38382 www.secnews.physaphae.fr/article.php?IdArticle=8406561 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40207 www.secnews.physaphae.fr/article.php?IdArticle=8406564 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40609 www.secnews.physaphae.fr/article.php?IdArticle=8406565 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45046 www.secnews.physaphae.fr/article.php?IdArticle=8406569 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45055 www.secnews.physaphae.fr/article.php?IdArticle=8406570 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41685 www.secnews.physaphae.fr/article.php?IdArticle=8406566 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45074 www.secnews.physaphae.fr/article.php?IdArticle=8406572 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45830 www.secnews.physaphae.fr/article.php?IdArticle=8406574 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45001 www.secnews.physaphae.fr/article.php?IdArticle=8406568 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45069 www.secnews.physaphae.fr/article.php?IdArticle=8406571 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.]]> 2023-11-06T09:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45657 www.secnews.physaphae.fr/article.php?IdArticle=8406573 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.]]> 2023-11-06T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28748 www.secnews.physaphae.fr/article.php?IdArticle=8406547 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45.]]> 2023-11-06T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33924 www.secnews.physaphae.fr/article.php?IdArticle=8406559 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0.]]> 2023-11-06T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35911 www.secnews.physaphae.fr/article.php?IdArticle=8406560 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.]]> 2023-11-06T09:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27605 www.secnews.physaphae.fr/article.php?IdArticle=8406546 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.]]> 2023-11-06T08:15:22+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28794 www.secnews.physaphae.fr/article.php?IdArticle=8406548 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47430 www.secnews.physaphae.fr/article.php?IdArticle=8406542 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47420 www.secnews.physaphae.fr/article.php?IdArticle=8406540 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4430 www.secnews.physaphae.fr/article.php?IdArticle=8406536 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47432 www.secnews.physaphae.fr/article.php?IdArticle=8406543 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47428 www.secnews.physaphae.fr/article.php?IdArticle=8406541 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46849 www.secnews.physaphae.fr/article.php?IdArticle=8406538 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45373 www.secnews.physaphae.fr/article.php?IdArticle=8406537 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.]]> 2023-11-06T08:15:21+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46860 www.secnews.physaphae.fr/article.php?IdArticle=8406539 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Samba\'s "rpcecho" development server, a non-Windows RPC server used to test Samba\'s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.]]> 2023-11-06T07:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42669 www.secnews.physaphae.fr/article.php?IdArticle=8406567 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.]]> 2023-11-06T06:15:41+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4699 www.secnews.physaphae.fr/article.php?IdArticle=8406584 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.]]> 2023-11-06T05:15:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4625 www.secnews.physaphae.fr/article.php?IdArticle=8406576 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484.]]> 2023-11-06T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25093 www.secnews.physaphae.fr/article.php?IdArticle=8406535 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483.]]> 2023-11-05T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25092 www.secnews.physaphae.fr/article.php?IdArticle=8406428 False Vulnerability None None CVE Liste - Common Vulnerability Exposure ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.]]> 2023-11-05T21:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-20187 www.secnews.physaphae.fr/article.php?IdArticle=8406427 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering.]]> 2023-11-05T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46964 www.secnews.physaphae.fr/article.php?IdArticle=8406137 False Vulnerability None None CVE Liste - Common Vulnerability Exposure SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.]]> 2023-11-05T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46981 www.secnews.physaphae.fr/article.php?IdArticle=8406138 False Vulnerability None None CVE Liste - Common Vulnerability Exposure kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().]]> 2023-11-04T23:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40922 www.secnews.physaphae.fr/article.php?IdArticle=8406020 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.]]> 2023-11-04T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35910 www.secnews.physaphae.fr/article.php?IdArticle=8405691 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.]]> 2023-11-04T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40215 www.secnews.physaphae.fr/article.php?IdArticle=8405693 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.]]> 2023-11-04T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32741 www.secnews.physaphae.fr/article.php?IdArticle=8405690 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.]]> 2023-11-04T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38391 www.secnews.physaphae.fr/article.php?IdArticle=8405692 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.]]> 2023-11-03T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36677 www.secnews.physaphae.fr/article.php?IdArticle=8405603 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.]]> 2023-11-03T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45189 www.secnews.physaphae.fr/article.php?IdArticle=8405604 False Vulnerability,Threat,Cloud None None CVE Liste - Common Vulnerability Exposure Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability]]> 2023-11-03T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41726 www.secnews.physaphae.fr/article.php?IdArticle=8405562 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability]]> 2023-11-03T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41725 www.secnews.physaphae.fr/article.php?IdArticle=8405561 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability]]> 2023-11-03T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43554 www.secnews.physaphae.fr/article.php?IdArticle=8405558 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability]]> 2023-11-03T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43555 www.secnews.physaphae.fr/article.php?IdArticle=8405559 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39301 www.secnews.physaphae.fr/article.php?IdArticle=8405473 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25800 www.secnews.physaphae.fr/article.php?IdArticle=8405466 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23368 www.secnews.physaphae.fr/article.php?IdArticle=8405463 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39299 www.secnews.physaphae.fr/article.php?IdArticle=8405472 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32121 www.secnews.physaphae.fr/article.php?IdArticle=8405468 False Spam,Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25700 www.secnews.physaphae.fr/article.php?IdArticle=8405465 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23369 www.secnews.physaphae.fr/article.php?IdArticle=8405464 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25990 www.secnews.physaphae.fr/article.php?IdArticle=8405467 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34179 www.secnews.physaphae.fr/article.php?IdArticle=8405470 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32508 www.secnews.physaphae.fr/article.php?IdArticle=8405469 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.]]> 2023-11-03T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36529 www.secnews.physaphae.fr/article.php?IdArticle=8405471 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2.]]> 2023-11-03T16:15:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46818 www.secnews.physaphae.fr/article.php?IdArticle=8405462 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26015 www.secnews.physaphae.fr/article.php?IdArticle=8405363 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25960 www.secnews.physaphae.fr/article.php?IdArticle=8405362 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47445 www.secnews.physaphae.fr/article.php?IdArticle=8405360 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46808 www.secnews.physaphae.fr/article.php?IdArticle=8405357 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.]]> 2023-11-03T13:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46859 www.secnews.physaphae.fr/article.php?IdArticle=8405358 False Vulnerability None None