National Vulnerability Database – Page 12

CVE-2023-44141 (inkdrop)

Posted on October 30, 2023 by National Vulnerability Database

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. Continue reading CVE-2023-44141 (inkdrop)→

CVE-2023-46570 (radare2)

Posted on October 28, 2023 by National Vulnerability Database

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. Continue reading CVE-2023-46570 (radare2)→

CVE-2023-46569 (radare2)

Posted on October 28, 2023 by National Vulnerability Database

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. Continue reading CVE-2023-46569 (radare2)→

CVE-2023-43322 (nodegrid_os)

Posted on October 28, 2023 by National Vulnerability Database

ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. Continue reading CVE-2023-43322 (nodegrid_os)→

CVE-2023-46468 (cms)

Posted on October 28, 2023 by National Vulnerability Database

An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. Continue reading CVE-2023-46468 (cms)→

CVE-2023-40137 (android)

Posted on October 27, 2023 by National Vulnerability Database

In multiple functions of DialogFillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed f… Continue reading CVE-2023-40137 (android)→

CVE-2023-40136 (android)

Posted on October 27, 2023 by National Vulnerability Database

In setHeader of DialogFillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploi… Continue reading CVE-2023-40136 (android)→

CVE-2023-46209 (grid-plus)

Posted on October 27, 2023 by National Vulnerability Database

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus â€“ Unlimited grid plugin <=Â 1.3.2 versions. Continue reading CVE-2023-46209 (grid-plus)→

CVE-2023-46208 (motors_-_car_dealer,_classifieds_&_listing)

Posted on October 27, 2023 by National Vulnerability Database

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors â€“ Car Dealer, Classifieds & Listing plugin <=Â 1.4.6 versions. Continue reading CVE-2023-46208 (motors_-_car_dealer,_classifieds_&_listing)→

CVE-2023-40131 (android)

Posted on October 27, 2023 by National Vulnerability Database

In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-40131 (android)→