diff --git a/cache/NVD.dat b/cache/NVD.dat index 5e30765ba53..65ce3803225 100644 --- a/cache/NVD.dat +++ b/cache/NVD.dat @@ -119,3 +119,11 @@ ac78f62eb954822702ebb809d36559fd 7ac7db75f1d6efa4a1e5ef1e17310d3c 93a30f171133ad61e25d2170ff919175 e73fcab94a81816b2403bde465b34e5b +d180a520e938734ec2a15357cc3952dc +a97ea477c346e6ecb082f8ffcaa76da8 +5b6d7eb859ebe5065c9fa2568539c343 +420062f419187effc2e771cb2657311d +c9b755d9f9ddbb0fd8f420c630920222 +50632a4d89f102ff4fb7d135ede42249 +65f7a1d63bc7b89a3525598825bf0470 +4bb11a54a9622af003b091644b566cdb diff --git a/data/cves.db b/data/cves.db index fb850805a96..90e023c5f3b 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 9ea69294c6b..5356c2d9999 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -2275,6 +2275,14 @@

眈眈探求 | 详情 + + d180a520e938734ec2a15357cc3952dc + CVE-2023-5129 + 2023-09-25 21:15:16 + ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863. + 详情 + + b6280c6240f209cade713c64e689eb5e CVE-2023-5166 @@ -2307,6 +2315,14 @@

眈眈探求 | 详情 + + c9b755d9f9ddbb0fd8f420c630920222 + CVE-2023-4892 + 2023-09-25 16:15:15 + Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. + 详情 + + b8ca929b4f748ada648de22becc72696 CVE-2023-5154 @@ -2387,6 +2403,22 @@

眈眈探求 | 详情 + + 420062f419187effc2e771cb2657311d + CVE-2023-5002 + 2023-09-22 14:15:47 + A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. + 详情 + + + + a97ea477c346e6ecb082f8ffcaa76da8 + CVE-2023-5068 + 2023-09-21 23:15:13 + Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. + 详情 + + c4c8e6fad1208c422fb884063dc408dc CVE-2023-5104 @@ -2403,6 +2435,14 @@

眈眈探求 | 详情 + + 5b6d7eb859ebe5065c9fa2568539c343 + CVE-2023-5042 + 2023-09-20 12:15:12 + Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. + 详情 + + be01985caf3d13a706450396ccdce1b6 CVE-2023-5084 @@ -2411,6 +2451,14 @@

眈眈探求 | 详情 + + 50632a4d89f102ff4fb7d135ede42249 + CVE-2023-4853 + 2023-09-20 10:15:14 + A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. + 详情 + + 1d49a765844dd4af56f01d5405420162 CVE-2023-5063 @@ -2419,54 +2467,6 @@

眈眈探求 | 详情 - - d5f9b68a051c497fca8417eb1e6f4095 - CVE-2023-5062 - 2023-09-20 03:15:14 - The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 77fb68b61f9b45e5d5d973d9698f7d7d - CVE-2023-5054 - 2023-09-19 07:15:51 - The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer. - 详情 - - - - 6a35eb0ecc6baafa493f36c4ed2d4d16 - CVE-2023-5060 - 2023-09-19 03:15:08 - Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. - 详情 - - - - 49f0cb827c6d46a14d0a602569a05300 - CVE-2023-5036 - 2023-09-18 06:15:08 - Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. - 详情 - - - - 50824740e3199c2438bb8b113e7715df - CVE-2023-5034 - 2023-09-18 05:15:07 - A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239878 is the identifier assigned to this vulnerability. - 详情 - - - - ca4e394cdfce7bbd99ef580f958f01a5 - CVE-2023-5033 - 2023-09-18 05:15:07 - A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /admin/category/cate-edit-run.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239877 was assigned to this vulnerability. - 详情 - -