Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
october vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-43876
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an malicious user to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
Octobercms October 3.4.16
7.8
CVSSv3
CVE-2023-38831
RARLAB WinRAR prior to 6.23 allows malicious users to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name ...
Rarlab Winrar
65 Github repositories
4 Articles
4.4
CVSSv3
CVE-2022-41984
Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.
Intel Arc A750 Firmware -
Intel Arc A770 Firmware -
7.1
CVSSv3
CVE-2022-38973
Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access.
Intel Arc A750 Firmware -
Intel Arc A770 Firmware -
6.1
CVSSv3
CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Golang Networking
1 Github repository
5.4
CVSSv3
CVE-2023-37692
An arbitrary file upload vulnerability in October CMS v3.4.4 allows malicious users to execute arbitrary code via a crafted file.
Octobercms October 3.4.4
9.8
CVSSv3
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during exe...
Golang Go
3 Github repositories
9.8
CVSSv3
CVE-2023-24538
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the act...
Golang Go
2 Github repositories
5.3
CVSSv3
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStr...
Schneider-electric Clearscada
Schneider-electric Ecostruxure Geo Scada Expert 2019 -
Schneider-electric Ecostruxure Geo Scada Expert 2020 -
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8108.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8120.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8158.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8182.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8197.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8218.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8269.1
Schneider-electric Ecostruxure Geo Scada Expert 2021 84.8027.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7268.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7322.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7429.2
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7457.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7488.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7522.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7545.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7578.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7613.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7641.1
Schneider-electric Ecostruxure Geo Scada Expert 2019 81.7690.1
7.8
CVSSv3
CVE-2022-38396
HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and previous versions OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with...
Microsoft Windows 10 20h2 -
Microsoft Windows 10 1809 -
Microsoft Windows 10 1909 -
Microsoft Windows 10 1703 -
Microsoft Windows 10 1709 -
Microsoft Windows 10 1803 -
Microsoft Windows 10 2004 -
Microsoft Windows 10 1607 -
Microsoft Windows 10 1511 -
Microsoft Windows 10 1507 -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »
Vulmon