US-CERT Vulnerability Summary for the Week of June 5, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wordpress — wordpressA vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651.2023-06-049.8CVE-2015-10111
MISC
MISC
MISC
wordpress — wordpressThe User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default.2023-06-039.8CVE-2023-2781
MISC
MISC
MISC
MISC
wddgroup — fantsyWade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service.2023-06-029.8CVE-2023-28698
MISC
elite — webfaxELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.2023-06-029.8CVE-2023-28701
MISC
thethaiger — the_thaigerAn issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.2023-06-029.8CVE-2023-29746
MISC
MISC
MISC
MISC
erikogluteknoloji — energy_monitoringImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602.2023-06-029.8CVE-2023-3000
MISC
iuok — yfcmf-tp6A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability.2023-06-029.8CVE-2023-3056
MISC
MISC
MISC
iuok — yfcmf-tp6A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: ‘../filedir’. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.2023-06-029.8CVE-2023-3057
MISC
MISC
MISC
online_exam_form_submission_project — online_exam_form_submissionA vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.2023-06-029.8CVE-2023-3059
MISC
MISC
MISC
hitrontech — coda-5310_firmwareHitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.2023-06-029.8CVE-2023-30603
MISC
hitrontech — coda-5310_firmwareIt is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service.2023-06-029.8CVE-2023-30604
MISC
agro-school_management_system_project — agro-school_management_systemA vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567.2023-06-029.8CVE-2023-3061
MISC
MISC
MISC
agro-school_management_system_project — agro-school_management_systemA vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568.2023-06-029.8CVE-2023-3062
MISC
MISC
MISC
retro_cellphone_online_store_project — retro_cellphone_online_storeA vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230580.2023-06-029.8CVE-2023-3068
MISC
MISC
MISC
corebos — corebosUnverified Password Change in GitHub repository tsolucio/corebos prior to 8.2023-06-029.8CVE-2023-3069
MISC
CONFIRM
agro-school_management_system_project — agro-school_management_systemA vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btn_functions.php. The manipulation of the argument question_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230670 is the identifier assigned to this vulnerability.2023-06-049.8CVE-2023-3094
MISC
MISC
MISC
marsctf_project — marsctfMarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background.2023-06-059.8CVE-2023-33386
MISC
MISC
tenda — ac8_firmwareTenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.2023-06-029.8CVE-2023-33669
MISC
tenda — ac8_firmwareTenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function.2023-06-029.8CVE-2023-33670
MISC
tenda — ac8_firmwareTenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.2023-06-029.8CVE-2023-33671
MISC
tenda — ac8_firmwareTenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.2023-06-029.8CVE-2023-33673
MISC
tenda — ac8_firmwareTenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function.2023-06-029.8CVE-2023-33675
MISC
simpleredak — simpleredakeMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter.2023-06-029.8CVE-2023-33762
MISC
xfinity — comcast_defined_technologies_microeisbssAn issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation..2023-06-029CVE-2022-45938
MISC
MISC
teampass — teampassCross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-06-039CVE-2023-3086
CONFIRM
MISC
wordpress — wordpressA vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The name of the patch is b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability.2023-06-048.8CVE-2013-10027
MISC
MISC
MISC
sguda — u-lock_firmwareSGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks.2023-06-028.8CVE-2022-46307
MISC
sguda — u-lock_firmwareSGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.2023-06-028.8CVE-2022-46308
MISC
ibm — security_guardiumIBM Security Guardium 11.5 could allow a user to take over another user’s session due to insufficient session expiration. IBM X-Force ID: 243657.2023-06-058.8CVE-2023-0041
MISC
MISC
mozilla — firefox_esrAn attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-028.8CVE-2023-0767
MISC
MISC
MISC
MISC
connect_line — mbconnect24
 
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz’ myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.2023-06-068.8CVE-2023-0985
MISC
wordpress — wordpressThe Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-028.8CVE-2023-2201
MISC
MISC
mozilla — firefoxMozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.2023-06-028.8CVE-2023-23605
MISC
MISC
MISC
MISC
mozilla — firefoxMozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109.2023-06-028.8CVE-2023-23606
MISC
MISC
mozilla — firefox_esrPermission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-028.8CVE-2023-25729
MISC
MISC
MISC
MISC
mozilla — firefoxDue to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.2023-06-028.8CVE-2023-25731
MISC
MISC
mozilla — firefox_esrWhen encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-028.8CVE-2023-25732
MISC
MISC
MISC
MISC
mozilla — firefox_esrCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-028.8CVE-2023-25735
MISC
MISC
MISC
MISC
mozilla — firefox_esrAn invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-028.8CVE-2023-25737
MISC
MISC
MISC
MISC
mozilla — firefox_esrModule load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-028.8CVE-2023-25739
MISC
MISC
MISC
MISC
mozilla — firefoxAfter downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110.2023-06-028.8CVE-2023-25740
MISC
MISC
mozilla — firefox_esrMozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.2023-06-028.8CVE-2023-25744
MISC
MISC
MISC
mozilla — firefoxMozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110.2023-06-028.8CVE-2023-25745
MISC
MISC
mozilla — firefox_esrMozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.2023-06-028.8CVE-2023-25746
MISC
MISC
MISC
southrivertech — titan_ftp_server_nextgenAn issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server.2023-06-028.8CVE-2023-27745
MISC
MISC
mozilla — firefoxIf temporary “one-time” permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111.2023-06-028.8CVE-2023-28161
MISC
MISC
mozilla — firefoxWhile implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.2023-06-028.8CVE-2023-28162
MISC
MISC
MISC
MISC
mozilla — firefoxMozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.2023-06-028.8CVE-2023-28176
MISC
MISC
MISC
MISC
mozilla — firefoxMozilla developers and community members Calixte Denizet, Gabriele Svelto, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111.2023-06-028.8CVE-2023-28177
MISC
MISC
wddgroup — fantasyWade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service.2023-06-028.8CVE-2023-28699
MISC
asus — rt-ac86u_firmwareASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.2023-06-028.8CVE-2023-28702
MISC
furbo — dog_camera_firmwareFurbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.2023-06-028.8CVE-2023-28704
MISC
mozilla — thunderbirdAn attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.2023-06-028.8CVE-2023-29536
MISC
MISC
MISC
MISC
mozilla — thunderbirdFirefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.2023-06-028.8CVE-2023-29541
MISC
MISC
MISC
MISC
mozilla — focusAn attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object’s debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.2023-06-028.8CVE-2023-29543
MISC
MISC
mozilla — thunderbirdMozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.2023-06-028.8CVE-2023-29550
MISC
MISC
MISC
MISC
mozilla — focusMozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.2023-06-028.8CVE-2023-29551
MISC
MISC
mobatime — mobatime_web_applicationUnrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22.2023-06-028.8CVE-2023-3032
MISC
mobatime — mobatime_web_applicationIncorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.2023-06-028.8CVE-2023-3033
MISC
wordpress — wordpressThe Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the ‘azh_add_post’, ‘azh_duplicate_post’, ‘azh_update_post’ and ‘azh_remove_post’ functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-038.8CVE-2023-3052
MISC
MISC
MISC
MISC
MISC
MISC
service_provider_management_system_project — service_provider_management_systemA vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230798 is the identifier assigned to this vulnerability.2023-06-068.8CVE-2023-3119
MISC
MISC
MISC
mozilla — firefoxWhen reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.2023-06-028.8CVE-2023-32213
MISC
MISC
MISC
MISC
mozilla — firefoxMozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.2023-06-028.8CVE-2023-32215
MISC
MISC
MISC
MISC
minical — minicalMinical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.2023-06-058.8CVE-2023-33410
MISC
MISC
teampass — teampassCross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-06-038.7CVE-2023-3083
MISC
CONFIRM
mozilla — firefoxAfter downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-028.1CVE-2023-25734
MISC
MISC
MISC
MISC
MISC
MISC
MISC
teampass — teampassCross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-06-038.1CVE-2023-3084
MISC
CONFIRM
qualcomm — csr8811_firmwareMemory corruption in Linux Networking due to double free while handling a hyp-assign.2023-06-067.8CVE-2022-40522
MISC
qualcomm — aqt1000_firmwareMemory corruption due to improper access control in kernel while processing a mapping request from root process.2023-06-067.8CVE-2022-40529
MISC
google — androidIn telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-06-067.8CVE-2022-48390
MISC
google — androidIn dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-06-067.8CVE-2022-48392
MISC
qualcomm — apq8017_firmwareMemory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.2023-06-067.8CVE-2023-21628
MISC
qualcomm — apq8064au_firmwareMemory corruption in Automotive GPU while querying a gsl memory node.2023-06-067.8CVE-2023-21632
MISC
qualcomm — ar8035_firmwareMemory corruption in WLAN HOST while receiving an WMI event from firmware.2023-06-067.8CVE-2023-21656
MISC
qualcomm — csra6620_firmwareMemoru corruption in Audio when ADSP sends input during record use case.2023-06-067.8CVE-2023-21657
MISC
qualcomm — 315_5g_iot_modem_firmwareMemory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.2023-06-067.8CVE-2023-21670
MISC
ibm — aspera_cargoIBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625.2023-06-057.8CVE-2023-27285
MISC
MISC
southrivertech — titan_ftp_server_nextgenAn issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.2023-06-027.8CVE-2023-27744
MISC
MISC
bt21_x_bts_wallpaper_project — bt21_x_bts_wallpaperThe BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user’s personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.2023-06-027.8CVE-2023-29724
MISC
MISC
MISC
google — androidIn Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-06-067.8CVE-2023-30863
MISC
google — androidIn Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-06-067.8CVE-2023-30864
MISC
linux — linux_kernelA use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().2023-06-057.8CVE-2023-3111
MISC
reportlab — reportlabReportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.2023-06-057.8CVE-2023-33733
MISC
emlog — emlog*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.2023-06-057.5CVE-2020-19028
MISC
MISC
qualcomm — 315_5g_iot_modem_firmwareTransient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.2023-06-067.5CVE-2022-40536
MISC
qualcomm — ar8035_firmwareTransient DOS due to reachable assertion in modem while processing sib with incorrect values from network.2023-06-067.5CVE-2022-40538
MISC
qualcomm — ar8035_firmwareTransient DOS in WLAN Firmware while processing the received beacon or probe response frame.2023-06-067.5CVE-2023-21658
MISC
qualcomm — 315_5g_iot_modem_firmwareTransient DOS in WLAN Firmware while processing frames with missing header fields.2023-06-067.5CVE-2023-21659
MISC
qualcomm — csr8811_firmwareTransient DOS in WLAN Firmware while parsing FT Information Elements.2023-06-067.5CVE-2023-21660
MISC
qualcomm — ar8035_firmwareTransient DOS while parsing WLAN beacon or probe-response frame.2023-06-067.5CVE-2023-21661
MISC
qualcomm — aqt1000_firmwareInformation Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.2023-06-067.5CVE-2023-21669
MISC
ibm — aspera_cargoIBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107.2023-06-057.5CVE-2023-22862
MISC
MISC
mozilla — firefox_focusA lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.2023-06-027.5CVE-2023-25743
MISC
MISC
MISC
mozilla — focusMultiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.2023-06-027.5CVE-2023-29537
MISC
MISC
MISC
MISC
hitrontech — coda-5310_firmwareHitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator.2023-06-027.5CVE-2023-30602
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-06-037.5CVE-2023-33143
MISC
tenda — ac8_firmwareTenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.2023-06-027.5CVE-2023-33672
MISC
harbingergroup — office_playerOfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL.2023-06-057.5CVE-2023-34407
MISC
microsoft — officeMicrosoft Office Remote Code Execution Vulnerability2023-06-057.3CVE-2023-29344
MISC
hitrontech — coda-5310_firmwareHitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.2023-06-027.2CVE-2022-47616
MISC
hitrontech — coda-5310_firmwareHitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption.2023-06-027.2CVE-2022-47617
MISC
asus — rt-ac86u_firmwareASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.2023-06-027.2CVE-2023-28703
MISC
service_provider_management_system_project — service_provider_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799.2023-06-067.2CVE-2023-3120
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
itpison — omicard_edmOMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.2023-06-026.8CVE-2023-28700
MISC
linuxfoundation — iot-yoctoIn wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796914; Issue ID: ALPS07796914.2023-06-066.7CVE-2023-20712
MISC
linuxfoundation — iot-yoctoIn wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900.2023-06-066.7CVE-2023-20715
MISC
linuxfoundation — iot-yoctoIn wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID: ALPS07796883.2023-06-066.7CVE-2023-20716
MISC
google — androidIn Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845.2023-06-066.7CVE-2023-20723
MISC
google — androidIn Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841.2023-06-066.7CVE-2023-20724
MISC
rdkcentral — rdk-bIn preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).2023-06-066.7CVE-2023-20725
MISC
linuxfoundation — yoctoIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480.2023-06-066.7CVE-2023-20732
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149.2023-06-066.7CVE-2023-20733
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645184.2023-06-066.7CVE-2023-20734
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.2023-06-066.7CVE-2023-20735
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167.2023-06-066.7CVE-2023-20737
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173.2023-06-066.7CVE-2023-20738
MISC
google — androidIn vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559819.2023-06-066.7CVE-2023-20739
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559840.2023-06-066.7CVE-2023-20740
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142.2023-06-066.7CVE-2023-20743
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200.2023-06-066.7CVE-2023-20744
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.2023-06-066.7CVE-2023-20745
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.2023-06-066.7CVE-2023-20746
MISC
google — androidIn swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926.2023-06-066.7CVE-2023-20749
MISC
google — androidIn keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502.2023-06-066.7CVE-2023-20751
MISC
google — androidIn keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586.2023-06-066.7CVE-2023-20752
MISC
mozilla — thunderbirdCertificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.2023-06-026.5CVE-2023-0430
MISC
MISC
mozilla — thunderbirdOCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.2023-06-026.5CVE-2023-0547
MISC
MISC
mozilla — thunderbirdIf a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird’s user interface to lock up and no longer respond to the user’s actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.2023-06-026.5CVE-2023-0616
MISC
MISC
mozilla — thunderbirdUnexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.2023-06-026.5CVE-2023-1945
MISC
MISC
MISC
mozilla — firefoxA compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.2023-06-026.5CVE-2023-23597
MISC
MISC
mozilla — firefoxDue to the Firefox GTK wrapper code’s use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.2023-06-026.5CVE-2023-23598
MISC
MISC
MISC
MISC
mozilla — firefoxWhen copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.2023-06-026.5CVE-2023-23599
MISC
MISC
MISC
MISC
mozilla — firefoxPer origin notification permissions were being stored in a way that didn’t take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 109.2023-06-026.5CVE-2023-23600
MISC
MISC
mozilla — firefoxNavigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.2023-06-026.5CVE-2023-23601
MISC
MISC
MISC
MISC
mozilla — firefoxA mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.2023-06-026.5CVE-2023-23602
MISC
MISC
MISC
MISC
mozilla — firefoxRegular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren’t accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.2023-06-026.5CVE-2023-23603
MISC
MISC
MISC
MISC
mozilla — firefoxA duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.2023-06-026.5CVE-2023-23604
MISC
MISC
mozilla — firefox_esrThe <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe’s unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-026.5CVE-2023-25728
MISC
MISC
MISC
MISC
mozilla — firefoxMembers of the <code>DEVMODEW</code> struct set by the printer device driver weren’t being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-026.5CVE-2023-25738
MISC
MISC
MISC
MISC
mozilla — firefoxWhen dragging and dropping an image cross-origin, the image’s size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110.2023-06-026.5CVE-2023-25741
MISC
MISC
MISC
MISC
mozilla — firefox_esrWhen importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-026.5CVE-2023-25742
MISC
MISC
MISC
MISC
mozilla — firefoxSometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.2023-06-026.5CVE-2023-25751
MISC
MISC
MISC
MISC
mozilla — firefoxWhen accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.2023-06-026.5CVE-2023-25752
MISC
MISC
MISC
MISC
mozilla — firefoxWhen following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111.2023-06-026.5CVE-2023-28160
MISC
MISC
mozilla — firefoxWhen downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.2023-06-026.5CVE-2023-28163
MISC
MISC
MISC
MISC
mozilla — firefoxDragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.2023-06-026.5CVE-2023-28164
MISC
MISC
MISC
MISC
mozilla — thunderbirdA website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.2023-06-026.5CVE-2023-29533
MISC
MISC
MISC
MISC
MISC
mozilla — thunderbirdFollowing a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.2023-06-026.5CVE-2023-29535
MISC
MISC
MISC
MISC
mozilla — thunderbirdWhen handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.2023-06-026.5CVE-2023-29539
MISC
MISC
MISC
MISC
mozilla — focusIf multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.2023-06-026.5CVE-2023-29544
MISC
MISC
mozilla — focusWhen a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.2023-06-026.5CVE-2023-29547
MISC
MISC
mozilla — thunderbirdA wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.2023-06-026.5CVE-2023-29548
MISC
MISC
MISC
MISC
mozilla — focusUnder certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.2023-06-026.5CVE-2023-29549
MISC
MISC
corebos — corebosCross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8.2023-06-026.5CVE-2023-3075
CONFIRM
MISC
teampass — teampassImproper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-06-046.5CVE-2023-3095
CONFIRM
MISC
mozilla — firefoxIn multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.2023-06-026.5CVE-2023-32205
MISC
MISC
MISC
MISC
MISC
mozilla — firefoxAn out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.2023-06-026.5CVE-2023-32206
MISC
MISC
MISC
MISC
mozilla — firefoxA missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.2023-06-026.5CVE-2023-32207
MISC
MISC
MISC
MISC
mozilla — firefoxA type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.2023-06-026.5CVE-2023-32211
MISC
MISC
MISC
MISC
minical — minicalMinical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.2023-06-056.5CVE-2023-33409
MISC
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189.2023-06-066.4CVE-2023-20736
MISC
wordpress — wordpressA vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660.2023-06-046.1CVE-2013-10028
MISC
MISC
MISC
wordpress — wordpressA vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The name of the patch is 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659.2023-06-056.1CVE-2014-125105
MISC
MISC
MISC
MISC
wordpress — wordpressA vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392.2023-06-026.1CVE-2015-10110
MISC
MISC
MISC
wordpress — wordpressA vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability.2023-06-056.1CVE-2015-10113
MISC
MISC
MISC
wordpress — wordpressA vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability.2023-06-056.1CVE-2015-10114
MISC
MISC
MISC
wordpress — wordpressThe Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘business_id’ parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-036.1CVE-2023-2298
MISC
MISC
MISC
vcita — contact_form_builder_by_vcitaThe Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-036.1CVE-2023-2301
MISC
MISC
MISC
vcita — contact_form_and_calls_to_action_by_vcitaThe Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-036.1CVE-2023-2303
MISC
MISC
MISC
wordpress — wordpressThe ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-056.1CVE-2023-2337
MISC
wordpress — wordpressThe Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-056.1CVE-2023-2472
MISC
wordpress — wordpressThe Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-056.1CVE-2023-2488
MISC
wordpress — wordpressThe WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search’ parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-026.1CVE-2023-2835
MISC
MISC
MISC
openfind — mail2000Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.2023-06-026.1CVE-2023-28705
MISC
microsoft — microsoft_edge
 
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-06-076.1CVE-2023-29345
MISC
mozilla — focusUsing a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.2023-06-026.1CVE-2023-29540
MISC
MISC
gitpod — gitpodGitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).2023-06-056.1CVE-2023-32766
MISC
MISC
MISC
MISC
MISC
MISC
escanav — escan_management_consoleReflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.2023-06-026.1CVE-2023-33731
MISC
MISC
simpleredak — simpleredakeMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php.2023-06-026.1CVE-2023-33761
MISC
simpleredak — simpleredakeMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php.2023-06-026.1CVE-2023-33763
MISC
ibm — maximo_application_suiteIBM Maximo Application Suite – Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208.2023-06-055.9CVE-2023-27861
MISC
MISC
status — powerbpmIt is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.2023-06-025.7CVE-2023-25780
MISC
qualcomm — 9205_lte_modem_firmwareInformation disclosure in Kernel due to indirect branch misprediction.2023-06-065.5CVE-2022-40523
MISC
qualcomm — csr8811_firmwareInformation disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.2023-06-065.5CVE-2022-40525
MISC
qualcomm — csra6620_firmwareTransient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.2023-06-065.5CVE-2022-40533
MISC
google — androidIn telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48391
MISC
google — androidIn dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48440
MISC
google — androidIn dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48441
MISC
google — androidIn dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48442
MISC
google — androidIn telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48443
MISC
google — androidIn telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48444
MISC
google — androidIn telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48445
MISC
google — androidIn telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48446
MISC
google — androidIn telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48447
MISC
google — androidIn telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-06-065.5CVE-2022-48448
MISC
arm — valhall_gpu_kernel_driverAn issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm’s GPU Architecture Gen5 r41p0 through r42p0 before r43p0.2023-06-025.5CVE-2023-28147
MISC
arm — avalon_gpu_kernel_driverAn issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm’s GPU Architecture Gen5 r41p0 through r42p0 before r43p0.2023-06-025.5CVE-2023-28469
MISC
bt21_x_bts_wallpaper_project — bt21_x_bts_wallpaperThe BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user’s personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.2023-06-025.5CVE-2023-29725
MISC
MISC
MISC
MISC
google — androidIn dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-06-065.5CVE-2023-30865
MISC
google — androidIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-06-065.5CVE-2023-30866
MISC
google — androidIn email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-06-065.5CVE-2023-30914
MISC
google — androidIn email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-06-065.5CVE-2023-30915
MISC
mp4v2_project — mp4v2mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes()2023-06-025.5CVE-2023-33717
MISC
MISC
wordpress — wordpressThe Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ’email’ parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-035.4CVE-2023-2300
MISC
MISC
MISC
wordpress — wordpressThe Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ’email’ parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-035.4CVE-2023-2302
MISC
MISC
MISC
mozilla — firefox_esrA background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.2023-06-025.4CVE-2023-25730
MISC
MISC
MISC
MISC
wordpress — wordpressThe Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘azh_post’ shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-035.4CVE-2023-3051
MISC
MISC
MISC
07fly — customer_relationship_managementA vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560.2023-06-025.4CVE-2023-3058
MISC
MISC
MISC
agro-school_management_system_project — agro-school_management_systemA vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability.2023-06-025.4CVE-2023-3060
MISC
MISC
MISC
trilium_project — triliumCross-site Scripting (XSS) – Stored in GitHub repository zadam/trilium prior to 0.59.4.2023-06-025.4CVE-2023-3067
MISC
CONFIRM
corebos — corebosCross-site Scripting (XSS) – Stored in GitHub repository tsolucio/corebos prior to 8.2023-06-025.4CVE-2023-3070
CONFIRM
MISC
tsolucio — corebosCross-site Scripting (XSS) – Stored in GitHub repository tsolucio/corebos prior to 8.2023-06-025.4CVE-2023-3071
MISC
CONFIRM
corebos — corebosCross-site Scripting (XSS) – Stored in GitHub repository tsolucio/corebos prior to 8.2023-06-025.4CVE-2023-3073
MISC
CONFIRM
corebos — corebosCross-site Scripting (XSS) – Stored in GitHub repository tsolucio/corebos prior to 8.2023-06-025.4CVE-2023-3074
CONFIRM
MISC
admidio — admidioCross-site Scripting (XSS) – Stored in GitHub repository admidio/admidio prior to 4.2.8.2023-06-055.4CVE-2023-3109
CONFIRM
MISC
minical — minicalMinical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application’s user input handling in the security_helper.php file.2023-06-055.4CVE-2023-33408
MISC
MISC
dokuwiki — dokuwikiDokuWiki before 2023-04-04a allows XSS via RSS titles.2023-06-055.4CVE-2023-34408
MISC
MISC
MISC
MISC
wordpress — wordpressThe Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin’s settings.2023-06-035.3CVE-2023-2299
MISC
MISC
MISC
mozilla — focusUnder specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user’s machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.2023-06-025.3CVE-2023-29538
MISC
MISC
ibm — maximo_asset_managementIBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.2023-06-055.3CVE-2023-32334
MISC
MISC
MISC
advent — tamale_rmsAdvent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app.2023-06-055.3CVE-2023-33524
MISC
MISC
MISC
wordpress — wordpressThe Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-024.8CVE-2023-1159
MISC
MISC
wordpress — wordpressThe SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-06-054.8CVE-2023-2224
MISC
wordpress — wordpressThe Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-054.8CVE-2023-2489
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions.2023-06-034.8CVE-2023-32582
MISC
google — androidIn cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-06-064.4CVE-2022-48438
MISC
google — androidIn cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-06-064.4CVE-2022-48439
MISC
linuxfoundation — yoctoIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531.2023-06-064.4CVE-2023-20727
MISC
linuxfoundation — yoctoIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.2023-06-064.4CVE-2023-20728
MISC
linuxfoundation — yoctoIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575.2023-06-064.4CVE-2023-20729
MISC
linuxfoundation — yoctoIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573552.2023-06-064.4CVE-2023-20730
MISC
linuxfoundation — yoctoIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495.2023-06-064.4CVE-2023-20731
MISC
google — androidIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628606.2023-06-064.4CVE-2023-20741
MISC
google — androidIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628540.2023-06-064.4CVE-2023-20742
MISC
linuxfoundation — iot-yoctoIn vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.2023-06-064.4CVE-2023-20747
MISC
wordpress — wordpressThe VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST ‘update_vk_blocks_options’ function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons.2023-06-034.3CVE-2023-0583
MISC
MISC
wordpress — wordpressThe VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST ‘update_options’ function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the ‘vk_font_awesome_version’ option to an arbitrary value.2023-06-034.3CVE-2023-0584
MISC
MISC
mb_connect_line — mbconnect24
 
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz’ myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.2023-06-064.3CVE-2023-1779
MISC
mozilla — firefoxBy displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111.2023-06-024.3CVE-2023-25748
MISC
MISC
mozilla — firefoxAndroid applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. <br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111.2023-06-024.3CVE-2023-25749
MISC
MISC
mozilla — firefoxUnder certain circumstances, a ServiceWorker’s offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.2023-06-024.3CVE-2023-25750
MISC
MISC
mozilla — firefoxThe fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111.2023-06-024.3CVE-2023-28159
MISC
MISC
wordpress — wordpressThe Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘azh_add_post’ function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.2023-06-034.3CVE-2023-3053
MISC
MISC
MISC
wordpress — wordpressThe Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the ‘azh_save’ function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-034.3CVE-2023-3055
MISC
MISC
mozilla — firefoxAn attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.2023-06-024.3CVE-2023-32212
MISC
MISC
MISC
MISC
google — androidIn swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928.2023-06-064.1CVE-2023-20750
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
silabs — gecko_software_development_kitBuffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.2023-06-023.3CVE-2023-2687
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wordpress — wordpress
 
A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671.2023-06-05not yet calculatedCVE-2013-10029
MISC
MISC
MISC
wordpress — wordpressA vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672.2023-06-05not yet calculatedCVE-2013-10030
MISC
MISC
MISC
wordpress — wordpressA vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652.2023-06-05not yet calculatedCVE-2015-10112
MISC
MISC
MISC
wordpress — wordpressA vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655.2023-06-05not yet calculatedCVE-2015-10115
MISC
MISC
MISC
wordpress — wordpressA vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability.2023-06-06not yet calculatedCVE-2015-10116
MISC
MISC
MISC
wordpress — wordpressA vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664.2023-06-06not yet calculatedCVE-2015-10117
MISC
MISC
MISC
MISC
wordpress — wordpressThe Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.2023-06-07not yet calculatedCVE-2016-15033
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability classified as problematic was found in Arborator Server. This vulnerability affects the function start of the file project.cgi. The manipulation of the argument project leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as cdbdbcbd491db65e9d697ab4365605fdfab1a604. It is recommended to apply a patch to fix this issue. VDB-230662 is the identifier assigned to this vulnerability.2023-06-06not yet calculatedCVE-2018-25087
MISC
MISC
MISC
arborator — server
 
A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.2023-06-09not yet calculatedCVE-2019-16283
MISC
wordpress — wordpressThe User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.2023-06-07not yet calculatedCVE-2019-25138
MISC
MISC
MISC
wordpress — wordpressThe Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.2023-06-07not yet calculatedCVE-2019-25139
MISC
MISC
MISC
MISC
wordpress — wordpressThe WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2019-25140
MISC
MISC
MISC
MISC
wordpress — wordpressThe Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.2023-06-07not yet calculatedCVE-2019-25141
MISC
MISC
MISC
MISC
wordpress — wordpressThe Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to ‘companion_disable_popup’ function only checking the nonce while sending user input to the ‘update_option’ function. This makes it possible for authenticated attackers to change otherwise restricted options.2023-06-07not yet calculatedCVE-2019-25142
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.2023-06-07not yet calculatedCVE-2019-25143
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link.2023-06-07not yet calculatedCVE-2019-25144
MISC
MISC
wordpress — wordpressThe Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims.2023-06-07not yet calculatedCVE-2019-25145
MISC
MISC
wordpress — wordpressThe DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the page.2023-06-07not yet calculatedCVE-2019-25146
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2019-25147
MISC
MISC
MISC
wordpress — wordpressThe WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link.2023-06-07not yet calculatedCVE-2019-25148
MISC
MISC
MISC
wordpress — wordpressThe Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.2023-06-07not yet calculatedCVE-2019-25149
MISC
MISC
wordpress — wordpressThe Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators.2023-06-07not yet calculatedCVE-2019-25150
MISC
MISC
MISC
wordpress — wordpressThe Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service.2023-06-07not yet calculatedCVE-2019-25151
MISC
MISC
MISC
MISC
wordpress — wordpressThe Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.2023-06-07not yet calculatedCVE-2020-36696
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings.2023-06-07not yet calculatedCVE-2020-36697
MISC
MISC
MISC
wordpress — wordpressThe Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website.2023-06-07not yet calculatedCVE-2020-36699
MISC
MISC
MISC
MISC
wordpress — wordpressThe Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the ‘/wp-admin/index.php’ page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content.2023-06-07not yet calculatedCVE-2020-36700
MISC
MISC
MISC
MISC
wordpress — wordpressThe Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the ‘process_bulk_action’ function in the ‘kingcomposer/includes/kc.extensions.php’ file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server.2023-06-07not yet calculatedCVE-2020-36701
MISC
MISC
MISC
MISC
wordpress — wordpressThe Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin’s settings.2023-06-07not yet calculatedCVE-2020-36702
MISC
MISC
wordpress — wordpressThe Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts.2023-06-07not yet calculatedCVE-2020-36703
MISC
MISC
wordpress — wordpressThe Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2020-36704
MISC
MISC
wordpress — wordpressThe Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.2023-06-07not yet calculatedCVE-2020-36705
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-07not yet calculatedCVE-2020-36707
MISC
MISC
MISC
MISC
wordpress — wordpressThe following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.2023-06-07not yet calculatedCVE-2020-36708
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2020-36709
MISC
MISC
MISC
wordpress — wordpressThe WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.2023-06-07not yet calculatedCVE-2020-36710
MISC
MISC
wordpress — wordpressThe Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2020-36711
MISC
MISC
MISC
wordpress — wordpressThe Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.2023-06-07not yet calculatedCVE-2020-36712
MISC
MISC
wordpress — wordpressThe MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the ‘register’ and ‘update_user_profile’ routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.2023-06-07not yet calculatedCVE-2020-36713
MISC
MISC
MISC
wordpress — wordpressThe Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-07not yet calculatedCVE-2020-36715
MISC
MISC
MISC
wordpress — wordpressThe WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options.2023-06-07not yet calculatedCVE-2020-36716
MISC
MISC
MISC
wordpress — wordpressThe Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin’s function. This makes it possible for unauthenticated attackers to access the plugin’s administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-07not yet calculatedCVE-2020-36717
MISC
MISC
wordpress — wordpressThe GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input “njt_gdpr_allow_permissions” value. This allows unauthenticated attackers to inject a PHP Object.2023-06-07not yet calculatedCVE-2020-36718
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe ListingPro – WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.2023-06-07not yet calculatedCVE-2020-36719
MISC
MISC
MISC
wordpress — wordpressThe Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin’s settings.2023-06-07not yet calculatedCVE-2020-36720
MISC
MISC
MISC
wordpress — wordpressThe Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the ‘activello_activate_plugin’ and ‘activello_deactivate_plugin’ functions in the ‘inc/welcome-screen/class-activello-welcome.php’ file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site.2023-06-07not yet calculatedCVE-2020-36721
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim’s browser.2023-06-07not yet calculatedCVE-2020-36722
MISC
MISC
MISC
MISC
wordpress — wordpressThe ListingPro – WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.2023-06-07not yet calculatedCVE-2020-36723
MISC
MISC
MISC
wordpress — wordpressThe Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.2023-06-07not yet calculatedCVE-2020-36724
MISC
MISC
MISC
wordpress — wordpressThe TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the ‘ti-woocommerce-wishlist/includes/export.class.php’ file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.2023-06-07not yet calculatedCVE-2020-36725
MISC
MISC
MISC
MISC
wordpress — wordpressThe Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.2023-06-07not yet calculatedCVE-2020-36726
MISC
MISC
MISC
wordpress — wordpressThe Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the ‘customFieldsDetails’ parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object.2023-06-07not yet calculatedCVE-2020-36727
MISC
MISC
MISC
wordpress — wordpressThe Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.2023-06-07not yet calculatedCVE-2020-36728
MISC
MISC
MISC
MISC
wordpress — wordpressThe 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ‘twoj_slideshow_setup’ function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog.2023-06-07not yet calculatedCVE-2020-36729
MISC
MISC
MISC
MISC
wordpress — wordpressThe CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.2023-06-07not yet calculatedCVE-2020-36730
MISC
MISC
MISC
MISC
wordpress — wordpressThe Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction() function which is called via an admin_init hook, along with missing sanitization and escaping on the settings that are stored.2023-06-07not yet calculatedCVE-2020-36731
MISC
MISC
MISC
seeddms — seeddms
 
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.2023-06-07not yet calculatedCVE-2021-33223
MISC
MISC
wordpress — wordpressSixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0.2023-06-07not yet calculatedCVE-2021-4337
MISC
MISC
MISC
wordpress — wordpressThe 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections.2023-06-07not yet calculatedCVE-2021-4338
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the “ulisting/includes/route.php” file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database.2023-06-07not yet calculatedCVE-2021-4339
MISC
MISC
MISC
wordpress — wordpressThe uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-07not yet calculatedCVE-2021-4340
MISC
MISC
wordpress — wordpressThe uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.2023-06-07not yet calculatedCVE-2021-4341
MISC
MISC
wordpress — wordpress
 
Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.2023-06-07not yet calculatedCVE-2021-4342
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated attackers to create accounts, even those with administrator privileges.2023-06-07not yet calculatedCVE-2021-4343
MISC
MISC
MISC
wordpress — wordpressThe Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including ‘guest users’, in their own category (authenticated, or unauthenticated guests).2023-06-07not yet calculatedCVE-2021-4344
MISC
MISC
wordpress — wordpressThe uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities.2023-06-07not yet calculatedCVE-2021-4345
MISC
MISC
MISC
wordpress — wordpressThe uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog, such as changing the admin account’s email address.2023-06-07not yet calculatedCVE-2021-4346
MISC
MISC
MISC
wordpress — wordpressThe function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn’t fully address the issue.2023-06-07not yet calculatedCVE-2021-4347
MISC
MISC
wordpress — wordpressThe Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites.2023-06-07not yet calculatedCVE-2021-4348
MISC
MISC
wordpress — wordpressThe Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-07not yet calculatedCVE-2021-4349
MISC
MISC
MISC
wordpress — wordpressThe Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay.2023-06-07not yet calculatedCVE-2021-4350
MISC
MISC
wordpress — wordpressThe Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to change the meta data of certain posts and pages.2023-06-07not yet calculatedCVE-2021-4351
MISC
MISC
wordpress — wordpressThe JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin.2023-06-07not yet calculatedCVE-2021-4352
MISC
MISC
MISC
wordpress — wordpressThe PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.2023-06-07not yet calculatedCVE-2021-4354
MISC
MISC
wordpress — wordpressThe Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.2023-06-07not yet calculatedCVE-2021-4355
MISC
MISC
wordpress — wordpressThe Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to download arbitrary files on the site, potentially leading to site takeover.2023-06-07not yet calculatedCVE-2021-4356
MISC
MISC
MISC
wordpress — wordpressThe uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete site posts and pages.2023-06-07not yet calculatedCVE-2021-4357
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2021-4358
MISC
MISC
MISC
wordpress — wordpressThe Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site.2023-06-07not yet calculatedCVE-2021-4359
MISC
MISC
MISC
wordpress — wordpressThe Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.2023-06-07not yet calculatedCVE-2021-4360
MISC
MISC
MISC
MISC
wordpress — wordpressThe JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site.2023-06-07not yet calculatedCVE-2021-4361
MISC
MISC
MISC
wordpress — wordpressThe Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.2023-06-07not yet calculatedCVE-2021-4362
MISC
MISC
MISC
wordpress — wordpressThe WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the ‘save_content_front’ function that uses print_r on the user-supplied $_REQUEST values . This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-07not yet calculatedCVE-2021-4363
MISC
MISC
MISC
wordpress — wordpressThe JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls.2023-06-07not yet calculatedCVE-2021-4364
MISC
MISC
MISC
wordpress — wordpressThe Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2021-4365
MISC
MISC
MISC
wordpress — wordpressThe PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.2023-06-07not yet calculatedCVE-2021-4366
MISC
MISC
MISC
wordpress — wordpressThe Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. This makes it possible for authenticated attackers, like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2021-4367
MISC
MISC
MISC
wordpress — wordpressThe Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types. This can lead to remote code execution through other vulnerabilities.2023-06-07not yet calculatedCVE-2021-4368
MISC
MISC
MISC
wordpress — wordpressThe Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other’s posts, and lacking a security nonce, all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to edit the content and title of every page on the site.2023-06-07not yet calculatedCVE-2021-4369
MISC
MISC
MISC
wordpress — wordpressThe uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection.2023-06-07not yet calculatedCVE-2021-4370
MISC
MISC
MISC
wordpress — wordpressThe WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.2023-06-07not yet calculatedCVE-2021-4371
MISC
MISC
MISC
wordpress — wordpressThe WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site.2023-06-07not yet calculatedCVE-2021-4372
MISC
MISC
wordpress — wordpressThe Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-07not yet calculatedCVE-2021-4373
MISC
MISC
MISC
wordpress — wordpressThe WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site.2023-06-07not yet calculatedCVE-2021-4374
MISC
MISC
wordpress — wordpressThe Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings.2023-06-07not yet calculatedCVE-2021-4375
MISC
MISC
wordpress — wordpressThe WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.2023-06-07not yet calculatedCVE-2021-4376
MISC
MISC
MISC
MISC
wordpress — wordpressThe Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. This can allow authenticated attackers to extract a CSV file that contains sensitive information about the donors.2023-06-07not yet calculatedCVE-2021-4377
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-07not yet calculatedCVE-2021-4378
MISC
MISC
wordpress — wordpressThe WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.2023-06-07not yet calculatedCVE-2021-4379
MISC
MISC
MISC
wordpress — wordpressThe Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the ‘wp_pinterest_automatic_parse_request’ function and the ‘process_form.php’ script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.2023-06-07not yet calculatedCVE-2021-4380
MISC
MISC
MISC
MISC
wordpress — wordpressThe uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.2023-06-07not yet calculatedCVE-2021-4381
MISC
MISC
MISC
wordpress — wordpressThe Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.2023-06-07not yet calculatedCVE-2021-4382
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin’s page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.2023-06-07not yet calculatedCVE-2021-4383
MISC
MISC
MISC
wordpress — wordpressThe 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.2023-06-07not yet calculatedCVE-2021-46889
MISC
qualcomm — multiple_productsAssertion occurs while processing Reconfiguration message due to improper validation2023-06-06not yet calculatedCVE-2022-22060
MISC
qualcomm — multiple_products
 
information disclosure due to cryptographic issue in Core during RPMB read request.2023-06-06not yet calculatedCVE-2022-22076
MISC
percona — xtrabackup
 
In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.2023-06-07not yet calculatedCVE-2022-25834
MISC
MISC
vmware — toolsVMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.2023-06-07not yet calculatedCVE-2022-31693
CONFIRM
MISC
qualcomm — multiple_productsMemory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.2023-06-06not yet calculatedCVE-2022-33224
MISC
qualcomm — multiple_products
 
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.2023-06-06not yet calculatedCVE-2022-33226
MISC
qualcomm — multiple_productsMemory corruption in Linux android due to double free while calling unregister provider after register call.2023-06-06not yet calculatedCVE-2022-33227
MISC
qualcomm — multiple_productsMemory corruption in FM Host due to buffer copy without checking the size of input in FM Host2023-06-06not yet calculatedCVE-2022-33230
MISC
qualcomm — multiple_productsMemory corruption in Audio due to incorrect type cast during audio use-cases.2023-06-06not yet calculatedCVE-2022-33240
MISC
qualcomm — multiple_productsTransient DOS due to reachable assertion in Modem because of invalid network configuration.2023-06-06not yet calculatedCVE-2022-33251
MISC
qualcomm — multiple_productsMemory corruption due to use after free in Core when multiple DCI clients register and deregister.2023-06-06not yet calculatedCVE-2022-33263
MISC
qualcomm — multiple_productsMemory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.2023-06-06not yet calculatedCVE-2022-33264
MISC
qualcomm — multiple_productsMemory corruption in Linux while sending DRM request.2023-06-06not yet calculatedCVE-2022-33267
MISC
qualcomm — multiple_productsTransient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue.2023-06-06not yet calculatedCVE-2022-33303
MISC
qualcomm — multiple_productsMemory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.2023-06-06not yet calculatedCVE-2022-33307
MISC
qualcomm — multiple_productsMemory corruption due to double free in Core while mapping HLOS address to the list.2023-06-06not yet calculatedCVE-2022-40507
MISC
qualcomm — multiple_productsTransient DOS due to improper authorization in Modem2023-06-06not yet calculatedCVE-2022-40521
MISC
lenovo — thinkpadA local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.2023-06-05not yet calculatedCVE-2022-4569
MISC
syncthing — syncthing
 
Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HTML or JavaScript inside parts of the page. As a result the webUI may be subject to a stored cross site scripting attack. This issue has been addressed in version 1.23.5. Users are advised to upgrade. Users unable to upgrade should avoid sharing folders with untrusted users.2023-06-06not yet calculatedCVE-2022-46165
MISC
MISC
lenovo — thinkpad
 
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.2023-06-05not yet calculatedCVE-2022-48181
MISC
lenovo — multiple_productsA buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.2023-06-05not yet calculatedCVE-2022-48188
MISC
wordpress — wordpressThe Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.2023-06-05not yet calculatedCVE-2022-4946
MISC
wordpress — wordpressThe FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker.2023-06-07not yet calculatedCVE-2022-4948
MISC
MISC
wordpress — wordpressThe AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘ajax_upload’ function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible.2023-06-07not yet calculatedCVE-2022-4949
MISC
MISC
wordpress — wordpressSeveral WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.2023-06-07not yet calculatedCVE-2022-4950
MISC
MISC
MISC
gitlab — gitlabA denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.2023-06-07not yet calculatedCVE-2023-0121
MISC
CONFIRM
MISC
wordpress — wordpressThe WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-06-05not yet calculatedCVE-2023-0152
MISC
wordpress — wordpressThe Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.2023-06-09not yet calculatedCVE-2023-0291
MISC
MISC
MISC
MISC
wordpress — wordpressThe Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-0292
MISC
MISC
MISC
MISC
mongodb_inc. — mongodb_ops_manager
 
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.122023-06-09not yet calculatedCVE-2023-0342
MISC
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API.2023-06-07not yet calculatedCVE-2023-0508
MISC
MISC
CONFIRM
wordpress — wordpressThe Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-06-05not yet calculatedCVE-2023-0545
MISC
linux — multiple_productsImproper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.2023-06-05not yet calculatedCVE-2023-0635
MISC
linux — multiple_productsImproper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.2023-06-05not yet calculatedCVE-2023-0636
MISC
wireshark_foundation — wiresharkDue to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.2023-06-07not yet calculatedCVE-2023-0666
MISC
MISC
MISC
MISC
wireshark_foundation — wiresharkDue to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark2023-06-07not yet calculatedCVE-2023-0667
MISC
MISC
wireshark_foundation — wiresharkDue to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.2023-06-07not yet calculatedCVE-2023-0668
MISC
MISC
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_thankyou’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID.2023-06-09not yet calculatedCVE-2023-0688
MISC
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_last_name’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter’s last name.2023-06-09not yet calculatedCVE-2023-0691
MISC
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_payment_status’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions.2023-06-09not yet calculatedCVE-2023-0692
MISC
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_transaction_id’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment.2023-06-09not yet calculatedCVE-2023-0693
MISC
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission.2023-06-09not yet calculatedCVE-2023-0694
MISC
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.2023-06-09not yet calculatedCVE-2023-0695
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf_first_name’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.2023-06-09not yet calculatedCVE-2023-0708
MISC
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf_last_name’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.2023-06-09not yet calculatedCVE-2023-0709
MISC
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘fname’ attribute of the ‘mf_thankyou’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. Additionally this requires successful payment, increasing the complexity.2023-06-09not yet calculatedCVE-2023-0710
MISC
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.2023-06-09not yet calculatedCVE-2023-0721
MISC
MISC
MISC
wordpress — wordpressThe Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.2023-06-09not yet calculatedCVE-2023-0729
MISC
MISC
MISC
wordpress — wordpressThe Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-0831
MISC
MISC
wordpress — wordpressThe Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it possible for unauthenticated attackers to perform an unauthorized install of the Weglot Translate plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-0832
MISC
MISC
wordpress — wordpressThe Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.2023-06-05not yet calculatedCVE-2023-0900
MISC
gitlab — gitlabA lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.2023-06-06not yet calculatedCVE-2023-0921
CONFIRM
MISC
MISC
sensormatic_electronics — illustra_pro_gen_4_dome
 
A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.2023-06-08not yet calculatedCVE-2023-0954
MISC
MISC
trellix — trellix_agentA command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.2023-06-07not yet calculatedCVE-2023-0976
MISC
wordpress — wordpressThe Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the ‘User-Agent’ header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-09not yet calculatedCVE-2023-0992
MISC
MISC
MISC
wordpress — wordpressThe Shield Security plugin for WordPress is vulnerable to Missing Authorization on the ‘theme-plugin-file’ AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.2023-06-09not yet calculatedCVE-2023-0993
MISC
MISC
MISC
wordpress — wordpressThe Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied ‘objects’ and ‘tags’ parameters and lack of sufficient preparation in the ‘update_options’ function as well as the ‘refresh’ function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK.2023-06-09not yet calculatedCVE-2023-1016
MISC
MISC
wordpress — wordpressThe OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the ‘file_uploader_callback’ function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site.2023-06-09not yet calculatedCVE-2023-1169
MISC
MISC
MISC
hashicorp — consul
 
Consul and Consul Enterprise’s cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.32023-06-02not yet calculatedCVE-2023-1297
MISC
wordpress — wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site’s cache.2023-06-09not yet calculatedCVE-2023-1375
MISC
MISC
MISC
trellix — trellix_agentA heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.2023-06-07not yet calculatedCVE-2023-1388
MISC
wordpress — wordpressThe Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-09not yet calculatedCVE-2023-1403
MISC
MISC
wordpress — wordpressThe Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-09not yet calculatedCVE-2023-1404
MISC
MISC
google — grpcThere exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC’s C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.2023-06-09not yet calculatedCVE-2023-1428
MISC
wordpress — wordpressThe FluentCRM – Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address.2023-06-09not yet calculatedCVE-2023-1430
MISC
MISC
wordpress — wordpressThe Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-09not yet calculatedCVE-2023-1615
MISC
MISC
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address.2023-06-06not yet calculatedCVE-2023-1621
CONFIRM
MISC
MISC
siemens — jt2goThe APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.2023-06-07not yet calculatedCVE-2023-1709
MISC
MISC
wordpress — wordpressThe Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-1807
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.2023-06-07not yet calculatedCVE-2023-1825
CONFIRM
MISC
wordpress — wordpressThe Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure.2023-06-09not yet calculatedCVE-2023-1843
MISC
MISC
MISC
fanuc — roboguide-handlingproFANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software.2023-06-07not yet calculatedCVE-2023-1864
MISC
wordpress — wordpressThe Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.2023-06-09not yet calculatedCVE-2023-1888
MISC
MISC
wordpress — wordpressThe Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.2023-06-09not yet calculatedCVE-2023-1889
MISC
MISC
wordpress — wordpressThe Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2023-06-09not yet calculatedCVE-2023-1895
MISC
MISC
wordpress — wordpressThe Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer’s site.2023-06-09not yet calculatedCVE-2023-1910
MISC
MISC
wordpress — wordpressThe PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.2023-06-09not yet calculatedCVE-2023-1917
MISC
MISC
MISC
MISC
wordpress — wordpressThe ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-1978
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.2023-06-07not yet calculatedCVE-2023-2001
MISC
MISC
CONFIRM
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.2023-06-07not yet calculatedCVE-2023-2013
MISC
MISC
CONFIRM
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims.2023-06-07not yet calculatedCVE-2023-2015
MISC
CONFIRM
MISC
wordpress — wordpressThe Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-09not yet calculatedCVE-2023-2031
MISC
MISC
MISC
wordpress — wordpressThe Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘bulletinwp_update_bulletin_status’, ‘bulletinwp_update_bulletin’, ‘bulletinwp_update_settings’, ‘bulletinwp_update_status’, ‘bulletinwp_export_bulletins’, and ‘bulletinwp_import_bulletins’ functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin’s settings, modify bulletins, create new bulletins, and more.2023-06-09not yet calculatedCVE-2023-2066
MISC
MISC
MISC
wordpress — wordpressThe Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the ‘bulletinwp_update_bulletin_status’, ‘bulletinwp_update_bulletin’, ‘bulletinwp_update_settings’, ‘bulletinwp_update_status’, ‘bulletinwp_export_bulletins’, and ‘bulletinwp_import_bulletins’ functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin’s settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site’s user into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2067
MISC
MISC
MISC
wordpress — wordpressThe Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.2023-06-09not yet calculatedCVE-2023-2083
MISC
MISC
MISC
wordpress — wordpressThe Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.2023-06-09not yet calculatedCVE-2023-2084
MISC
MISC
wordpress — wordpressThe Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.2023-06-09not yet calculatedCVE-2023-2085
MISC
MISC
MISC
wordpress — wordpressThe Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.2023-06-09not yet calculatedCVE-2023-2086
MISC
MISC
MISC
wordpress — wordpressThe Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2087
MISC
MISC
MISC
aria — operations_for_networksAria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.2023-06-07not yet calculatedCVE-2023-20887
MISC
aria — operations_for_networksAria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid ‘member’ role credentials may be able to perform a deserialization attack resulting in remote code execution.2023-06-07not yet calculatedCVE-2023-20888
MISC
aria — operations_for_networksAria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.2023-06-07not yet calculatedCVE-2023-20889
MISC
hashicorp_vault
 
Vault and Vault Enterprise’s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.2023-06-09not yet calculatedCVE-2023-2121
MISC
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint.2023-06-06not yet calculatedCVE-2023-2132
MISC
MISC
CONFIRM
imagemagick — imagemagickA heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.2023-06-06not yet calculatedCVE-2023-2157
MISC
wordpress — wordpressThe CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin’s provided feature.2023-06-09not yet calculatedCVE-2023-2159
MISC
MISC
MISC
grafana– grafanaGrafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.2023-06-06not yet calculatedCVE-2023-2183
MISC
MISC
wordpress — wordpressThe WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2184
MISC
MISC
triangle_microworks — scada_data_gatewayOn Triangle MicroWorks’ SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.2023-06-07not yet calculatedCVE-2023-2186
MISC
triangle_microworks — scada_data_gatewayOn Triangle MicroWorks’ SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a “password change event”. Furthermore, an attacker could use this vulnerability to spam the logged-in user with false events.2023-06-07not yet calculatedCVE-2023-2187
MISC
wordpress — wordpressThe Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.2023-06-09not yet calculatedCVE-2023-2189
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.2023-06-07not yet calculatedCVE-2023-2198
MISC
MISC
CONFIRM
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.2023-06-07not yet calculatedCVE-2023-2199
MISC
MISC
CONFIRM
wordpress — wordpressThe WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-09not yet calculatedCVE-2023-2237
MISC
MISC
MISC
advantech — webaccess/scadaIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.2023-06-06not yet calculatedCVE-2023-22450
MISC
wordpress — wordpressThe wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.2023-06-09not yet calculatedCVE-2023-2249
MISC
MISC
MISC
distribution/distribution — distribution/distributionA flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.2023-06-06not yet calculatedCVE-2023-2253
MISC
wordpress — wordpressThe WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails.2023-06-09not yet calculatedCVE-2023-2261
MISC
MISC
MISC
wordpress — wordpressThe WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the ‘get_item’, ‘get_order_notes’ and ‘add_order_note’ functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes.2023-06-09not yet calculatedCVE-2023-2275
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘ajax_public’ function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3.2023-06-09not yet calculatedCVE-2023-2280
MISC
MISC
MISC
palantir_foundry — lime2Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.2023-06-06not yet calculatedCVE-2023-22833
MISC
wordpress — wordpressThe WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin’s settings.2023-06-09not yet calculatedCVE-2023-2284
MISC
MISC
wordpress — wordpressThe WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2285
MISC
MISC
wordpress — wordpressThe WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2286
MISC
MISC
MISC
wordpress — wordpressThe wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2289
MISC
MISC
wordpress — wordpressThe Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpdm_members’, ‘wpdm_login_form’, ‘wpdm_reg_form’ shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-09not yet calculatedCVE-2023-2305
MISC
MISC
MISC
MISC
MISC
ibm — sterling_partner_engagement_managerIBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885.2023-06-08not yet calculatedCVE-2023-23480
MISC
MISC
ibm — sterling_partner_engagement_managerIBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889.2023-06-08not yet calculatedCVE-2023-23481
MISC
MISC
ibm — sterling_partner_engagement_managerIBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891.2023-06-08not yet calculatedCVE-2023-23482
MISC
MISC
delta_electronics — cncsoft-b_dopsoftDelta Electronics’ CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code.2023-06-07not yet calculatedCVE-2023-24014
MISC
wordpress — wordpressThe Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2402
MISC
MISC
wordpress — wordpressThe CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ’email’ parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-03not yet calculatedCVE-2023-2404
MISC
MISC
MISC
wordpress — wordpressThe CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-03not yet calculatedCVE-2023-2405
MISC
MISC
MISC
wordpress — wordpressThe Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the ’email’ parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-03not yet calculatedCVE-2023-2406
MISC
MISC
MISC
MISC
wordpress — wordpressThe Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-03not yet calculatedCVE-2023-2407
MISC
MISC
MISC
MISC
wordpress — wordpressThe Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript.2023-06-09not yet calculatedCVE-2023-2414
MISC
MISC
MISC
wordpress — wordpressThe Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.2023-06-03not yet calculatedCVE-2023-2415
MISC
MISC
MISC
wordpress — wordpressThe Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.2023-06-03not yet calculatedCVE-2023-2416
MISC
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.2023-06-07not yet calculatedCVE-2023-2442
MISC
CONFIRM
MISC
ptc — vufora_studioAn attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.2023-06-07not yet calculatedCVE-2023-24476
MISC
wordpress — wordpressThe FiboSearch – AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-09not yet calculatedCVE-2023-2450
MISC
MISC
MISC
arista_networks — arista_eosOn the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.2023-06-05not yet calculatedCVE-2023-24510
MISC
wordpress — wordpressThe Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-09not yet calculatedCVE-2023-2452
MISC
MISC
MISC
google.golang.org/protobuf — google.golang.org/protobuf/encoding/prototextParsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.2023-06-08not yet calculatedCVE-2023-24535
MISC
MISC
MISC
postgresql — postgresqlschema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.2023-06-09not yet calculatedCVE-2023-2454
MISC
MISC
postgresql — postgresqlRow security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.2023-06-09not yet calculatedCVE-2023-2455
MISC
MISC
wordpress — wordpressThe Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-09not yet calculatedCVE-2023-2484
MISC
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of.2023-06-07not yet calculatedCVE-2023-2485
CONFIRM
MISC
MISC
wordpress — wordpressThe 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-05not yet calculatedCVE-2023-2503
MISC
delta_electronics — cncsoft-b_dopsoft
 
Delta Electronics’ CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.2023-06-07not yet calculatedCVE-2023-25177
MISC
wordpress — wordpressThe Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2526
MISC
MISC
MISC
MISC
puppet — puppet_enterpriseA privilege escalation allowing remote code execution was discovered in the orchestration service.2023-06-07not yet calculatedCVE-2023-2530
MISC
knime — knime_business_hubThe Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.2023-06-07not yet calculatedCVE-2023-2541
MISC
wordpress — wordpressThe WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the ‘wpus_allow_user_to_admin_bar_menu’ function with the ‘wpus_who_switch’ cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username.2023-06-06not yet calculatedCVE-2023-2546
MISC
MISC
MISC
wordpress — wordpressThe WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher.2023-06-09not yet calculatedCVE-2023-2555
MISC
MISC
wordpress — wordpressThe WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher.2023-06-09not yet calculatedCVE-2023-2556
MISC
MISC
wordpress — wordpressThe WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher.2023-06-09not yet calculatedCVE-2023-2557
MISC
MISC
wordpress — wordpressThe WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-09not yet calculatedCVE-2023-2558
MISC
MISC
wordpress — wordpressThe Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-05not yet calculatedCVE-2023-2571
MISC
wordpress — wordpressThe Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-05not yet calculatedCVE-2023-2572
MISC
wordpress — wordpressThe PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-09not yet calculatedCVE-2023-2584
MISC
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group.2023-06-07not yet calculatedCVE-2023-2589
MISC
CONFIRM
MISC
wordpress — wordpressThe Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2599
MISC
MISC
MISC
libcap — libcapA vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.2023-06-06not yet calculatedCVE-2023-2602
MISC
MISC
libcap — libcapA vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.2023-06-06not yet calculatedCVE-2023-2603
MISC
MISC
wordpress — wordpressThe Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2604
MISC
MISC
wordpress — wordpressThe Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-09not yet calculatedCVE-2023-2607
MISC
MISC
MISC
dottie — dottieVersions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.2023-06-10not yet calculatedCVE-2023-26132
MISC
MISC
MISC
wordpress — wordpressThe Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-05not yet calculatedCVE-2023-2634
MISC
pegasystems — pega_infinityPega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.2023-06-09not yet calculatedCVE-2023-26465
MISC
wordpress — wordpressThe WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.2023-06-09not yet calculatedCVE-2023-2688
MISC
MISC
tp-link_tapo — tp-link_tapoThe AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.2023-06-06not yet calculatedCVE-2023-27126
MISC
MISC
MISC
wordpress — wordpressThe Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library.2023-06-09not yet calculatedCVE-2023-2764
MISC
MISC
MISC
wordpress — wordpressThe WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-09not yet calculatedCVE-2023-2767
MISC
MISC
bitwarden — desktopBitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault.2023-06-09not yet calculatedCVE-2023-27706
MISC
MISC
MISC
MISC
ptc — vuforia_studioA user could use the “Upload Resource” functionality to upload files to any location on the disk.2023-06-07not yet calculatedCVE-2023-27881
MISC
horner_automation — cscapeThe affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-27916
MISC
zyxel — nr7101A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.2023-06-05not yet calculatedCVE-2023-27989
MISC
grafana — grafanaGrafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it’s also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.2023-06-06not yet calculatedCVE-2023-2801
MISC
hashicorp — consulConsul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.2023-06-02not yet calculatedCVE-2023-2816
MISC
wordpress — wordpressThe ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the ‘rx_set_screen_options’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘wp_screen_options[option]’ and ‘wp_screen_options[value]’ parameters during a screen option update.2023-06-06not yet calculatedCVE-2023-2833
MISC
MISC
MISC
MISC
MISC
horner_automation — cscapeThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-28653
MISC
advantech — webaccess/scadaIf an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.2023-06-07not yet calculatedCVE-2023-2866
MISC
kubernetes — secrets-store-csi-driverKubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.2023-06-07not yet calculatedCVE-2023-2878
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2891
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2892
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2893
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2894
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2895
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-09not yet calculatedCVE-2023-2896
MISC
MISC
wordpress — wordpressThe Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an ‘X-Forwarded-For’ HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the ‘X-Forwarded-For’ header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality.2023-06-09not yet calculatedCVE-2023-2897
MISC
MISC
hid_global — safeThe External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.2023-06-07not yet calculatedCVE-2023-2904
MISC
MISC
ptc — vuforia_studio
 
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.2023-06-07not yet calculatedCVE-2023-29152
MISC
ptc — vuforia_studio
 
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.2023-06-07not yet calculatedCVE-2023-29168
MISC
github.com/gin-gonic/gin — github.com/gin-gonic/ginThe filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of “setup.bat&quot;;x=.txt” will be sent as a file named “setup.bat”. If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.2023-06-08not yet calculatedCVE-2023-29401
MISC
MISC
MISC
MISC
go_toolchain — cmd/goThe go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via “go get”, are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).2023-06-08not yet calculatedCVE-2023-29402
MISC
MISC
MISC
MISC
go_standard_library — runtimeOn Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.2023-06-08not yet calculatedCVE-2023-29403
MISC
MISC
MISC
MISC
go_toolchain — cmd/goThe go command may execute arbitrary code at build time when using cgo. This may occur when running “go get” on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a “#cgo LDFLAGS” directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.2023-06-08not yet calculatedCVE-2023-29404
MISC
MISC
MISC
MISC
go_toolchain — cmd/goThe go command may execute arbitrary code at build time when using cgo. This may occur when running “go get” on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a “#cgo LDFLAGS” directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.2023-06-08not yet calculatedCVE-2023-29405
MISC
MISC
MISC
MISC
ptc — vuforiaBefore importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.2023-06-07not yet calculatedCVE-2023-29502
MISC
horner_automation — cscapeThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-29503
MISC
advancecomp — advancecompA segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.2023-06-06not yet calculatedCVE-2023-2961
MISC
prestashop — jmsthemelayoutPrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.2023-06-05not yet calculatedCVE-2023-29629
MISC
prestashop — jmsmegamenuPrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.2023-06-05not yet calculatedCVE-2023-29630
MISC
prestashop — jmssliderPrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.2023-06-05not yet calculatedCVE-2023-29631
MISC
prestashop — jmspagebuilderPrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.2023-06-06not yet calculatedCVE-2023-29632
MISC
vade — secure_gatewayCross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.2023-06-09not yet calculatedCVE-2023-29712
MISC
MISC
MISC
vade — secure_gatewayCross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.2023-06-09not yet calculatedCVE-2023-29713
MISC
MISC
MISC
vade — secure_gatewayCross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.2023-06-09not yet calculatedCVE-2023-29714
MISC
MISC
MISC
yandex — navigatorAn issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.2023-06-09not yet calculatedCVE-2023-29749
MISC
yandex — navigatorAn issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.2023-06-09not yet calculatedCVE-2023-29751
MISC
facemoji — emoji_keyboardAn issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.2023-06-09not yet calculatedCVE-2023-29752
MISC
facemoji — emoji_keyboardAn issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.2023-06-09not yet calculatedCVE-2023-29753
MISC
google — androidAn issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.2023-06-09not yet calculatedCVE-2023-29755
MISC
google — androidAn issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.2023-06-09not yet calculatedCVE-2023-29756
MISC
google — androidAn issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.2023-06-09not yet calculatedCVE-2023-29757
MISC
google — androidAn issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.2023-06-09not yet calculatedCVE-2023-29758
MISC
google — androidAn issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.2023-06-09not yet calculatedCVE-2023-29759
MISC
google — androidAn issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.2023-06-09not yet calculatedCVE-2023-29761
MISC
google — androidAn issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.2023-06-09not yet calculatedCVE-2023-29766
MISC
google — androidAn issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.2023-06-09not yet calculatedCVE-2023-29767
MISC
wordpress — wordpressThe Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.2023-06-08not yet calculatedCVE-2023-2986
MISC
MISC
MISC
MISC
mim_software_inc — multiple_productsAn issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service.2023-06-09not yet calculatedCVE-2023-30262
MISC
MISC
MISC
rhacm — rhacmThe grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created.2023-06-05not yet calculatedCVE-2023-3027
MISC
anyka_microelectronics — ak3918ev300_mcu
 
An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU’s operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password.2023-06-07not yet calculatedCVE-2023-30400
MISC
MISC
xpdf — xpdfAn excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf’s text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.2023-06-02not yet calculatedCVE-2023-3044
MISC
MISC
apache — guacamoleApache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.2023-06-07not yet calculatedCVE-2023-30575
MISC
apache — guacamoleApache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.2023-06-07not yet calculatedCVE-2023-30576
MISC
mobatime — mobatime_mobile_application_amxgt100Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.2023-06-05not yet calculatedCVE-2023-3064
MISC
mobatime — mobatime_mobile_application_amxgt100Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.2023-06-05not yet calculatedCVE-2023-3065
MISC
mobatime — mobatime_mobile_application_amxgt100Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.2023-06-05not yet calculatedCVE-2023-3066
MISC
google — chromeType confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-06-05not yet calculatedCVE-2023-3079
MISC
MISC
MISC
MISC

x-wrt_luci — x-wrt_luci

A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The name of the patch is 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.2023-06-03not yet calculatedCVE-2023-3085
MISC
MISC
MISC
MISC
foundry — commentsA security defect in Foundry’s Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it’s content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.2023-06-06not yet calculatedCVE-2023-30948
MISC
kylinsoft — kylinA vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-05not yet calculatedCVE-2023-3096
MISC
MISC
MISC
kylinsoft — kylinA vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been rated as critical. This issue affects the function setMainSource. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-05not yet calculatedCVE-2023-3097
MISC
MISC
MISC
kylinsoft — youker-assistantA vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: ‘../filedir’. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-05not yet calculatedCVE-2023-3098
MISC
MISC
MISC
kylinsoft — youker-assistantA vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-05not yet calculatedCVE-2023-3099
MISC
MISC
MISC
ibos — ibos
 
A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-230690 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-05not yet calculatedCVE-2023-3100
MISC
MISC
MISC
samsung — exynos_modem
 
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.2023-06-07not yet calculatedCVE-2023-31114
MISC
samsung — exynos_modem
 
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.2023-06-07not yet calculatedCVE-2023-31115
MISC
samsung — exynos_modem
 
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application.2023-06-07not yet calculatedCVE-2023-31116
MISC
ptc — vuforia
 
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.2023-06-07not yet calculatedCVE-2023-31200
MISC
dahua — smart_parking_management
 
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-06not yet calculatedCVE-2023-3121
MISC
MISC
MISC
wordpress — wordpressThe Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.2023-06-07not yet calculatedCVE-2023-3124
MISC
MISC
horner_automation — multiple_products
 
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer.2023-06-06not yet calculatedCVE-2023-31244
MISC
wordpress — wordpressThe B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘b2bking_save_price_import’ function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.2023-06-07not yet calculatedCVE-2023-3125
MISC
MISC
MISC
wordpress — wordpressThe B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘b2bkingdownloadpricelist’ function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site.2023-06-07not yet calculatedCVE-2023-3126
MISC
MISC
MISC
horner_automation — multiple_productsThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-31278
MISC
knime — knime_business_hubMissing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.2023-06-07not yet calculatedCVE-2023-3140
MISC
linux — kernel
 
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.2023-06-09not yet calculatedCVE-2023-3141
MISC
microweber — microweber/microweberCross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 2.0.2023-06-07not yet calculatedCVE-2023-3142
CONFIRM
MISC
sourcecodester — online_discussion_forum_siteA vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012.2023-06-07not yet calculatedCVE-2023-3143
MISC
MISC
MISC
sourcecodester — online_discussion_forum_siteA vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability.2023-06-07not yet calculatedCVE-2023-3144
MISC
MISC
MISC
sourcecodester — online_discussion_forum_siteA vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability.2023-06-07not yet calculatedCVE-2023-3145
MISC
MISC
MISC
sourcecodester — online_discussion_forum_siteA vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231015.2023-06-07not yet calculatedCVE-2023-3146
MISC
MISC
MISC
sourcecodester — online_discussion_forum_site
 
A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\view_category.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231016.2023-06-07not yet calculatedCVE-2023-3147
MISC
MISC
MISC
sourcecodester — online_discussion_forum_siteA vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects some unknown processing of the file admin\posts\manage_post.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231017 was assigned to this vulnerability.2023-06-07not yet calculatedCVE-2023-3148
MISC
MISC
MISC
sourcecodester — online_discussion_forum_siteA vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231018 is the identifier assigned to this vulnerability.2023-06-07not yet calculatedCVE-2023-3149
MISC
MISC
MISC
sourcecodester — online_discussion_forum_siteA vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file posts\manage_post.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231019.2023-06-07not yet calculatedCVE-2023-3150
MISC
MISC
MISC
sourcecodester — online_discussion_forum_siteA vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user\manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231020.2023-06-07not yet calculatedCVE-2023-3151
MISC
MISC
MISC
sourcecodester — online_discussion_forum_siteA vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability.2023-06-07not yet calculatedCVE-2023-3152
MISC
MISC
MISC
totolink — x5000r
 
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.2023-06-06not yet calculatedCVE-2023-31569
MISC
MISC
MISC
MISC
ruby_gem — ruby_gemA Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.2023-06-06not yet calculatedCVE-2023-31606
MISC
MISC
MISC
y_project — ruoyiA vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.2023-06-08not yet calculatedCVE-2023-3163
MISC
MISC
MISC
sourcecodester — life_insurance_management_sysA vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability.2023-06-08not yet calculatedCVE-2023-3165
MISC
MISC
MISC
froxlor — froxlorPath Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.2023-06-09not yet calculatedCVE-2023-3172
CONFIRM
MISC
froxlor — froxlorImproper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.2023-06-09not yet calculatedCVE-2023-3173
MISC
CONFIRM
sourcecodester — lost_and_found_information_systemA vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.2023-06-09not yet calculatedCVE-2023-3176
MISC
MISC
MISC
sourcecodester — lost_and_found_information_systemA vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.2023-06-09not yet calculatedCVE-2023-3177
MISC
MISC
MISC
sourcecodester — performance_indicator_system
 
A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163.2023-06-09not yet calculatedCVE-2023-3183
MISC
MISC
MISC
sourcecodester — sales_tracker_management_systemA vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.2023-06-09not yet calculatedCVE-2023-3184
MISC
MISC
MISC
phpgurukul –teachers_record_management_system
 
A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.2023-06-09not yet calculatedCVE-2023-3187
MISC
MISC
MISC
owncast — owncast
 
Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.2023-06-10not yet calculatedCVE-2023-3188
CONFIRM
MISC
telefnica_brasil — vivo_play_iptvTelefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion.2023-06-05not yet calculatedCVE-2023-31893
MISC
MISC
nilsteampassnet — teampassImproper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-06-10not yet calculatedCVE-2023-3190
CONFIRM
MISC
nilsteampassnet — teampassCross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-06-10not yet calculatedCVE-2023-3191
MISC
CONFIRM
horner_automation — cscapeThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-32203
MISC
sailpoint — identityiqIdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.2023-06-05not yet calculatedCVE-2023-32217
MISC
horner_automation — cscapeThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-32281
MISC
horner_automation — cscapeThe affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-32289
MISC
umbraco — umbracoidentityextensionsUmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible.2023-06-09not yet calculatedCVE-2023-32312
MISC
MISC
MISC
MISC
horner_automation — cscapeThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-32539
MISC
advantech — webaccess/scadaIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.2023-06-06not yet calculatedCVE-2023-32540
MISC
horner_automation — cscapeThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.2023-06-06not yet calculatedCVE-2023-32545
MISC
canonical_ltd. — landscape
 
Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.2023-06-06not yet calculatedCVE-2023-32549
MISC
canonical_ltd. — landscapeLandscape’s server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.2023-06-06not yet calculatedCVE-2023-32550
MISC
canonical_ltd. — landscapeLandscape allowed URLs which caused open redirection.2023-06-06not yet calculatedCVE-2023-32551
MISC
advantech — webaccess/scadaIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.2023-06-06not yet calculatedCVE-2023-32628
MISC
matrix-org — synapseSynapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user’s password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user’s password after they’ve been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade.2023-06-06not yet calculatedCVE-2023-32682
MISC
MISC
MISC
MISC
MISC
MISC
matrix-org — synapseSynapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.2023-06-06not yet calculatedCVE-2023-32683
MISC
MISC
google — grpcWhen gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients – leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/323092023-06-09not yet calculatedCVE-2023-32731
MISC
google — grpcgRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url2023-06-09not yet calculatedCVE-2023-32732
MISC
abstrium — pydio_cellsPydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.2023-06-08not yet calculatedCVE-2023-32749
MISC
MISC
FULLDISC
MISC
abstrium — pydio_cellsPydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job “remote-download” can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.2023-06-08not yet calculatedCVE-2023-32750
MISC
MISC
abstrium — pydio_cellsPydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability.2023-06-08not yet calculatedCVE-2023-32751
MISC
MISC
marval — marval_msm
 
Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application.2023-06-07not yet calculatedCVE-2023-33282
MISC
MISC
marval — marval_msm
 
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key.2023-06-07not yet calculatedCVE-2023-33283
MISC
marval — marval_msm
 
Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. A remote attacker authenticated as any user is able to execute code in context of the web server.2023-06-07not yet calculatedCVE-2023-33284
MISC
mitrastar– gpt-2741gnac
 
A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function.2023-06-06not yet calculatedCVE-2023-33381
MISC
MISC
MISC
besder — ip_camera
 
Incorrect access control in the administrative functionalities of BES–6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints.2023-06-08not yet calculatedCVE-2023-33443
MISC
sogou — workflow
 
In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.2023-06-06not yet calculatedCVE-2023-33457
MISC
lloyd — yajl
 
There’s a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.2023-06-06not yet calculatedCVE-2023-33460
MISC
harmonic — nsg_90006g
 
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.2023-06-06not yet calculatedCVE-2023-33477
MISC
xuxueli — xxl-rpc
 
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.2023-06-07not yet calculatedCVE-2023-33496
MISC
alist — alist
 
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.2023-06-07not yet calculatedCVE-2023-33498
MISC
jeecg — p3_biz_chat
 
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.2023-06-07not yet calculatedCVE-2023-33510
MISC
emoncms — emoncms
 
emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.2023-06-05not yet calculatedCVE-2023-33518
MISC
tenda — g103
 
There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.2023-06-06not yet calculatedCVE-2023-33530
MISC
MISC
netgear — r6250
 
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.2023-06-06not yet calculatedCVE-2023-33532
MISC
MISC
netgear — d6220
 
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.2023-06-06not yet calculatedCVE-2023-33533
MISC
MISC
tp-link — tw-wr940n
 
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.2023-06-07not yet calculatedCVE-2023-33536
MISC
tp-link — tw-wr940n
 
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.2023-06-07not yet calculatedCVE-2023-33537
MISC
tp-link — tw-wr940n
 
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .2023-06-07not yet calculatedCVE-2023-33538
MISC
planet_technologies — wdrt-1800ax
 
An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.2023-06-07not yet calculatedCVE-2023-33553
MISC
MISC
totolink — a7100ru
 
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.2023-06-07not yet calculatedCVE-2023-33556
MISC
fuel_cms — fuel_cms
 
Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.2023-06-09not yet calculatedCVE-2023-33557
MISC
MISC
sourcecodester — faculty_evaluation_system
 
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user.2023-06-06not yet calculatedCVE-2023-33569
MISC
cpython — cpython
 
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.2023-06-07not yet calculatedCVE-2023-33595
MISC
MISC
phpok — phpok
 
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.2023-06-07not yet calculatedCVE-2023-33601
MISC
imperial_cms — imperial_cms
 
Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. This vulnerability is exploited by attackers via a crafted POST request.2023-06-07not yet calculatedCVE-2023-33604
MISC
axtls — axtls
 
axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key.2023-06-06not yet calculatedCVE-2023-33613
MISC
sitecore — experience_platform
 
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.2023-06-06not yet calculatedCVE-2023-33651
MISC
MISC
sitecore — experience_platform
 
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.2023-06-06not yet calculatedCVE-2023-33652
MISC
sitecore — experience_platform
 
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.2023-06-06not yet calculatedCVE-2023-33653
MISC
nanomq — nanomq
 
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.2023-06-08not yet calculatedCVE-2023-33657
MISC
MISC
MISC
nanomq — nanomq
 
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack.2023-06-08not yet calculatedCVE-2023-33658
MISC
MISC
MISC
nanomq — nanomq
 
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.2023-06-06not yet calculatedCVE-2023-33659
MISC
MISC
MISC
nanomq — nanomq
 
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.2023-06-08not yet calculatedCVE-2023-33660
MISC
MISC
MISC
db_elettronica_telecomunicazioni — spa_sft_dab 600/c
 
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.2023-06-06not yet calculatedCVE-2023-33684
MISC
sonicjs — sonicjs
 
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS.2023-06-05not yet calculatedCVE-2023-33690
MISC
MISC
easyplayerpro-win — easyplayerpro-win
 
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.2023-06-05not yet calculatedCVE-2023-33693
MISC
MISC
MISC
cloudpanel — cloudpanel
 
CloudPanel v2.2.2 allows attackers to execute a path traversal.2023-06-06not yet calculatedCVE-2023-33747
MISC
MISC
MISC
MISC
MISC
MISC
d-link — dir-842v2
 
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.2023-06-07not yet calculatedCVE-2023-33781
MISC
MISC
MISC
MISC
d-link — dir-842v2
 
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.2023-06-07not yet calculatedCVE-2023-33782
MISC
MISC
MISC
MISC
ibm — txseries_for_multiplatforms
 
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100.2023-06-08not yet calculatedCVE-2023-33846
MISC
MISC
MISC
MISC
ibm — txseries_for_multiplatforms
 
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.2023-06-08not yet calculatedCVE-2023-33847
MISC
MISC
MISC
MISC
ibm — txseries_for_multiplatforms
 
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104.2023-06-07not yet calculatedCVE-2023-33848
MISC
MISC
MISC
MISC
ibm — txseries_for_multiplatforms
 
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.2023-06-07not yet calculatedCVE-2023-33849
MISC
MISC
MISC
MISC
renderdoc — renderdoc
 
RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).2023-06-07not yet calculatedCVE-2023-33863
MISC
MISC
FULLDISC
MISC
renderdoc — renderdoc
 
RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2).2023-06-07not yet calculatedCVE-2023-33864
MISC
MISC
FULLDISC
MISC
renderdoc — renderdoc
 
RenderDoc through 1.26 allows local privilege escalation via a symlink attack.2023-06-07not yet calculatedCVE-2023-33865
MISC
MISC
FULLDISC
MISC
kanboard — kanboard
 
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application’s URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application’s security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-05not yet calculatedCVE-2023-33956
MISC
MISC
notaryproject — notation
 
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.2023-06-06not yet calculatedCVE-2023-33957
MISC
MISC
notaryproject — notation
 
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.2023-06-06not yet calculatedCVE-2023-33958
MISC
MISC
notaryproject — notation
 
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.2023-06-06not yet calculatedCVE-2023-33959
MISC
kanboard — kanboard
 
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-05not yet calculatedCVE-2023-33968
MISC
MISC
kanboard — kanboard
 
Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.2023-06-05not yet calculatedCVE-2023-33969
MISC
MISC
kanboard — kanboard
 
Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it’s a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-05not yet calculatedCVE-2023-33970
MISC
MISC
kiwi_tcms — kiwi_tcms
 
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded and Content-Security-Policy definition to prevent cross-site-scripting attacks. The upload validation checks were not 100% robust which left the possibility to circumvent them and upload a potentially dangerous file which allows execution of arbitrary JavaScript in the browser. Additionally we’ve discovered that Nginx’s `proxy_pass` directive will strip some headers negating protections built into Kiwi TCMS when served behind a reverse proxy. This issue has been addressed in version 12.4. Users are advised to upgrade. Users unable to upgrade who are serving Kiwi TCMS behind a reverse proxy should make sure that additional header values are still passed to the client browser. If they aren’t redefining them inside the proxy configuration.2023-06-06not yet calculatedCVE-2023-33977
MISC
MISC
MISC
MISC
MISC
thruk — thruk
 
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.2023-06-08not yet calculatedCVE-2023-34096
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
hoppscotch — hoppscotch
 
hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-05not yet calculatedCVE-2023-34097
MISC
MISC
contiki-ng — contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In particular, there is a 2-byte buffer read in the module os/net/ipv6/uip6.c. The buffer is indexed using ‘UIP_IPTCPH_LEN + 2 + c’ and ‘UIP_IPTCPH_LEN + 3 + c’, but the uip_buf buffer may not have enough data, resulting in a 2-byte read out of bounds. The problem has been patched in the “develop” branch of Contiki-NG, and is expected to be included in release 4.9. Users are advised to watch for the 4.9 release and to upgrade when it becomes available. There are no workarounds for this vulnerability aside from manually patching with the diff in commit `cde4e9839`.2023-06-09not yet calculatedCVE-2023-34100
MISC
MISC
avo — avo
 
Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made.2023-06-05not yet calculatedCVE-2023-34102
MISC
MISC
avo — avo
 
Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation.2023-06-05not yet calculatedCVE-2023-34103
MISC
MISC
fast-xml-parser — fast-xml-parser
 
fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option.2023-06-06not yet calculatedCVE-2023-34104
MISC
MISC
mailcow — mailcow
 
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the `passwd-verify.lua` script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of “password=<valid-password>”, indicating the successful authentication. By crafting a password with additional key-value pairs appended to it, an attacker can manipulate the returned string and influence the internal behavior of Dovecot. For example, using the password “123 mail_crypt_save_version=0” would cause the `passwd-verify.lua` script to return the string “password=123 mail_crypt_save_version=0”. Consequently, Dovecot will interpret this string and set the internal variables accordingly, leading to unintended consequences. This vulnerability can be exploited by an authenticated attacker who has the ability to set their own password. Successful exploitation of this vulnerability could result in unauthorized access to user accounts, bypassing security controls, or other malicious activities. This issue has been patched in version `2023-05a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-07not yet calculatedCVE-2023-34108
MISC
MISC
MISC
zxcvbn-ts — zxcvbn-ts
 
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with every function call. Browsers are impacted, too but a single user need to do a lot of input changes so that it affects the browser, while the node process gets the inputs of every user of a platform and can be killed that way. This problem has been patched in version 3.0.2. Users are advised to upgrade. Users unable to upgrade should stop using the second argument of the zxcvbn function and use the zxcvbnOptions.setOptions function.2023-06-07not yet calculatedCVE-2023-34109
MISC
MISC
taosdata — grafanaplugin
 
The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the workflow. This may allow an attacker to gain access to secrets which the github action has access to or to otherwise make use of the compute resources.2023-06-06not yet calculatedCVE-2023-34111
MISC
MISC
MISC
bytedeco — javacpp-presets
 
JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement – resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution.2023-06-09not yet calculatedCVE-2023-34112
MISC
MISC
snowflake-connector — snowflake-connector
 
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.2023-06-08not yet calculatedCVE-2023-34230
MISC
snowflake-connector — snowflake-connector
 
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.2023-06-08not yet calculatedCVE-2023-34231
MISC
MISC
MISC
snowflake-connector — snowflake-connector
 
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.2023-06-08not yet calculatedCVE-2023-34232
MISC
MISC
MISC
MISC
snowflake-connector — snowflake-connector
 
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue.2023-06-08not yet calculatedCVE-2023-34233
MISC
MISC
MISC
openzeppelin — openzeppelin-contracts
 
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.2023-06-07not yet calculatedCVE-2023-34234
MISC
MISC
sabnzbd — sabnzbd
 
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible.2023-06-07not yet calculatedCVE-2023-34237
MISC
MISC
MISC
MISC
gatsby — gatsby
 
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `–host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `[email protected]` and `[email protected]` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet.2023-06-08not yet calculatedCVE-2023-34238
MISC
MISC
MISC
gradio — gradio
 
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-08not yet calculatedCVE-2023-34239
MISC
MISC
MISC
tgstation — tgstation
 
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban.2023-06-08not yet calculatedCVE-2023-34243
MISC
MISC
udecode — plate
 
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. `@udecode/plate-link` 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to `[‘http’, ‘https’, ‘mailto’, ‘tel’]`. URLs using a scheme that isn’t in this list will not be rendered to the DOM. Users are advised to upgrade. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements.2023-06-09not yet calculatedCVE-2023-34245
MISC
MISC
progress — moveit_transfer
 
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer’s database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.2023-06-02not yet calculatedCVE-2023-34362
MISC
progress — datadirect_connect
 
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used.2023-06-09not yet calculatedCVE-2023-34363
MISC
CONFIRM
progress — datadirect_connect
 
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.2023-06-09not yet calculatedCVE-2023-34364
MISC
CONFIRM
percona — percona_monitoring_and_management
 
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.2023-06-06not yet calculatedCVE-2023-34409
MISC
qt — qt
 
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.2023-06-05not yet calculatedCVE-2023-34410
MISC
MISC
xml-rs_crate — xml-rs_crate
 
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.2023-06-05not yet calculatedCVE-2023-34411
MISC
MISC
MISC
MISC
tenda — ac10
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.2023-06-08not yet calculatedCVE-2023-34566
MISC
tenda — ac10
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.2023-06-08not yet calculatedCVE-2023-34567
MISC
tenda — ac10
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.2023-06-08not yet calculatedCVE-2023-34568
MISC
tenda — ac10
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.2023-06-08not yet calculatedCVE-2023-34569
MISC
tenda — ac10
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.2023-06-08not yet calculatedCVE-2023-34570
MISC
tenda — ac10
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.2023-06-08not yet calculatedCVE-2023-34571
MISC
d-link — di-7500g
 
A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.2023-06-09not yet calculatedCVE-2023-34856
MISC
chamilo — chamilo
 
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document’s ID.2023-06-08not yet calculatedCVE-2023-34958
MISC
MISC
chamilo — chamilo
 
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.2023-06-08not yet calculatedCVE-2023-34959
MISC
MISC
MISC
MISC
chamilo — chamilo
 
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.2023-06-08not yet calculatedCVE-2023-34961
MISC
MISC
chamilo — chamilo
 
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student’s personal notes.2023-06-08not yet calculatedCVE-2023-34962
MISC
MISC
MISC
d-bus — d-bus
 
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.2023-06-08not yet calculatedCVE-2023-34969
MISC

Back to top

 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn