Summary: Product Typora Vendor Typora Severity High Affected Versions Typora for Windows/Linux < 1.6.7 Tested Versions Typora for Windows 1.5.12, Typora for Linux 1.5.10 CVE Identifier CVE-2023-2317 CVE Description DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading “typora://app/typemark/updater/update....

Summary: Product MarkText Vendor MarkText Severity High Affected Versions MarkText <= 0.17.1 Tested Versions MarkText 0.17.1 CVE Identifier CVE-2023-2318 CVE Description DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText....

Summary: Product Typora Vendor Typora Severity Medium Affected Versions Typora for Windows/Linux < 1.7.0-dev Tested Versions Typora for Windows 1.6.7, Typora for Linux 1.6.6 CVE Identifier CVE-2023-2971 CVE Description Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via “typora://app/typemark/”....

Summary Product Razer CentralService Vendor Razer Severity High - Adversaries may exploit software vulnerabilities to obtain privilege escalation. Affected Versions Razer Central 7.11.0.558 and below Tested Versions Razer Central 7.8.0.381 to 7.11.0.558 CVE Identifier CVE-2023-3513 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) low User Interaction (UI) None Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Razer Synapse 3 is a software suite developed by Razer, a leading gaming hardware manufacturer....

Summary Product Razer CentralService Vendor Razer Severity High - Adversaries may exploit software vulnerabilities to obtain privilege escalation. Affected Versions Razer Central 7.11.0.558 and below Tested Versions Razer Central 7.8.0.381 to 7.11.0.558 CVE Identifier CVE-2023-3514 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) low User Interaction (UI) None Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Razer Synapse 3 is a software suite developed by Razer, a leading gaming hardware manufacturer....

Summary: Product Shopware Vendor Shopware AG Severity High - Users with login access to Shopware Admin panel may be able to obtain remote code/command execution Affected Versions v6.4.18.1 <= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4 (Commit facfc88) Tested Versions v6.4.20.0 (Latest stable version), v6.5.0.0-rc3 (Latest pre-release version) CVE Identifier CVE-2023-2017 CVE Description Server-side Template Injection (SSTI) in Shopware 6 (<= v6....

Summary Product Microsoft DirectMusic Vendor Microsoft Severity High Affected Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 Tested Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 CVE Identifier CVE-2022-44667 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) None User Interaction (UI) Required Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Microsoft DirectMusic Core Services DLL is a dynamic link library (DLL) that is part of the DirectMusic component of the DirectX multimedia API for Windows operating systems....