CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43640 – TaxonWorks SQL injection vulnerability
https://notcve.org/view.php?id=CVE-2023-43640
Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. • https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5134 – Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode
https://notcve.org/view.php?id=CVE-2023-5134
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. • https://plugins.trac.wordpress.org/browser/easy-registration-forms/tags/2.1.1/includes/class-user.php#L835 https://www.wordfence.com/threat-intel/vulnerabilities/id/562fe11f-36a0-4f23-9eed-50ada7ab2961?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42100 – Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42100
Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://www.zerodayinitiative.com/advisories/ZDI-23-1455 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 23%CPEs: 4EXPL: 2CVE-2023-43770 – Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-43770
Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages. • https://github.com/s3cb0y/CVE-2023-43770-POC https://github.com/knight0x07/CVE-2023-43770-PoC https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html https://roundcube.net/news/2023/09/15/security-update-1.6.3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38718 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38718
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261606 https://www.ibm.com/support/pages/node/7031619 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •