Latest security vulnerabilities

CVE-2023-35885 CVSS:0.0

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. (Last Update:2023-06-20) (Publish Update:2023-06-20)

CVE-2023-35884 CVSS:0.0

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions. (Last Update:2023-06-20) (Publish Update:2023-06-20)

CVE-2023-35882 CVSS:0.0

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions. (Last Update:2023-06-20) (Publish Update:2023-06-20)

CVE-2023-35878 CVSS:0.0

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <= 0.5 versions. (Last Update:2023-06-20) (Publish Update:2023-06-20)

CVE-2023-35866 CVSS:0.0

** DISPUTED ** In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker." (Last Update:2023-06-20) (Publish Update:2023-06-19)

CVE-2023-35862 CVSS:0.0

libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. (Last Update:2023-06-20) (Publish Update:2023-06-19)

CVE-2023-35857 CVSS:0.0

In Siren Investigate before 13.2.2, session keys remain active even after logging out. (Last Update:2023-06-20) (Publish Update:2023-06-19)

CVE-2023-35856 CVSS:0.0

A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet. (Last Update:2023-06-20) (Publish Update:2023-06-19)

CVE-2023-35855 CVSS:0.0

A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. (Last Update:2023-06-20) (Publish Update:2023-06-19)

CVE-2023-35854 CVSS:0.0

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. (Last Update:2023-06-20) (Publish Update:2023-06-20)

Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com