Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2022-4206 A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report
network
low complexity
6.5
2023-02-01 CVE-2023-0454 Path Traversal vulnerability in Orangescrum 2.0.11
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server.
network
low complexity
orangescrum CWE-22
8.1
2023-02-01 CVE-2023-0524 Unspecified vulnerability in Tenable Nessus, Tenable.Io and Tenable.Sc
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally.
network
low complexity
tenable
8.8
2023-02-01 CVE-2023-0587 Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Apex ONE
A file upload vulnerability in exists in Trend Micro Apex One server build 11110.
network
low complexity
trendmicro CWE-434
critical
9.1
2023-02-01 CVE-2022-47770 SQL Injection vulnerability in Serinf Fast Checkin 1.0
Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection.
network
low complexity
serinf CWE-89
critical
9.8
2023-02-01 CVE-2023-0606 Cross-site Scripting vulnerability in Ampache
Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.
network
low complexity
ampache CWE-79
6.1
2023-02-01 CVE-2023-24241 SQL Injection vulnerability in Forget Heart Message BOX Project Forget Heart Message BOX 1.1
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.
network
low complexity
forget-heart-message-box-project CWE-89
critical
9.8
2023-02-01 CVE-2023-24956 SQL Injection vulnerability in Forget Heart Message BOX Project Forget Heart Message BOX 1.1
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.
network
low complexity
forget-heart-message-box-project CWE-89
8.8
2023-01-31 CVE-2023-22610 Unspecified vulnerability in Schneider-Electric products
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.
network
low complexity
schneider-electric
7.5
2023-01-31 CVE-2023-22611 Unspecified vulnerability in Schneider-Electric products
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port.
network
low complexity
schneider-electric
7.5