Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2023-43640 TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists.
network
low complexity
CWE-89
6.5
2023-09-22 CVE-2023-42812 Galaxy is an open-source platform for FAIR data analysis.
network
low complexity
CWE-918
4.3
2023-09-22 CVE-2023-23766 Incorrect Comparison vulnerability in Github Enterprise Server 3.10.0
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request.
network
low complexity
github CWE-697
6.5
2023-09-22 CVE-2023-43144 SQL Injection vulnerability in Projectworlds Asset Management System Project in PHP 1.0
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
network
low complexity
projectworlds CWE-89
critical
9.8
2023-09-22 CVE-2023-5002 A flaw was found in pgAdmin.
network
low complexity
8.8
2023-09-22 CVE-2023-43783 Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File.
network
low complexity
CWE-668
7.5
2023-09-22 CVE-2023-4716 Cross-site Scripting vulnerability in Davidlingren Media Library Assistant 3.05/3.06
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
davidlingren CWE-79
5.4
2023-09-22 CVE-2023-4774 Cross-site Scripting vulnerability in Braekling Connect Matomo
The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
braekling CWE-79
5.4
2023-09-22 CVE-2023-31716 FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
network
low complexity
7.5
2023-09-22 CVE-2023-31717 A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
network
low complexity
CWE-89
7.5