NA - CVE-2023-27258 - Missing authentication in the...
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
NA - CVE-2023-43360 - Cross Site Scripting vulnerability in...
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
NA - CVE-2023-39231 - PingFederate using the PingOne MFA adapter...
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to...
NA - CVE-2023-39740 - The leakage of the client secret in...
The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
NA - CVE-2023-41255 - The vulnerability allows an unprivileged user...
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file...
NA - CVE-2023-34056 - vCenter Server contains a partial information...
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.