Month: May 2023

Schweitzer Engineering Laboratories Real-Time Automation Controller security bypass | CVE-2023-31152

May 12, 2023

NAME__________Schweitzer Engineering Laboratories Real-Time Automation Controller security bypassPlatforms Affected:Schweitzer Engineering Laboratories Real-Time Automation ControllerRisk Level:4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Schweitzer Engineering Laboratories Real-Time...

Chamilo LMS cross-site scripting | CVE-2023-31800

May 12, 2023

NAME__________Chamilo LMS cross-site scriptingPlatforms Affected:Chamilo Chamilo LMS 1.11.13Risk Level:5Exploitability:HighConsequences:Gain Access DESCRIPTION__________Chamilo LMS is vulnerable to cross-site scripting, caused by improper...

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31154

May 12, 2023

NAME__________Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scriptingPlatforms Affected:Schweitzer Engineering Laboratories Real-Time Automation ControllerRisk Level:4.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Schweitzer Engineering Laboratories Real-Time...

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31158

May 12, 2023

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31159

May 12, 2023

Chamilo LMS cross-site scripting | CVE-2023-31804

May 12, 2023

PTC Vuforia Studio directory traversal | CVE-2023-29502

May 12, 2023

NAME__________PTC Vuforia Studio directory traversalPlatforms Affected:PTC Vuforia Studio 9.8.0Risk Level:4.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________PTC Vuforia Studio could allow a remote authenticated attacker...

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31156

May 12, 2023

OpenStack Cinder, Glance_store, Nova and Os-brick information disclosure | CVE-2023-2088

May 12, 2023

NAME__________OpenStack Cinder, Glance_store, Nova and Os-brick information disclosurePlatforms Affected:OpenStack Nova 26.0.0 OpenStack Nova 27.0.0 OpenStack Cinder 21.0.0 OpenStack Cinder 22.0.0...

BBSpoiler Plugin for WordPress cross-site scripting | CVE-2023-23873

May 12, 2023

NAME__________BBSpoiler Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress BBSpoiler Plugin for WordPress 2.0.1Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________BBSpoiler Plugin for WordPress is vulnerable...

GitLab security bypass | CVE-2023-2181

May 12, 2023

NAME__________GitLab security bypassPlatforms Affected:GitLab Community Edition 15.10.6 GitLab Community Edition 15.11.2 GitLab Community Edition 15.9.7 GitLab Enterprise Edition 15.9.7 GitLab...

Vertical scroll recent post Plugin for WordPress cross-site scripting | CVE-2023-23862

May 12, 2023

NAME__________Vertical scroll recent post Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Vertical scroll recent post Plugin for WordPress 14.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation...

Enhanced WP Contact Form Plugin for WordPress cross-site scripting | CVE-2023-23812

May 12, 2023

NAME__________Enhanced WP Contact Form Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Enhanced WP Contact Form Plugin for WordPress 2.2.3Risk Level:5.9Exploitability:HighConsequences:Data Manipulation...

IBM WebSphere Application Server XML external entity injection | CVE-2023-27554

May 12, 2023

NAME__________IBM WebSphere Application Server XML external entity injectionPlatforms Affected:IBM WebSphere Application Server 8.5 IBM WebSphere Application Server 9.0Risk Level:6.3Exploitability:UnprovenConsequences:Obtain Information...

Schweitzer Engineering Laboratories Real-Time Automation Controller security bypass | CVE-2023-31161

May 12, 2023

NAME__________Schweitzer Engineering Laboratories Real-Time Automation Controller security bypassPlatforms Affected:Schweitzer Engineering Laboratories Real-Time Automation ControllerRisk Level:5.9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Schweitzer Engineering Laboratories Real-Time...

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31155

May 12, 2023

Palo Alto Networks PAN-OS cross-site scripting | CVE-2023-0007

May 12, 2023

NAME__________Palo Alto Networks PAN-OS cross-site scriptingPlatforms Affected:Palo Alto Networks PAN-OS 9.0.0 Palo Alto Networks PAN-OS 8.1 Palo Alto Networks PAN-OS...

VMware Aria Operations privilege escalation | CVE-2023-20879

May 12, 2023

NAME__________VMware Aria Operations privilege escalationPlatforms Affected:VMware Cloud Foundation 4.0 VMware Aria Operations 8.6 VMware Aria Operations 8.10 VMware Aria Operations...

Lost and Found Information System SQL injection | CVE-2023-2652

May 12, 2023

NAME__________Lost and Found Information System SQL injectionPlatforms Affected:Sourcecodester Lost and Found Information System 1.0Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Lost and Found Information...

Teltonika Remote Management System (RMS) information disclosure | CVE-2023-32346

May 12, 2023

NAME__________Teltonika Remote Management System (RMS) information disclosurePlatforms Affected:Teltonika Remote Management System 4.9.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Teltonika Remote Management System (RMS) could...

PTC Vuforia Studio information disclosure | CVE-2023-24476

May 12, 2023

NAME__________PTC Vuforia Studio information disclosurePlatforms Affected:PTC Vuforia Studio 9.8.0Risk Level:1.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________PTC Vuforia Studio could allow a local authenticated attacker...

VMware Aria Operations privilege escalation | CVE-2023-20878

May 12, 2023

NAME__________VMware Aria Operations privilege escalationPlatforms Affected:VMware Cloud Foundation 4.0 VMware Aria Operations 8.6 VMware Aria Operations 8.10 VMware Aria Operations...

in-toto security bypass | CVE-2023-32076

May 12, 2023

NAME__________in-toto security bypassPlatforms Affected:in-toto in-toto 1.4.0Risk Level:5.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________in-toto could allow a local authenticated attacker to bypass security restrictions, caused...

Rockwell Automation ThinManager information disclosure | CVE-2023-2443

May 12, 2023

NAME__________Rockwell Automation ThinManager information disclosurePlatforms Affected:Rockwell Automation ThinManager 13.0.0 Rockwell Automation ThinManager 13.0.1Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Rockwell Automation ThinManager could allow...

Month: May 2023

Schweitzer Engineering Laboratories Real-Time Automation Controller security bypass | CVE-2023-31152

Chamilo LMS cross-site scripting | CVE-2023-31800

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31154

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31158

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31159

Chamilo LMS cross-site scripting | CVE-2023-31804

PTC Vuforia Studio directory traversal | CVE-2023-29502

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31156

OpenStack Cinder, Glance_store, Nova and Os-brick information disclosure | CVE-2023-2088

BBSpoiler Plugin for WordPress cross-site scripting | CVE-2023-23873

GitLab security bypass | CVE-2023-2181

Vertical scroll recent post Plugin for WordPress cross-site scripting | CVE-2023-23862

Enhanced WP Contact Form Plugin for WordPress cross-site scripting | CVE-2023-23812

IBM WebSphere Application Server XML external entity injection | CVE-2023-27554

Schweitzer Engineering Laboratories Real-Time Automation Controller security bypass | CVE-2023-31161

Schweitzer Engineering Laboratories Real-Time Automation Controller cross-site scripting | CVE-2023-31155

Palo Alto Networks PAN-OS cross-site scripting | CVE-2023-0007

VMware Aria Operations privilege escalation | CVE-2023-20879

Lost and Found Information System SQL injection | CVE-2023-2652

Teltonika Remote Management System (RMS) information disclosure | CVE-2023-32346

PTC Vuforia Studio information disclosure | CVE-2023-24476

VMware Aria Operations privilege escalation | CVE-2023-20878

in-toto security bypass | CVE-2023-32076

Rockwell Automation ThinManager information disclosure | CVE-2023-2443

Fake Job Offers from CrowdStrike Used by Cybercriminals to Distribute Cryptominer

CISA: Microsoft Releases December 2024 Security Updates

CISA: Cisco Releases Security Updates for NX-OS Software

CISA: Ivanti Releases Security Updates for Multiple Products

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

You may have missed