Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
october vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43876
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an malicious user to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
Octobercms October 3.4.16
NA
CVE-2023-38831
RARLAB WinRAR prior to 6.23 allows malicious users to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name ...
Rarlab Winrar
63 Github repositories
3 Articles
NA
CVE-2022-41984
Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.
Intel Arc A750 Firmware -
Intel Arc A770 Firmware -
NA
CVE-2022-38973
Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access.
Intel Arc A750 Firmware -
Intel Arc A770 Firmware -
NA
CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Golang Networking
1 Github repository
NA
CVE-2023-37692
An arbitrary file upload vulnerability in October CMS v3.4.4 allows malicious users to execute arbitrary code via a crafted file.
Octobercms October 3.4.4
NA
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during exe...
Golang Go
3 Github repositories
NA
CVE-2023-24538
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the act...
Golang Go
2 Github repositories
NA
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStr...
Schneider-electric Clearscada
Schneider-electric Ecostruxure Geo Scada Expert 2019 -
Schneider-electric Ecostruxure Geo Scada Expert 2020 -
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8108.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8120.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8158.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8182.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8197.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8218.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8269.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8027.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7268.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7322.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7429.2
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7457.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7488.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7522.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7545.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7578.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7613.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7641.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7690.1
NA
CVE-2022-38396
HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and previous versions OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with...
Microsoft Windows 10 20h2 -
Microsoft Windows 10 1809 -
Microsoft Windows 10 1909 -
Microsoft Windows 10 1703 -
Microsoft Windows 10 1709 -
Microsoft Windows 10 1803 -
Microsoft Windows 10 2004 -
Microsoft Windows 10 1607 -
Microsoft Windows 10 1511 -
Microsoft Windows 10 1507 -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »