Security Vulnerabilities - CVEs Published In December 2023
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-12-29
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-12-29
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-12-29
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file
CVSS Score
4.0
EPSS Score
0.0
Published
2023-12-29
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file
CVSS Score
7.3
EPSS Score
0.0
Published
2023-12-29
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-29
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-12-29
A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-12-29
A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability.
CVSS Score
2.4
EPSS Score
0.001
Published
2023-12-29
ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-12-29