US-CERT Vulnerability Summary for the Week of May 1, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ip-finder — ip_blacklist_cloud | A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability. | 2023-05-01 | 9.8 | CVE-2015-10105MISCMISCMISCMISC |
opentext — bizmanager | OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | 2023-05-01 | 9.8 | CVE-2022-35898MISCMISC |
sage — sage_300 | The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key (“LandlordPassKey”) to encrypt and decrypt secrets stored in configuration files and in database tables. | 2023-04-28 | 9.8 | CVE-2022-41397MISC |
sage — sage_300 | Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | 2023-04-28 | 9.8 | CVE-2022-41400MISC |
resort_reservation_system_project — resort_reservation_system | A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639. | 2023-04-28 | 9.8 | CVE-2023-2363MISCMISCMISC |
faculty_evaluation_system_project — faculty_evaluation_system | A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability. | 2023-04-28 | 9.8 | CVE-2023-2365MISCMISCMISC |
faculty_evaluation_system_project — faculty_evaluation_system | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability. | 2023-04-28 | 9.8 | CVE-2023-2366MISCMISCMISC |
faculty_evaluation_system_project — faculty_evaluation_system | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643. | 2023-04-28 | 9.8 | CVE-2023-2367MISCMISCMISC |
faculty_evaluation_system_project — faculty_evaluation_system | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644. | 2023-04-28 | 9.8 | CVE-2023-2368MISCMISCMISC |
faculty_evaluation_system_project — faculty_evaluation_system | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability. | 2023-04-28 | 9.8 | CVE-2023-2369MISCMISCMISC |
online_dj_management_system_project — online_dj_management_system | A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability. | 2023-04-28 | 9.8 | CVE-2023-2370MISCMISCMISC |
online_dj_management_system_project — online_dj_management_system | A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647. | 2023-04-28 | 9.8 | CVE-2023-2371MISCMISCMISC |
phpmyfaq — phpmyfaq | Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | 2023-04-30 | 9.8 | CVE-2023-2429MISCCONFIRM |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section. | 2023-04-28 | 9.8 | CVE-2023-28473MISCMISC |
antabot_white-jotter_project — antabot_white-jotter | File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. | 2023-05-01 | 9.8 | CVE-2023-29635MISCMISC |
milesight — ms-n5008-uc_firmware | This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.
Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device. |
2023-04-28 | 9.8 | CVE-2023-30466MISC |
milesight — ms-n5008-uc_firmware | This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.
Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device. |
2023-04-28 | 9.8 | CVE-2023-30467MISC |
zyxel — nbg6604_firmware | The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | 2023-05-01 | 8.8 | CVE-2023-22919CONFIRM |
dedecms — dedecms | A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. | 2023-04-29 | 8.8 | CVE-2023-2424MISCMISCMISC |
nginx — management_suite | NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2023-05-03 | 8.1 | CVE-2023-28656MISC |
sage — sage_300 | On versions of Sage 300 2017 – 2022 (6.4.x – 6.9.x) which are setup in a “Windows Peer-to-Peer Network” or “Client Server Network” configuration, a low-privileged Sage 300 workstation user could abuse their access to the “SharedData” folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | 2023-04-28 | 7.8 | CVE-2022-38583MISCMISC |
jetbrains — toolbox | In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | 2023-04-28 | 7.8 | CVE-2022-48481MISC |
linux — linux_kernel | A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.
The perf_group_detach function did not check the event’s siblings’ attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. |
2023-05-01 | 7.8 | CVE-2023-2235MISCMISC |
linux — linux_kernel | A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.
Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4. |
2023-05-01 | 7.8 | CVE-2023-2236MISCMISC |
linux — linux_kernel | A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.
The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX. We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d. |
2023-05-01 | 7.8 | CVE-2023-2248MISCMISC |
ibm — aix | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | 2023-04-28 | 7.8 | CVE-2023-28528MISCMISC |
linux — linux_kernel | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | 2023-04-28 | 7.8 | CVE-2023-31436MISCMISCMISC |
powersoft — powersoft | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device. | 2023-05-04 | 7.5 | CVE-2017-20184MISC |
sage — sage_300 | The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | 2023-04-28 | 7.5 | CVE-2022-41398MISC |
sage — sage_300 | The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key (“PASS_KEY”) to encrypt and decrypt the database connection string for the PORTAL database found in the “dbconfig.xml”. This issue could allow attackers to obtain access to the SQL database. | 2023-04-28 | 7.5 | CVE-2022-41399MISC |
zyxel — nbg-418n_firmware | A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | 2023-05-01 | 7.5 | CVE-2023-22921CONFIRM |
zyxel — nbg-418n_firmware | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device. | 2023-05-01 | 7.5 | CVE-2023-22922CONFIRM |
lfprojects — mlflow | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | 2023-04-28 | 7.5 | CVE-2023-2356MISCCONFIRM |
acronis — cyber_infrastructure | Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. | 2023-04-28 | 7.5 | CVE-2023-2360MISC |
obsidian — obsidian | An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | 2023-05-01 | 7.5 | CVE-2023-27035MISCMISCMISC |
f5 — big-ip | Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-05-03 | 7.5 | CVE-2023-27378MISC |
ibm — safer_payments | IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190. | 2023-04-28 | 7.5 | CVE-2023-27556MISCMISCMISC |
ibm — safer_payments | IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | 2023-04-28 | 7.5 | CVE-2023-27557MISCMISC |
trustwave — modsecurity | Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | 2023-04-28 | 7.5 | CVE-2023-28882CONFIRM |
f5 — big-ip | When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-05-03 | 7.5 | CVE-2023-29163MISC |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-05-05 | 7.5 | CVE-2023-29350MISC |
dlink — dir-879_firmware | D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | 2023-05-01 | 7.5 | CVE-2023-30061MISCMISC |
dlink — dir-890l_firmware | D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. | 2023-05-01 | 7.5 | CVE-2023-30063MISCMISC |
f5 — big-ip | An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-05-03 | 7.4 | CVE-2023-24461MISC |
f5 — big-ip | When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2023-05-03 | 7.2 | CVE-2023-28742MISC |
nginx — management_suite | NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2023-05-03 | 7.1 | CVE-2023-28724MISC |
Medium Vulnerabilities
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
zyxel — nbg-418n_firmware | A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. | 2023-05-01 | 6.5 | CVE-2023-22923CONFIRM |
netgear — srx5308_firmware | A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 6.5 | CVE-2023-2380MISCMISCMISC |
ac_repair_and_services_system_project — ac_repair_and_services_system | A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability. | 2023-04-28 | 6.5 | CVE-2023-2408MISCMISCMISC |
ac_repair_and_services_system_project — ac_repair_and_services_system | A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703. | 2023-04-28 | 6.5 | CVE-2023-2409MISCMISCMISC |
ac_repair_and_services_system_project — ac_repair_and_services_system | A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704. | 2023-04-28 | 6.5 | CVE-2023-2410MISCMISCMISC |
ac_repair_and_services_system_project — ac_repair_and_services_system | A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability. | 2023-04-28 | 6.5 | CVE-2023-2411MISCMISCMISC |
ac_repair_and_services_system_project — ac_repair_and_services_system | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability. | 2023-04-29 | 6.5 | CVE-2023-2412MISCMISCMISC |
ac_repair_and_services_system_project — ac_repair_and_services_system | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707. | 2023-04-29 | 6.5 | CVE-2023-2413MISCMISCMISC |
konga_project — konga | An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. | 2023-05-01 | 6.5 | CVE-2023-26987MISCMISCMISC |
woocommerce — icons_for_features | A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. | 2023-04-30 | 6.1 | CVE-2015-10104MISCMISCMISCMISC |
hongcms_project — hongcms | Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | 2023-04-28 | 6.1 | CVE-2020-21643MISC |
boxbilling — boxbilling | Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | 2023-04-28 | 6.1 | CVE-2020-23647MISC |
netgear — srx5308_firmware | A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 6.1 | CVE-2023-2395MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 6.1 | CVE-2023-2396MISCMISCMISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | 2023-04-28 | 6.1 | CVE-2023-28475MISCMISC |
qbian61_forum-java_project — qbian61_forum-java | Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the “article editor” page. | 2023-05-01 | 6.1 | CVE-2023-29637MISC |
ipandao — editor.md | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. | 2023-05-01 | 6.1 | CVE-2023-29641MISC |
f5 — big-ip | In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-05-03 | 5.9 | CVE-2023-22372MISC |
wpdownloadmanager — gutenberg_blocks_for_wordpress_download_manager | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions. | 2023-05-03 | 5.4 | CVE-2023-22713MISC |
pimcore — pimcore | Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-28 | 5.4 | CVE-2023-2361CONFIRMMISC |
resort_reservation_system_project — resort_reservation_system | A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640. | 2023-04-28 | 5.4 | CVE-2023-2364MISCMISCMISC |
themeisle — visualizer | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions. | 2023-05-03 | 5.4 | CVE-2023-23708MISC |
properfraction — profilepress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions. | 2023-05-03 | 5.4 | CVE-2023-23820MISC |
metaphorcreations — ditty | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. | 2023-05-03 | 5.4 | CVE-2023-23874MISC |
tms-outsource — wpdatatables | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions. | 2023-05-03 | 5.4 | CVE-2023-23876MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | 2023-04-30 | 5.4 | CVE-2023-2428CONFIRMMISC |
olevmedia — olevmedia_shortcodes | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions. | 2023-05-03 | 5.4 | CVE-2023-25798MISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name. | 2023-04-28 | 5.4 | CVE-2023-28471MISCMISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search. | 2023-04-28 | 5.4 | CVE-2023-28474MISCMISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files. | 2023-04-28 | 5.4 | CVE-2023-28476MISCMISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter. | 2023-04-28 | 5.4 | CVE-2023-28477MISCMISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names. | 2023-04-28 | 5.4 | CVE-2023-28819MISCMISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. | 2023-04-28 | 5.4 | CVE-2023-28820MISCMISC |
f5 — big-iq | An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-05-03 | 5.4 | CVE-2023-29240MISC |
zhenfeng13_my-blog_project — zhenfeng13_my-blog | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the “title” field in the “blog management” page due to the the default configuration not using MyBlogUtils.cleanString. | 2023-05-01 | 5.4 | CVE-2023-29636MISC |
zhenfeng13_my-blog_project — zhenfeng13_my-blog | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the “blog article” page due to the default configuration not utilizing MyBlogUtils.cleanString. | 2023-05-01 | 5.4 | CVE-2023-29639MISC |
perfreeblog_project — perfreeblog | Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. | 2023-05-01 | 5.4 | CVE-2023-29643MISC |
wuzhicms — wuzhicms | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | 2023-04-28 | 5.4 | CVE-2023-30123MISC |
ibm — safer_payments | IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052. | 2023-04-28 | 5.3 | CVE-2020-4729MISCMISC |
f5 — big-ip | When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2023-05-03 | 5.3 | CVE-2023-24594MISC |
kaiostech — kaios | An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user’s call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user’s call logs to a remote server via XMLHttpRequest or Fetch. | 2023-05-01 | 5.3 | CVE-2023-27108MISCMISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies. | 2023-04-28 | 5.3 | CVE-2023-28472MISCMISC |
concretecms — concrete_cms | Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. | 2023-04-28 | 5.3 | CVE-2023-28821MISCMISC |
zyxel — nbg-418n_firmware | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | 2023-05-01 | 4.9 | CVE-2023-22924CONFIRM |
wptablebuilder — wp_table_builder | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions. | 2023-05-03 | 4.8 | CVE-2022-46852MISC |
clio — clio_grow | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themis Solutions, Inc. Clio Grow plugin <= 1.0.0 versions. | 2023-05-03 | 4.8 | CVE-2023-22683MISC |
online_dj_management_system_project — online_dj_management_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648. | 2023-04-28 | 4.8 | CVE-2023-2372MISCMISCMISC |
exquisite_paypal_donation_project — exquisite_paypal_donation | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions. | 2023-05-03 | 4.8 | CVE-2023-23785MISC |
netgear — srx5308_firmware | A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2381MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2382MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2383MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2384MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2385MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2386MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2387MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2388MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2389MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2390MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2391MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2392MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2393MISCMISCMISC |
netgear — srx5308_firmware | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | 4.8 | CVE-2023-2394MISCMISCMISC |
simple_mobile_comparison_website_project — simple_mobile_comparison_website | A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675. | 2023-04-28 | 4.8 | CVE-2023-2397MISCMISCMISC |
simple_student_information_system_project — simple_student_information_system | A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751. | 2023-04-29 | 4.8 | CVE-2023-2425MISCMISCMISC |
firecask_like_\&_share_button_project — firecask_like_\&_share_button | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions. | 2023-05-03 | 4.8 | CVE-2023-25783MISC |
sticky_ad_bar_project — sticky_ad_bar | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions. | 2023-05-03 | 4.8 | CVE-2023-25784MISC |
eyes_only_user_access_shortcode_project — eyes_only_user_access_shortcode | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions. | 2023-05-03 | 4.8 | CVE-2023-25786MISC |
tapfiliate — tapfiliate | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions. | 2023-05-03 | 4.8 | CVE-2023-25789MISC |
wp_baidu_submit_project — wp_baidu_submit | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions. | 2023-05-03 | 4.8 | CVE-2023-25796MISC |
total-soft — video_gallery | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions. | 2023-05-03 | 4.8 | CVE-2023-25979MISC |
microsoft — edge | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-05-05 | 4.7 | CVE-2023-29354MISC |
f5 — big-ip | A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2023-05-03 | 4.3 | CVE-2023-28406MISC |
Low Vulnerabilities
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
hashicorp — vault | HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 | 2023-05-01 | 2.5 | CVE-2023-2197MISC |
Severity Not Yet Assigned
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress — wordpress | A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability. | 2023-05-02 | not yet calculated | CVE-2013-10026MISCMISCMISC |
wordpress — wordpress | A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764. | 2023-05-02 | not yet calculated | CVE-2014-125100MISCMISCMISC |
wordpress — wordpress | A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability. | 2023-05-06 | not yet calculated | CVE-2016-15031MISCMISCMISCMISC |
cyberark — viewfinity | In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the “add printer” option. | 2023-05-03 | not yet calculated | CVE-2017-11197MISCMISC |
wordpress — wordpress | A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability. | 2023-05-05 | not yet calculated | CVE-2017-20183MISCMISCMISCMISC |
drupal — responsive_meus | A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755. | 2023-05-01 | not yet calculated | CVE-2018-25085MISCMISCMISCMISCMISC |
redox_os — redox_os | redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs. | 2023-05-03 | not yet calculated | CVE-2020-22429MISCMISC |
ibm — cloud_park_system_software_Suite | IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. | 2023-05-05 | not yet calculated | CVE-2020-4914MISCMISC |
apache — ranger_hive_plugin | An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later. |
2023-05-05 | not yet calculated | CVE-2021-40331MISC |
ibm — qradar_data_ aynchronizatio_app | IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | 2023-05-06 | not yet calculated | CVE-2022-22313MISCMISC |
qualcomm — snapdragon | Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key. | 2023-05-02 | not yet calculated | CVE-2022-25713MISC |
nokia — one_nds | In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | 2023-05-02 | not yet calculated | CVE-2022-30759MISCMISC |
acronis — multiple_products | Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | 2023-05-03 | not yet calculated | CVE-2022-30995MISC |
qualcomm — snapdragon | Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation. | 2023-05-02 | not yet calculated | CVE-2022-33273MISC |
qualcomm — snapdragon | Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames. | 2023-05-02 | not yet calculated | CVE-2022-33281MISC |
qualcomm — snapdragon | Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it. | 2023-05-02 | not yet calculated | CVE-2022-33292MISC |
qualcomm — snapdragon | Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet. | 2023-05-02 | not yet calculated | CVE-2022-33304MISC |
qualcomm — snapdragon | Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH. | 2023-05-02 | not yet calculated | CVE-2022-33305MISC |
acronis — multiple_products | Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | 2023-05-03 | not yet calculated | CVE-2022-3405MISCMISC |
qualcomm — snapdragon | Transient DOS due to reachable assertion in Modem during OSI decode scheduling. | 2023-05-02 | not yet calculated | CVE-2022-34144MISC |
ibm — congos_command_center | IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. | 2023-05-05 | not yet calculated | CVE-2022-38707MISCMISC |
ibm — websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. | 2023-05-03 | not yet calculated | CVE-2022-39161MISCMISC |
frrouting — frrouting | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. | 2023-05-03 | not yet calculated | CVE-2022-40302MISC |
frrouting — frrouting | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. | 2023-05-03 | not yet calculated | CVE-2022-40318MISC |
qualcomm — snapdragon | Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | 2023-05-02 | not yet calculated | CVE-2022-40504MISC |
qualcomm — snapdragon | Information disclosure due to buffer over-read in Modem while parsing DNS hostname. | 2023-05-02 | not yet calculated | CVE-2022-40505MISC |
qualcomm — snapdragon | Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. | 2023-05-02 | not yet calculated | CVE-2022-40508MISC |
ibm – spectrum_scale_container_native_storage_access | IBM Spectrum Scale Container Native Storage Access
5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810. |
2023-04-29 | not yet calculated | CVE-2022-41736MISCMISC |
nozomi_networks — multiple_products | Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. | 2023-05-04 | not yet calculated | CVE-2022-4259MISC |
frrouting — frrouting | An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. | 2023-05-03 | not yet calculated | CVE-2022-43681MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. | 2023-05-03 | not yet calculated | CVE-2022-4376MISCCONFIRMMISC |
ibm – maximo_asset_management | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. | 2023-05-05 | not yet calculated | CVE-2022-43866MISCMISC |
ibm — financial_transaction_manager_swift_services | IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. | 2023-04-29 | not yet calculated | CVE-2022-43871MISCMISC |
ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | 2023-05-06 | not yet calculated | CVE-2022-43877MISCMISC |
ibm — mq | IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. | 2023-05-05 | not yet calculated | CVE-2022-43919MISCMISC |
fortiguard — fortinac | A URL redirection to untrusted site (‘Open Redirect’) vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. |
2023-05-03 | not yet calculated | CVE-2022-43950MISC |
apache — ranger | Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0. | 2023-05-05 | not yet calculated | CVE-2022-45048MISC |
lenovo — system_update | A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | 2023-05-01 | not yet calculated | CVE-2022-4568MISC |
apache — streampark | Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later. |
2023-05-01 | not yet calculated | CVE-2022-45801MISC |
apache — streampark | Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later | 2023-05-01 | not yet calculated | CVE-2022-45802MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions. | 2023-05-04 | not yet calculated | CVE-2022-45818MISC |
fortiguard — fortinac | A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. | 2023-05-03 | not yet calculated | CVE-2022-45858MISC |
fortiguard — fortinac | An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users’ passwords. | 2023-05-03 | not yet calculated | CVE-2022-45859MISC |
fortiguard — fortinac | A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. | 2023-05-03 | not yet calculated | CVE-2022-45860MISC |
apache — streampark | Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later. | 2023-05-01 | not yet calculated | CVE-2022-46365MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions. | 2023-05-04 | not yet calculated | CVE-2022-47434MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions. | 2023-05-04 | not yet calculated | CVE-2022-47449MISC |
imo.im — imo.im | In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application’s data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution. | 2023-05-04 | not yet calculated | CVE-2022-47757MISC |
jedox — gmbh | Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class ‘com.jedox.etl.mngr.Connections’ and method ‘getGlobalConnection’. | 2023-05-02 | not yet calculated | CVE-2022-47874MISCMISC |
jedox — gmbh | A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. | 2023-05-02 | not yet calculated | CVE-2022-47875MISCMISC |
jedox — gmbh | The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. | 2023-05-02 | not yet calculated | CVE-2022-47876MISCMISC |
jedox — gmbh | A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module ‘log’. | 2023-05-02 | not yet calculated | CVE-2022-47877MISCMISC |
jedox — gmbh | Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. | 2023-05-02 | not yet calculated | CVE-2022-47878MISCMISC |
lenovo — baiying_for_android | A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | 2023-05-01 | not yet calculated | CVE-2022-48186MISC |
3cx — security_hotfix | 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. | 2023-05-02 | not yet calculated | CVE-2022-48482MISCMISC |
3cx — security_hotfix | 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. | 2023-05-02 | not yet calculated | CVE-2022-48483MISCMISC |
gitlab — multiple_products | An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown | 2023-05-03 | not yet calculated | CVE-2023-0155CONFIRMMISCMISC |
gitlab — multiple_products | An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork. | 2023-05-03 | not yet calculated | CVE-2023-0485MISCMISCCONFIRM |
lenovo — xcc | A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | 2023-05-01 | not yet calculated | CVE-2023-0683MISC |
gitlab — multiple_products | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. | 2023-05-03 | not yet calculated | CVE-2023-0756MISCMISCCONFIRM |
gitlab — ee | An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | 2023-05-03 | not yet calculated | CVE-2023-0805CONFIRMMISCMISC |
wordpress — wordpress | The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-05-02 | not yet calculated | CVE-2023-0891MISC |
lenovo — smart_clock_essential_with_alexa_built_in | A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. | 2023-05-01 | not yet calculated | CVE-2023-0896MISC |
wordpress — wordpress | The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. | 2023-05-02 | not yet calculated | CVE-2023-0924MISC |
wordpress — wordpress | The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-05-02 | not yet calculated | CVE-2023-1021MISC |
wordpress — wordpress | The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-05-02 | not yet calculated | CVE-2023-1090MISCMISC |
wordpress — wordpress | The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own. | 2023-05-02 | not yet calculated | CVE-2023-1125MISC |
gitlab — multiple_products | An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. | 2023-05-03 | not yet calculated | CVE-2023-1178MISCCONFIRMMISC |
wordpress — wordpress | The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. | 2023-05-02 | not yet calculated | CVE-2023-1196MISCMISC |
gitlab — multiple_products | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. | 2023-05-03 | not yet calculated | CVE-2023-1204MISCCONFIRMMISC |
gitlab — multiple_products | An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. | 2023-05-03 | not yet calculated | CVE-2023-1265MISCCONFIRMMISC |
amazon –fire_tv_stick | An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.
This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. |
2023-05-03 | not yet calculated | CVE-2023-1383MISC |
amazon — fire_tv_stick | The setMediaSource function on the amzn.thin.pl service does not sanitize the “source” parameter allowing for arbitrary javascript code to be run
This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. |
2023-05-03 | not yet calculated | CVE-2023-1384MISC |
amazon — fire_tv_stick | Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.
This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. |
2023-05-03 | not yet calculated | CVE-2023-1385MISC |
wordpress — wordpress | The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-05-02 | not yet calculated | CVE-2023-1525MISC |
wordpress — wordpress | The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 2023-05-02 | not yet calculated | CVE-2023-1546MISC |
wordpress — wordpress | The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-05-02 | not yet calculated | CVE-2023-1554MISC |
wordpress — wordpress | The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-05-02 | not yet calculated | CVE-2023-1614MISC |
wordpress — wordpress | The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 2023-05-02 | not yet calculated | CVE-2023-1669MISC |
wordpress — wordpress | The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks | 2023-05-02 | not yet calculated | CVE-2023-1730MISC |
wordpress — wordpress | The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. | 2023-05-02 | not yet calculated | CVE-2023-1804MISC |
wordpress — wordpress | The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-05-02 | not yet calculated | CVE-2023-1805MISC |
wordpress — wordpress | The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. | 2023-05-02 | not yet calculated | CVE-2023-1809MISC |
gitlab — gitlab | A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in “raw” mode, it can be made to render as HTML if viewed under specific circumstances | 2023-05-03 | not yet calculated | CVE-2023-1836CONFIRMMISCMISC |
wordpress — wordpress | The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | 2023-05-02 | not yet calculated | CVE-2023-1861MISC |
puppet — puppet_enterprise/puppet_server | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | 2023-05-04 | not yet calculated | CVE-2023-1894MISC |
wordpress — wordpress | The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example | 2023-05-02 | not yet calculated | CVE-2023-1911MISC |
gitlab — gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn’t enabled by default. | 2023-05-03 | not yet calculated | CVE-2023-1965MISCCONFIRMMISC |
mattermost — mattermost | Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | 2023-05-02 | not yet calculated | CVE-2023-2000MISC |
cisco — small_business_ip_phones | A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability. | 2023-05-04 | not yet calculated | CVE-2023-20126CISCO |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. | 2023-05-03 | not yet calculated | CVE-2023-2069MISCCONFIRMMISC |
samsung — andriod_devices | Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. | 2023-05-04 | not yet calculated | CVE-2023-21484MISC |
samsung — andriod_devices | Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | 2023-05-04 | not yet calculated | CVE-2023-21485MISC |
samsung — andriod_devices | Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | 2023-05-04 | not yet calculated | CVE-2023-21486MISC |
samsung — andriod_devices | Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting. | 2023-05-04 | not yet calculated | CVE-2023-21487MISC |
samsung — andriod_devices | Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips. | 2023-05-04 | not yet calculated | CVE-2023-21488MISC |
samsung — andriod_devices | Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code. | 2023-05-04 | not yet calculated | CVE-2023-21489MISC |
samsung — andriod_devices | Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | 2023-05-04 | not yet calculated | CVE-2023-21490MISC |
samsung — andriod_devices | Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. | 2023-05-04 | not yet calculated | CVE-2023-21491MISC |
samsung — andriod_devices | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | 2023-05-04 | not yet calculated | CVE-2023-21492MISC |
samsung — andriod_devices | Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | 2023-05-04 | not yet calculated | CVE-2023-21493MISC |
samsung — andriod_devices | Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | 2023-05-04 | not yet calculated | CVE-2023-21494MISC |
samsung — andriod_devices | Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. | 2023-05-04 | not yet calculated | CVE-2023-21495MISC |
samsung — andriod_devices | Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | 2023-05-04 | not yet calculated | CVE-2023-21496MISC |
samsung — andriod_devices | Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. | 2023-05-04 | not yet calculated | CVE-2023-21497MISC |
msamsung — andriod_devices | Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. | 2023-05-04 | not yet calculated | CVE-2023-21498MISC |
samsung — andriod_devices | Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-05-04 | not yet calculated | CVE-2023-21499MISC |
samsung — andriod_devices | Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. | 2023-05-04 | not yet calculated | CVE-2023-21500MISC |
samsung — andriod_devices | Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-05-04 | not yet calculated | CVE-2023-21501MISC |
samsung — andriod_devices | Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. | 2023-05-04 | not yet calculated | CVE-2023-21502MISC |
samsung — andriod_devices | Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | 2023-05-04 | not yet calculated | CVE-2023-21503MISC |
samsung — andriod_devices | Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | 2023-05-04 | not yet calculated | CVE-2023-21504MISC |
samsung — core_service | Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | 2023-05-04 | not yet calculated | CVE-2023-21505MISC |
samsung_mobile — blockchain_keystore | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. | 2023-05-04 | not yet calculated | CVE-2023-21506MISC |
samsung_mobile — blockchain_keystore | Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | 2023-05-04 | not yet calculated | CVE-2023-21507MISC |
samsung_mobile — blockchain_keystore | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. | 2023-05-04 | not yet calculated | CVE-2023-21508MISC |
samsung_mobile — blockchain_keystore | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. | 2023-05-04 | not yet calculated | CVE-2023-21509MISC |
samsung_mobile — blockchain_keystore | Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | 2023-05-04 | not yet calculated | CVE-2023-21510MISC |
samsung_mobile — blockchain_keystore | Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | 2023-05-04 | not yet calculated | CVE-2023-21511MISC |
qualcomm — snapdragon | Memory corruption in HAB Memory management due to broad system privileges via physical address. | 2023-05-02 | not yet calculated | CVE-2023-21642MISC |
qualcomm — snapdragon | Memory corruption in Graphics while importing a file. | 2023-05-02 | not yet calculated | CVE-2023-21665MISC |
qualcomm — snapdragon | Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. | 2023-05-02 | not yet calculated | CVE-2023-21666MISC |
gitlab — gitlab_enterprise_edition | An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as ‘external’ to become ‘regular’ users thus leading to privilege escalation for those users. | 2023-05-03 | not yet calculated | CVE-2023-2182CONFIRMMISC |
octopus_deploy — octopus_server | In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | 2023-05-02 | not yet calculated | CVE-2023-2247MISC |
atlassian — confluence | Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.
This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0. |
2023-05-01 | not yet calculated | CVE-2023-22503MISC |
fortinet — fortinac | An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. | 2023-05-03 | not yet calculated | CVE-2023-22637MISC |
fortinet — forties_fortiproxy | A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. | 2023-05-03 | not yet calculated | CVE-2023-22640MISC |
suse — rancher | Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher’s admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. |
2023-05-04 | not yet calculated | CVE-2023-22651MISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions. | 2023-05-03 | not yet calculated | CVE-2023-22691MISC |
ibm — mq_clients | IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. | 2023-05-05 | not yet calculated | CVE-2023-22874MISCMISC |
geovision — gv-edge_recording_manager | An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | 2023-05-04 | not yet calculated | CVE-2023-23059MISCMISCMISC |
ibm — ibm_i | IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510. | 2023-05-04 | not yet calculated | CVE-2023-23470MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. | 2023-05-02 | not yet calculated | CVE-2023-23723MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions. | 2023-05-03 | not yet calculated | CVE-2023-23790MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions. | 2023-05-03 | not yet calculated | CVE-2023-23808MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Moris Dov Stock market charts from finviz plugin <= 1.0.1 versions. | 2023-05-03 | not yet calculated | CVE-2023-23809MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions. | 2023-05-03 | not yet calculated | CVE-2023-23830MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions. | 2023-05-03 | not yet calculated | CVE-2023-23875MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions. | 2023-05-03 | not yet calculated | CVE-2023-23881MISC |
ks-soft — advanced_host_monitor | A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability. | 2023-04-29 | not yet calculated | CVE-2023-2417MISCMISCMISC |
konga — konga | A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715. | 2023-04-29 | not yet calculated | CVE-2023-2418MISCMISCMISC |
zhong_bang_crmeb — zhong_bang_crmeb | A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716. | 2023-04-29 | not yet calculated | CVE-2023-2419MISCMISCMISC |
mlecms — mlecms | A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER[‘REQUEST_URI’] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability. | 2023-04-29 | not yet calculated | CVE-2023-2420MISCMISCMISC |
control_id — rhid | A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-29 | not yet calculated | CVE-2023-2421MISCMISCMISC |
vim — vim | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | 2023-04-29 | not yet calculated | CVE-2023-2426CONFIRMMISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | 2023-05-05 | not yet calculated | CVE-2023-2427MISCCONFIRM |
devolutions_inc — devolutions_server | Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name. | 2023-05-02 | not yet calculated | CVE-2023-2445MISC |
sourcecodester — online_dj_management_system | A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795. | 2023-05-01 | not yet calculated | CVE-2023-2451MISCMISCMISC |
google — chrome | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-03 | not yet calculated | CVE-2023-2459MISCMISCMISCMISC |
google — chrome | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-03 | not yet calculated | CVE-2023-2460MISCMISCMISCMISC |
google — chrome | Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) | 2023-05-03 | not yet calculated | CVE-2023-2461MISCMISCMISCMISC |
google — chrome | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-03 | not yet calculated | CVE-2023-2462MISCMISCMISCMISC |
google — chrome | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-03 | not yet calculated | CVE-2023-2463MISCMISCMISCMISC |
google — chrome | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-03 | not yet calculated | CVE-2023-2464MISCMISCMISCMISC |
google — chrome | Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-03 | not yet calculated | CVE-2023-2465MISCMISCMISCMISC |
google — chrome | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) | 2023-05-03 | not yet calculated | CVE-2023-2466MISCMISCMISCMISC |
google — chrome | Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) | 2023-05-03 | not yet calculated | CVE-2023-2467MISCMISCMISCMISC |
google — chrome | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) | 2023-05-03 | not yet calculated | CVE-2023-2468MISCMISCMISCMISC |
dreamer_cms — dreamer_cms | A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860. | 2023-05-02 | not yet calculated | CVE-2023-2473MISCMISCMISC |
rebuild — rebuild | A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability. | 2023-05-02 | not yet calculated | CVE-2023-2474MISCMISCMISC |
rediker_software — adminplus | Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM. | 2023-05-03 | not yet calculated | CVE-2023-24744MISC |
dromara — j2eefast | A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument ?? leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867. | 2023-05-02 | not yet calculated | CVE-2023-2475MISCMISCMISCMISC |
dromara — j2eefast | A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868. | 2023-05-02 | not yet calculated | CVE-2023-2476MISCMISCMISCMISC |
funadmin — funadmin | A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability. | 2023-05-02 | not yet calculated | CVE-2023-2477MISCMISCMISC |
appium — appium | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | 2023-05-02 | not yet calculated | CVE-2023-2479CONFIRMMISC |
ibm — business_automation_workflow | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115. | 2023-05-06 | not yet calculated | CVE-2023-24957MISCMISC |
ibm — virtualization_engine_ts7700 | A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320. | 2023-05-04 | not yet calculated | CVE-2023-24958MISCMISC |
teampass — teampass | Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | 2023-05-05 | not yet calculated | CVE-2023-2516MISCCONFIRM |
caton — ctp_relay_server | A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-04 | not yet calculated | CVE-2023-2519MISCMISC |
caton — prime | A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228011. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-04 | not yet calculated | CVE-2023-2520MISCMISCMISC |
nextu — next-7004n | A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-04 | not yet calculated | CVE-2023-2521MISCMISC |
chengdu — vec40g | A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-04 | not yet calculated | CVE-2023-2522MISCMISCMISC |
weaver — e-office | A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-04 | not yet calculated | CVE-2023-2523MISCMISCMISC |
control_id — rhid | A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-04 | not yet calculated | CVE-2023-2524MISCMISC |
virtualreception_digital_receptie — virtualreception_digital_receptie | Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request. | 2023-05-04 | not yet calculated | CVE-2023-25289MISC |
azuracast — azuracast | Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3. | 2023-05-05 | not yet calculated | CVE-2023-2531CONFIRMMISC |
genomedics — millegp5 | An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. | 2023-05-04 | not yet calculated | CVE-2023-25438MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions. | 2023-05-04 | not yet calculated | CVE-2023-25458MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions. | 2023-05-06 | not yet calculated | CVE-2023-25491MISC |
lenovo — xclarity_controller | A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. | 2023-05-01 | not yet calculated | CVE-2023-25492MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | 2023-05-05 | not yet calculated | CVE-2023-2550MISCCONFIRM |
unilogies — bumsys | PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. | 2023-05-05 | not yet calculated | CVE-2023-2551MISCCONFIRM |
unilogies — bumsys | Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1. | 2023-05-05 | not yet calculated | CVE-2023-2552CONFIRMMISC |
unilogies — bumsys | Cross-site Scripting (XSS) – Stored in GitHub repository unilogies/bumsys prior to 2.2.0. | 2023-05-05 | not yet calculated | CVE-2023-2553CONFIRMMISC |
unilogies — bumsys | External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. | 2023-05-05 | not yet calculated | CVE-2023-2554CONFIRMMISC |
jja8 — newbinggogo | A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167. | 2023-05-06 | not yet calculated | CVE-2023-2560MISCMISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions. | 2023-05-03 | not yet calculated | CVE-2023-25787MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions. | 2023-05-03 | not yet calculated | CVE-2023-25792MISC |
wordpress — wordpress | Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. | 2023-05-03 | not yet calculated | CVE-2023-25797MISC |
opentsdb — opentsdb | Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation. | 2023-05-03 | not yet calculated | CVE-2023-25826MISCMISC |
opentsdb — opentsdb | Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint. | 2023-05-03 | not yet calculated | CVE-2023-25827MISCMISC |
dell — ecs | DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. | 2023-05-04 | not yet calculated | CVE-2023-25934MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions. | 2023-05-04 | not yet calculated | CVE-2023-25961MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions. | 2023-05-04 | not yet calculated | CVE-2023-25962MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0 versions. | 2023-05-03 | not yet calculated | CVE-2023-25967MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions. | 2023-05-04 | not yet calculated | CVE-2023-25977MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions. | 2023-05-04 | not yet calculated | CVE-2023-25982MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions. | 2023-05-04 | not yet calculated | CVE-2023-26010MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions. | 2023-05-04 | not yet calculated | CVE-2023-26012MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <= 0.1 versions. | 2023-05-04 | not yet calculated | CVE-2023-26016MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions. | 2023-05-03 | not yet calculated | CVE-2023-26017MISC |
european_chemicals_agency — iuclid | European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. | 2023-05-02 | not yet calculated | CVE-2023-26089MISCMISCMISC |
gin_gonic — gin | Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.
**Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic. |
2023-05-04 | not yet calculated | CVE-2023-26125MISCMISCMISCMISCMISC |
fortinet — multiple_products | A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | 2023-05-03 | not yet calculated | CVE-2023-26203MISC |
apache — couchdb | Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn’t affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment. |
2023-05-02 | not yet calculated | CVE-2023-26268MISCMISCMISC |
ibm — mq | IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418. | 2023-05-05 | not yet calculated | CVE-2023-26285MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions. | 2023-05-06 | not yet calculated | CVE-2023-26517MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions. | 2023-05-06 | not yet calculated | CVE-2023-26519MISC |
european_chemicals_agency — iuclid | European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. | 2023-05-02 | not yet calculated | CVE-2023-26546MISCMISCMISC |
microbin — microbin | A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-05-04 | not yet calculated | CVE-2023-27075MISCMISC |
inspryker — commerce_os | SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]= | 2023-05-04 | not yet calculated | CVE-2023-27568MISCMISC |
shapeshift — keepkey | Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet. | 2023-05-02 | not yet calculated | CVE-2023-27892MISCMISC |
fortinet — fortiadc | A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | 2023-05-03 | not yet calculated | CVE-2023-27993MISC |
fortinet — fortiadc | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 2023-05-03 | not yet calculated | CVE-2023-27999MISC |
dell — command_monitor | Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path | 2023-05-05 | not yet calculated | CVE-2023-28068MISC |
dell — alienware_command_center_application | Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. | 2023-05-03 | not yet calculated | CVE-2023-28070MISC |
hpe — proliant_rl300_gen11_server | A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis. | 2023-05-01 | not yet calculated | CVE-2023-28092MISC |
winterchens — my_site | Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles. | 2023-05-01 | not yet calculated | CVE-2023-29638MISC |
libheif — libheif | A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | 2023-05-05 | not yet calculated | CVE-2023-29659MISCFEDORAFEDORA |
tenda — n301 | Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | 2023-05-01 | not yet calculated | CVE-2023-29680MISCMISC |
tenda — n301 | Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | 2023-05-01 | not yet calculated | CVE-2023-29681MISCMISC |
asus — rt_ac51u | A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | 2023-05-02 | not yet calculated | CVE-2023-29772MISC |
gl.inet — mt3000 | GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | 2023-05-02 | not yet calculated | CVE-2023-29778MISCMISC |
ejs — ejs | ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. | 2023-05-04 | not yet calculated | CVE-2023-29827MISC |
hotel_druid — hotel_druid | A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. | 2023-05-03 | not yet calculated | CVE-2023-29839MISC |
chuchcrm — churchcrm | ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | 2023-05-04 | not yet calculated | CVE-2023-29842MISCMISCMISC |
zammad — zammad | Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. | 2023-05-02 | not yet calculated | CVE-2023-29867MISC |
zammad — zammad | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. | 2023-05-02 | not yet calculated | CVE-2023-29868MISC |
rosariosis — rosariosis | RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | 2023-05-02 | not yet calculated | CVE-2023-29918MISC |
llvm-project — llvm-project | llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. | 2023-05-05 | not yet calculated | CVE-2023-29932MISC |
llvm-project — llvm-project | llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. | 2023-05-05 | not yet calculated | CVE-2023-29933MISC |
llvm-project — llvm-project | llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). | 2023-05-05 | not yet calculated | CVE-2023-29934MISC |
llvm-project — llvm-project | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && “operation was already replaced. | 2023-05-05 | not yet calculated | CVE-2023-29935MISC |
llvm-project — llvm-project | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). | 2023-05-05 | not yet calculated | CVE-2023-29939MISC |
llvm-project — llvm-project | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. | 2023-05-05 | not yet calculated | CVE-2023-29941MISC |
llvm-project — llvm-project | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. | 2023-05-05 | not yet calculated | CVE-2023-29942MISC |
s-cms — s-cms | S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | 2023-05-05 | not yet calculated | CVE-2023-29963MISC |
nanomq — nanomq | In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. | 2023-05-04 | not yet calculated | CVE-2023-29994MISC |
nanomq — nanomq | In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c | 2023-05-04 | not yet calculated | CVE-2023-29995MISC |
nanomq — nanomq | In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. | 2023-05-04 | not yet calculated | CVE-2023-29996MISC |
totolink — x5000r | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the “command” parameter. | 2023-05-05 | not yet calculated | CVE-2023-30013MISC |
totolink — a7100ru | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | 2023-05-05 | not yet calculated | CVE-2023-30053MISC |
totolink — a7100ru | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | 2023-05-05 | not yet calculated | CVE-2023-30054MISC |
mitrastar — gpt-2741gnac-n2 | MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. | 2023-05-05 | not yet calculated | CVE-2023-30065MISC |
sourcecodester — judging_management_system | Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. | 2023-05-04 | not yet calculated | CVE-2023-30077MISCMISC |
semcms — shop_v4.2 | Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2023-05-05 | not yet calculated | CVE-2023-30090MISC |
open_networking_foundation — onos | An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file. | 2023-05-04 | not yet calculated | CVE-2023-30093MISC |
totaljs –flow_v10 | A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. | 2023-05-04 | not yet calculated | CVE-2023-30094MISCMISCMISC |
totaljs — messenger_commit_b6cf1c9 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. | 2023-05-04 | not yet calculated | CVE-2023-30095MISCMISCMISC |
totaljs — messenger_commit_b6cf1c9 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. | 2023-05-04 | not yet calculated | CVE-2023-30096MISCMISCMISC |
totaljs — messenger_commit_b6cf1c9 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. | 2023-05-04 | not yet calculated | CVE-2023-30097MISCMISCMISC |
online_food_ordering_system_v2.0 — online_food_ordering_system_v2.0 | An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2023-05-05 | not yet calculated | CVE-2023-30122MISC |
tenda — aC18_v15.03.05.19(6318)cn | Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | 2023-05-05 | not yet calculated | CVE-2023-30135MISC |
typecho_v1.2.0 — typecho_v1.2.0 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment. | 2023-05-04 | not yet calculated | CVE-2023-30184MISC |
judging_management_system_v1.0 — judging_management_system_v1.0 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. | 2023-05-04 | not yet calculated | CVE-2023-30203MISC |
judging_management_system_v1.0 — judging_management_system_v1.0 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php. | 2023-05-03 | not yet calculated | CVE-2023-30204MISC |
douphp — douphp | A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php. | 2023-05-03 | not yet calculated | CVE-2023-30205MISC |
newbee-mall — newbee-mall | Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. | 2023-05-04 | not yet calculated | CVE-2023-30216MISC |
beijing_netcon — ns-asg | NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. | 2023-05-05 | not yet calculated | CVE-2023-30242MISCMISCMISC |
beijing_netcon_ — ns-asg | Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. | 2023-05-05 | not yet calculated | CVE-2023-30243MISCMISC |
cltphp — cltphp | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. | 2023-05-04 | not yet calculated | CVE-2023-30264MISC |
cltphp — cltphp | CLTPHP <=6.0 is vulnerable to Improper Input Validation. | 2023-05-04 | not yet calculated | CVE-2023-30268MISCMISC |
prestashop — scexportcustomers | PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions’ control, a guest can access exports from the module which can lead to leak of personal information from customer table. | 2023-05-04 | not yet calculated | CVE-2023-30282MISC |
webassembly — hang_wasm | An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop. | 2023-05-03 | not yet calculated | CVE-2023-30300MISC |
mailbutler_gmbh — shimo_vpn_client | An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use. | 2023-05-04 | not yet calculated | CVE-2023-30328MISCMISC |
beetl — beetl | An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. | 2023-05-04 | not yet calculated | CVE-2023-30331MISCMISC |
garo — wallbox_glb/gtb/gtc | Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. | 2023-05-04 | not yet calculated | CVE-2023-30399MISCMISCMISC |
aigital — wireless-n_repeater_mini_router_v0.131229 | An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user. | 2023-05-02 | not yet calculated | CVE-2023-30403MISCMISC |
ibm — multiple_products | IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | 2023-05-05 | not yet calculated | CVE-2023-30434MISCMISCMISC |
ibm — java | IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | 2023-04-29 | not yet calculated | CVE-2023-30441MISCMISCMISCMISCMISC |
metersphere — metersphere | MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0. | 2023-05-04 | not yet calculated | CVE-2023-30550MISCMISC |
enalean — tulean | Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143. | 2023-05-04 | not yet calculated | CVE-2023-30619MISCMISCMISCMISC |
archer — platform | Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed release. | 2023-05-01 | not yet calculated | CVE-2023-30639CONFIRM |
meta_platforms — lexical | Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources. | 2023-04-29 | not yet calculated | CVE-2023-30792MISC |
triton — tritonmc | Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the ‘triton:main’ plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4. | 2023-05-01 | not yet calculated | CVE-2023-30859MISCMISC |
pallets — flask | Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client’s `session` cookie to other clients. The severity depends on the application’s use of the session and the proxy’s behavior regarding cookies. The risk depends on all these conditions being met.
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. |
2023-05-02 | not yet calculated | CVE-2023-30861MISCMISCMISCMISCMISC |
wordpress — wordpress | Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. | 2023-05-02 | not yet calculated | CVE-2023-30869MISCMISC |
moodle — moodle | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | 2023-05-02 | not yet calculated | CVE-2023-30943MISCMISCMISC |
moodle — moodle | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | 2023-05-02 | not yet calculated | CVE-2023-30944MISCMISCMISC |
zoho — madengine_opmanager | Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. | 2023-05-04 | not yet calculated | CVE-2023-31099MISCMISC |
checkmk — checkmk | Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user’s secret to be written to the site Apache access log. | 2023-05-02 | not yet calculated | CVE-2023-31207MISC |
illumos — gate | illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net. | 2023-05-04 | not yet calculated | CVE-2023-31284MISCMISC |
elastic — filebeat | Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. | 2023-05-04 | not yet calculated | CVE-2023-31413MISCMISC |
elastic — kibana | Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | 2023-05-04 | not yet calculated | CVE-2023-31414MISCMISC |
elastic — kibana | Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | 2023-05-04 | not yet calculated | CVE-2023-31415MISCMISC |
logbuch — evasys | A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter. | 2023-05-02 | not yet calculated | CVE-2023-31433MISC |
logbuch — evasys | The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations. | 2023-05-02 | not yet calculated | CVE-2023-31434MISC |
logbuch — evasys | Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly. | 2023-05-02 | not yet calculated | CVE-2023-31435MISC |
cauldron — cbang | tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive. | 2023-04-28 | not yet calculated | CVE-2023-31483MISCMISC |
cpanpm — cpanpm | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | 2023-04-29 | not yet calculated | CVE-2023-31484MISCMISCMISCMISCMLISTMLISTMLISTMLIST |
cpanpm — api | GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | 2023-04-29 | not yet calculated | CVE-2023-31485MISCMISCMISCMISCMLISTMLISTMLISTMLIST |
cpanpm — tiny | HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | 2023-04-29 | not yet calculated | CVE-2023-31486MISCMISCMISCMISCMLISTMLISTMLISTMISCMLIST |
ghost — ghost | Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme’s folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. | 2023-05-05 | not yet calculated | CVE-2023-32235MISCMISC |
linux — kernel | An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. | 2023-05-05 | not yet calculated | CVE-2023-32269MISCMISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.