5.1
CVE-2023-53876 - Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScβ¦
7.5
CVE-2023-53875 - GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server inβ¦
6.7
CVE-2023-53874 - GOM Player 2.3.90.5360 Buffer Overflow via Equalizer Preset Name
GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.
8.7
CVE-2023-53873 - SyncBreeze 15.2.24 Denial of Service via Login Endpoint Overflow
SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially disrupt service availabβ¦
9.3
CVE-2023-53872 - Wp2Fac 1.0 OS Command Injection via send.php Endpoint
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.
6.9
CVE-2023-53871 - Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic
Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.
5.1
CVE-2023-53870 - Jorani 1.0.3 Cross-Site Scripting Vulnerability via Language Parameter
Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.
8.7
CVE-2023-53869 - WEBIGniter 28.7.23 Unrestricted File Upload Remote Code Execution
WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.
8.7
CVE-2023-53868 - Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploβ¦
1
CVE-2025-64725 - Weblate has improper validation upon invitation acceptance
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.