895 items
Unread (4675) All Dismissed
CRITICAL
CVE-2023-25135 (CVSS 9.8) — vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a...
NVD CVE-2023-25135 1232d ago
CRITICAL
CVE-2023-23076 (CVSS 9.8) — OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating ne...
NVD CVE-2023-23076 1233d ago
CRITICAL
CVE-2023-22501 (CVSS 9.1) — An authentication vulnerability was discovered in Jira Service Management Server and Data Center whi...
NVD CVE-2023-22501 1233d ago
CRITICAL
CVE-2023-24997 (CVSS 9.8) — Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This iss...
NVD CVE-2023-24997 1234d ago
CRITICAL
CVE-2023-24241 (CVSS 9.8) — Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name p...
NVD CVE-2023-24241 1234d ago
CRITICAL
CVE-2023-23924 (CVSS 10) — Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsin...
NVD CVE-2023-23924 1234d ago
CRITICAL
CVE-2023-24163 (CVSS 9.8) — SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code...
NVD CVE-2023-24163 1234d ago
CRITICAL
CVE-2023-24162 (CVSS 9.8) — Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code vi...
NVD CVE-2023-24162 1234d ago
CRITICAL
CVE-2023-24612 (CVSS 9.8) — The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an op...
NVD CVE-2023-24612 1236d ago
CRITICAL
CVE-2023-24456 (CVSS 9.8) — Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on...
NVD CVE-2023-24456 1239d ago
CRITICAL
CVE-2023-24444 (CVSS 9.8) — Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
NVD CVE-2023-24444 1239d ago
CRITICAL
CVE-2023-24443 (CVSS 9.8) — Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent X...
NVD CVE-2023-24443 1239d ago
CRITICAL
CVE-2023-24441 (CVSS 9.8) — Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external en...
NVD CVE-2023-24441 1239d ago
CRITICAL
CVE-2023-24430 (CVSS 9.8) — Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML...
NVD CVE-2023-24430 1239d ago
CRITICAL
CVE-2023-24429 (CVSS 9.8) — Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/age...
NVD CVE-2023-24429 1239d ago
CRITICAL
CVE-2023-24427 (CVSS 9.8) — Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
NVD CVE-2023-24427 1239d ago
CRITICAL
CVE-2023-24170 (CVSS 9.8) — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.
NVD CVE-2023-24170 1239d ago
CRITICAL
CVE-2023-24169 (CVSS 9.8) — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.
NVD CVE-2023-24169 1239d ago
CRITICAL
CVE-2023-24167 (CVSS 9.8) — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.
NVD CVE-2023-24167 1239d ago
CRITICAL
CVE-2023-24166 (CVSS 9.8) — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.
NVD CVE-2023-24166 1239d ago
CRITICAL
CVE-2023-24165 (CVSS 9.8) — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.
NVD CVE-2023-24165 1239d ago
CRITICAL
CVE-2023-24164 (CVSS 9.8) — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.
NVD CVE-2023-24164 1239d ago
CRITICAL
CVE-2023-24022 (CVSS 10) — Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.1...
NVD CVE-2023-24022 1239d ago
CRITICAL
CVE-2023-22482 (CVSS 9) — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starti...
NVD CVE-2023-22482 1239d ago
CRITICAL
CVE-2023-23331 (CVSS 9.8) — Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.
NVD CVE-2023-23331 1242d ago
CRITICAL
CVE-2023-23560 (CVSS 9.8) — In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation...
NVD CVE-2023-23560 1242d ago
CRITICAL
CVE-2023-22884 (CVSS 9.8) — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in...
NVD CVE-2023-22884 1245d ago
CRITICAL
CVE-2023-24028 (CVSS 9.8) — In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the deca...
NVD CVE-2023-24028 1245d ago
CRITICAL
CVE-2023-23607 (CVSS 9.8) — erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file uplo...
NVD CVE-2023-23607 1245d ago
CRITICAL
CVE-2023-23489 (CVSS 9.8) — The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthent...
NVD CVE-2023-23489 1245d ago
CRITICAL
CVE-2023-23488 (CVSS 9.8) — The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL in...
NVD CVE-2023-23488 1245d ago
CRITICAL
CVE-2023-22964 (CVSS 9.1) — Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authenti...
NVD CVE-2023-22964 1245d ago
CRITICAL
CVE-2023-22741 (CVSS 9.8) — Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. I...
NVD CVE-2023-22741 1246d ago
CRITICAL
CVE-2023-22731 (CVSS 9.9) — Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig enviro...
NVD CVE-2023-22731 1248d ago
CRITICAL
CVE-2023-22727 (CVSS 9.8) — CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::...
NVD CVE-2023-22727 1248d ago
CRITICAL
CVE-2023-22357 (CVSS 9.8) — Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is no...
NVD CVE-2023-22357 1249d ago
CRITICAL
CVE-2023-22303 (CVSS 9.8) — TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authenticati...
NVD CVE-2023-22303 1249d ago
CRITICAL
CVE-2023-22279 (CVSS 9.8) — MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prio...
NVD CVE-2023-22279 1249d ago
CRITICAL
CVE-2023-22495 (CVSS 9.8) — Izanami is a shared configuration service well-suited for micro-service architecture implementation....
NVD CVE-2023-22495 1252d ago
CRITICAL
CVE-2023-23566 (CVSS 9.8) — A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassin...
NVD CVE-2023-23566 1253d ago
CRITICAL
CVE-2023-22601 (CVSS 10) — InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In...
NVD CVE-2023-22601 1253d ago
CRITICAL
CVE-2023-22600 (CVSS 10) — InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In...
NVD CVE-2023-22600 1253d ago
CRITICAL
CVE-2023-22903 (CVSS 9.8) — api/views/user.py in LibrePhotos before e19e539 has incorrect access control.
NVD CVE-2023-22903 1256d ago
CRITICAL
CVE-2023-22671 (CVSS 9.8) — Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided inpu...
NVD CVE-2023-22671 1260d ago
CRITICAL
CVE-2023-22463 (CVSS 9.8) — KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-cod...
NVD CVE-2023-22463 1261d ago
CRITICAL
CVE-2023-22457 (CVSS 9) — CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3...
NVD CVE-2023-22457 1262d ago
CRITICAL
CVE-2022-46393 (CVSS 9.8) — An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-ba...
NVD CVE-2022-46393 1281d ago
CRITICAL
CVE-2021-41556 (CVSS 10) — sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core ...
NVD CVE-2021-41556 1421d ago
CRITICAL
CVE-2022-35409 (CVSS 9.1) — An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an u...
NVD CVE-2022-35409 1435d ago
CRITICAL
CVE-2022-32511 (CVSS 9.8) — jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is p...
NVD CVE-2022-32511 1473d ago
CRITICAL NVD Fri, 03 Feb 2023 05:15:10 UTC
CVE-2023-25135 (CVSS 9.8) — vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a...
https://nvd.nist.gov/vuln/detail/CVE-2023-25135
TL;DR
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.
CVE-2023-25135
Read full story ↗