Weekly Vulnerabilities Reports > January 2 to 8, 2023
Overview
446 new vulnerabilities reported during this period, including 104 critical vulnerabilities and 138 high severity vulnerabilities. This weekly summary report vulnerabilities in 296 products from 242 vendors including Google, Arubanetworks, Gpac, IBM, and Discourse. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Out-of-bounds Write", "Missing Authorization", and "Out-of-bounds Read".
- 320 reported vulnerabilities are remotely exploitables.
- 189 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 278 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 67 reported vulnerabilities.
- Hitachienergy has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
104 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-03 | CVE-2022-43931 | Synology | Unspecified vulnerability in Synology VPN Plus Server 1.4.30534 Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
2023-01-08 | CVE-2016-15016 | Joomla MOD Einsatz Stats Project | SQL Injection vulnerability in Joomla MOD Einsatz Stats Project Joomla MOD Einsatz Stats 0.1/0.2 A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. | 9.8 |
2023-01-08 | CVE-2015-10031 | Github | SQL Injection vulnerability in Github 491-Project A vulnerability classified as critical was found in purpleparrots 491-Project. | 9.8 |
2023-01-08 | CVE-2022-0668 | Jfrog | Improper Privilege Management vulnerability in Jfrog Artifactory JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | 9.8 |
2023-01-08 | CVE-2018-25072 | Lojban | SQL Injection vulnerability in Lojban Jbovlaste A vulnerability classified as critical has been found in lojban jbovlaste. | 9.8 |
2023-01-08 | CVE-2019-25100 | Twmap Project | SQL Injection vulnerability in Twmap Project Twmap A vulnerability was found in happyman twmap. | 9.8 |
2023-01-08 | CVE-2007-10002 | WEB Cyradm Project | SQL Injection vulnerability in Web-Cyradm Project Web-Cyradm A vulnerability, which was classified as critical, has been found in web-cyradm. | 9.8 |
2023-01-08 | CVE-2014-125067 | Curiosity Project | SQL Injection vulnerability in Curiosity Project Curiosity A vulnerability classified as critical was found in corincerami curiosity. | 9.8 |
2023-01-08 | CVE-2020-36648 | Pouet | SQL Injection vulnerability in Pouet Pouet2.0 A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. | 9.8 |
2023-01-08 | CVE-2021-4308 | Lboro | SQL Injection vulnerability in Lboro Webpa A vulnerability was found in WebPA up to 3.1.1. | 9.8 |
2023-01-07 | CVE-2014-125029 | Paginationserviceprovider Project | SQL Injection vulnerability in Paginationserviceprovider Project Paginationserviceprovider A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. | 9.8 |
2023-01-07 | CVE-2021-4301 | Phpwcms | SQL Injection vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. | 9.8 |
2023-01-07 | CVE-2022-1101 | Event Management System Project | Improper Authentication vulnerability in Event Management System Project Event Management System 1.0 A vulnerability was found in SourceCodester Royale Event Management System 1.0. | 9.8 |
2023-01-07 | CVE-2022-2666 | Loan Management System Project | SQL Injection vulnerability in Loan Management System Project Loan Management System 1.0 A vulnerability has been found in SourceCodester Loan Management System and classified as critical. | 9.8 |
2023-01-07 | CVE-2013-10009 | Pychao Project | SQL Injection vulnerability in Pychao Project Pychao A vulnerability was found in DrAzraelTod pyChao and classified as critical. | 9.8 |
2023-01-07 | CVE-2014-125065 | Bottle Auth Project | SQL Injection vulnerability in Bottle-Auth Project Bottle-Auth A vulnerability, which was classified as critical, was found in john5223 bottle-auth. | 9.8 |
2023-01-07 | CVE-2015-10029 | Simplexrd Project | XXE vulnerability in Simplexrd Project Simplexrd A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. | 9.8 |
2023-01-07 | CVE-2016-15013 | Forumhulp | SQL Injection vulnerability in Forumhulp Search Results A vulnerability was found in ForumHulp searchresults. | 9.8 |
2023-01-07 | CVE-2021-4307 | Baobab Project | Unspecified vulnerability in Baobab Project Baobab A vulnerability was found in Yomguithereal Baobab up to 2.6.0. | 9.8 |
2023-01-07 | CVE-2014-125063 | BID Project | SQL Injection vulnerability in BID Project BID A vulnerability was found in ada-l0velace Bid and classified as critical. | 9.8 |
2023-01-07 | CVE-2020-36645 | Square | SQL Injection vulnerability in Square Squalor A vulnerability, which was classified as critical, was found in square squalor. | 9.8 |
2023-01-07 | CVE-2014-125062 | Bitstorm Project | SQL Injection vulnerability in Bitstorm Project Bitstorm A vulnerability classified as critical was found in ananich bitstorm. | 9.8 |
2023-01-07 | CVE-2015-10027 | Ttrrs Auth Ldap Project | Injection vulnerability in Ttrrs-Auth-Ldap Project Ttrrs-Auth-Ldap 0.5 A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. | 9.8 |
2023-01-07 | CVE-2014-125059 | Sternenblog Project | External Control of File Name or Path vulnerability in Sternenblog Project Sternenblog A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. | 9.8 |
2023-01-07 | CVE-2014-125060 | Collabcal Project | Improper Authentication vulnerability in Collabcal Project Collabcal A vulnerability, which was classified as critical, was found in holdennb CollabCal. | 9.8 |
2023-01-07 | CVE-2014-125061 | Filebroker Project | SQL Injection vulnerability in Filebroker Project Filebroker ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. | 9.8 |
2023-01-07 | CVE-2015-10024 | Larasync Project | Path Traversal vulnerability in Larasync Project Larasync A vulnerability classified as critical was found in hoffie larasync. | 9.8 |
2023-01-07 | CVE-2015-10026 | Flairbot Project | SQL Injection vulnerability in Flairbot Project Flairbot A vulnerability was found in tiredtyrant flairbot. | 9.8 |
2023-01-07 | CVE-2016-15012 | Salesforce | SQL Injection vulnerability in Salesforce Mobile Software Development KIT 3.2.0/4.0.0 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. | 9.8 |
2023-01-07 | CVE-2022-4880 | Openutau | Path Traversal vulnerability in Openutau A vulnerability was found in stakira OpenUtau. | 9.8 |
2023-01-07 | CVE-2015-10022 | Nlgis2 Project | SQL Injection vulnerability in Nlgis2 Project Nlgis2 A vulnerability was found in IISH nlgis2. | 9.8 |
2023-01-07 | CVE-2015-10023 | Trello Octometric Project | SQL Injection vulnerability in Trello-Octometric Project Trello-Octometric A vulnerability classified as critical has been found in Fumon trello-octometric. | 9.8 |
2023-01-07 | CVE-2018-25071 | Lmeve Project | SQL Injection vulnerability in Lmeve Project Lmeve A vulnerability was found in roxlukas LMeve up to 0.1.58. | 9.8 |
2023-01-07 | CVE-2014-125058 | Address Book Project | SQL Injection vulnerability in Address Book Project Address Book A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. | 9.8 |
2023-01-07 | CVE-2018-25070 | Aista | SQL Injection vulnerability in Aista Phosphorus Five 8.2 A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. | 9.8 |
2023-01-07 | CVE-2014-125057 | Robitailletheknot Project | Incorrect Comparison vulnerability in Robitailletheknot Project Robitailletheknot A vulnerability was found in mrobit robitailletheknot. | 9.8 |
2023-01-07 | CVE-2018-25069 | Netis Systems | Use of Hard-coded Password vulnerability in Netis-Systems Netcore Router Firmware A vulnerability classified as critical has been found in Netis Netcore Router. | 9.8 |
2023-01-06 | CVE-2014-125053 | Piwigo | SQL Injection vulnerability in Piwigo Guestbook A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. | 9.8 |
2023-01-06 | CVE-2013-10008 | Eshop Project | SQL Injection vulnerability in Eshop Project Eshop A vulnerability was found in sheilazpy eShop. | 9.8 |
2023-01-06 | CVE-2014-125052 | Sparql Identifiers Project | SQL Injection vulnerability in Sparql-Identifiers Project Sparql-Identifiers A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. | 9.8 |
2023-01-06 | CVE-2018-25068 | Globalpom Utils Project | Exposure of Resource to Wrong Sphere vulnerability in Globalpom-Utils Project Globalpom-Utils A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. | 9.8 |
2023-01-06 | CVE-2022-39073 | ZTE | Command Injection vulnerability in ZTE Mf286R Firmware Nordicmf286Rb06 There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | 9.8 |
2023-01-06 | CVE-2014-125050 | Voter JS Project | SQL Injection vulnerability in Voter-Js Project Voter-Js A vulnerability was found in ScottTZhang voter-js and classified as critical. | 9.8 |
2023-01-06 | CVE-2014-125051 | Yii2 Jqgrid Widget Project | SQL Injection vulnerability in Yii2-Jqgrid-Widget Project Yii2-Jqgrid-Widget A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. | 9.8 |
2023-01-06 | CVE-2014-125049 | Blogile Project | SQL Injection vulnerability in Blogile Project Blogile ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. | 9.8 |
2023-01-06 | CVE-2015-10018 | Weberp | SQL Injection vulnerability in Weberp D2Files A vulnerability has been found in DBRisinajumi d2files and classified as critical. | 9.8 |
2023-01-06 | CVE-2014-125047 | School Store Project | SQL Injection vulnerability in School-Store Project School-Store A vulnerability classified as critical has been found in tbezman school-store. | 9.8 |
2023-01-06 | CVE-2015-10017 | HPI | SQL Injection vulnerability in HPI Prolod A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. | 9.8 |
2023-01-06 | CVE-2018-25066 | Nodebatis Project | SQL Injection vulnerability in Nodebatis Project Nodebatis A vulnerability was found in PeterMu nodebatis up to 2.1.x. | 9.8 |
2023-01-06 | CVE-2020-36642 | Jobe Project | Command Injection vulnerability in Jobe Project Jobe A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. | 9.8 |
2023-01-06 | CVE-2014-125046 | CUB Scout Tracker Project | SQL Injection vulnerability in Cub-Scout-Tracker Project Cub-Scout-Tracker A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. | 9.8 |
2023-01-06 | CVE-2015-10016 | Opensim Utils Project | SQL Injection vulnerability in Opensim-Utils Project Opensim-Utils A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. | 9.8 |
2023-01-06 | CVE-2016-15011 | E Contract | XXE vulnerability in E-Contract Dssp A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. | 9.8 |
2023-01-06 | CVE-2023-22671 | NSA | Command Injection vulnerability in NSA Ghidra Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. | 9.8 |
2023-01-06 | CVE-2022-25923 | Exec Local BIN Project | Unspecified vulnerability in Exec-Local-Bin Project Exec-Local-Bin Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | 9.8 |
2023-01-05 | CVE-2022-44877 | Control Webpanel | OS Command Injection vulnerability in Control-Webpanel Webpanel login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. | 9.8 |
2023-01-05 | CVE-2014-125045 | Meol1 Project | SQL Injection vulnerability in Meol1 Project Meol1 A vulnerability has been found in meol1 and classified as critical. | 9.8 |
2023-01-05 | CVE-2021-40342 | Hitachienergy | Improper Authentication vulnerability in Hitachienergy Foxman-Un and Unem In the DES implementation, the affected product versions use a default key for encryption. | 9.8 |
2023-01-05 | CVE-2022-3927 | Hitachienergy | Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. | 9.8 |
2023-01-05 | CVE-2022-3929 | Hitachienergy | Cleartext Transmission of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. | 9.8 |
2023-01-05 | CVE-2022-47544 | Siren | Unspecified vulnerability in Siren Investigate An issue was discovered in Siren Investigate before 12.1.7. | 9.8 |
2023-01-05 | CVE-2014-125044 | Wing Tight Project | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wing-Tight Project Wing-Tight A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. | 9.8 |
2023-01-05 | CVE-2017-20163 | Nview Project | SQL Injection vulnerability in Nview Project Nview A vulnerability has been found in Red Snapper NView and classified as critical. | 9.8 |
2023-01-05 | CVE-2014-125041 | Progetto Complementi Project | SQL Injection vulnerability in Progetto-Complementi Project Progetto-Complementi A vulnerability classified as critical was found in Miccighel PR-CWT. | 9.8 |
2023-01-05 | CVE-2015-10015 | Glidernet | SQL Injection vulnerability in Glidernet Ogn-Live A vulnerability, which was classified as critical, has been found in glidernet ogn-live. | 9.8 |
2023-01-05 | CVE-2014-125040 | Devnewsaggregator Project | SQL Injection vulnerability in Devnewsaggregator Project Devnewsaggregator A vulnerability was found in stevejagodzinski DevNewsAggregator. | 9.8 |
2023-01-05 | CVE-2015-10014 | UKE Project | SQL Injection vulnerability in UKE Project UKE A vulnerability classified as critical has been found in arekk uke. | 9.8 |
2023-01-05 | CVE-2022-45995 | Tenda | Classic Buffer Overflow vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. | 9.8 |
2023-01-05 | CVE-2020-36641 | Gturri | XXE vulnerability in Gturri Axmlrpc A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. | 9.8 |
2023-01-05 | CVE-2020-36640 | Bonitasoft | XXE vulnerability in Bonitasoft Webservice Connector A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. | 9.8 |
2023-01-05 | CVE-2021-4304 | Ulcc Core Project | Command Injection vulnerability in Ulcc-Core Project Ulcc-Core A vulnerability was found in eprintsug ulcc-core. | 9.8 |
2023-01-05 | CVE-2023-0077 | Synology | Unspecified vulnerability in Synology Router Manager Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. | 9.8 |
2023-01-05 | CVE-2019-25097 | Extplorer | Path Traversal vulnerability in Extplorer A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. | 9.8 |
2023-01-05 | CVE-2019-25098 | Extplorer | Path Traversal vulnerability in Extplorer A vulnerability was found in soerennb eXtplorer up to 2.1.12. | 9.8 |
2023-01-05 | CVE-2022-47523 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | 9.8 |
2023-01-04 | CVE-2021-4300 | Halcyon Project | Unspecified vulnerability in Halcyon Project Halcyon A vulnerability has been found in ghostlander Halcyon and classified as critical. | 9.8 |
2023-01-04 | CVE-2022-22338 | IBM | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. | 9.8 |
2023-01-04 | CVE-2023-22463 | Fit2Cloud | Use of Hard-coded Credentials vulnerability in Fit2Cloud Kubepi KubePi is a k8s panel. | 9.8 |
2023-01-04 | CVE-2022-45875 | Apache | Improper Input Validation vulnerability in Apache Dolphinscheduler Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. | 9.8 |
2023-01-04 | CVE-2010-10003 | Titlelink Project | SQL Injection vulnerability in Titlelink Project Titlelink A vulnerability classified as critical was found in gesellix titlelink on Joomla. | 9.8 |
2023-01-04 | CVE-2020-36639 | Alliedmods | Path Traversal vulnerability in Alliedmods AMX MOD X A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. | 9.8 |
2023-01-03 | CVE-2022-32665 | Mediatek | Command Injection vulnerability in Mediatek Linkit Software Development KIT 4.6.1 In Boa, there is a possible command injection due to improper input validation. | 9.8 |
2023-01-03 | CVE-2022-38627 | Niceforyou | SQL Injection vulnerability in Niceforyou Linear Emerge E3 Access Control Firmware Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter. | 9.8 |
2023-01-03 | CVE-2021-32824 | Apache | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo is a java based, open source RPC framework. | 9.8 |
2023-01-03 | CVE-2022-39039 | Aenrich | Server-Side Request Forgery (SSRF) vulnerability in Aenrich A+Hrd 6.8/7.0 aEnrich’s a+HRD has inadequate filtering for specific URL parameter. | 9.8 |
2023-01-03 | CVE-2022-39041 | Aenrich | SQL Injection vulnerability in Aenrich A+Hrd 6.8/7.0 aEnrich a+HRD has insufficient user input validation for specific API parameter. | 9.8 |
2023-01-03 | CVE-2022-39042 | Aenrich | Improper Authentication vulnerability in Aenrich A+Hrd 6.8/7.0 aEnrich a+HRD has improper validation for login function. | 9.8 |
2023-01-03 | CVE-2022-47618 | Meritlilin | Use of Hard-coded Credentials vulnerability in Meritlilin Ah55B04 Firmware and Ah55B08 Firmware Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. | 9.8 |
2023-01-02 | CVE-2015-10011 | Cisco | Improper Encoding or Escaping of Output vulnerability in Cisco Openresolve A vulnerability classified as problematic has been found in OpenDNS OpenResolve. | 9.8 |
2023-01-02 | CVE-2022-3241 | Rahamsolutions | Unspecified vulnerability in Rahamsolutions Build APP Online The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | 9.8 |
2023-01-02 | CVE-2022-4049 | WP User Project | Unspecified vulnerability in WP User Project WP User The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | 9.8 |
2023-01-02 | CVE-2022-4059 | Blocksera | SQL Injection vulnerability in Blocksera Cryptocurrency Widgets Pack 1.8.1 The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |
2023-01-02 | CVE-2022-4099 | Getcloudsms | Unspecified vulnerability in Getcloudsms JOY of Text Lite The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection | 9.8 |
2023-01-02 | CVE-2022-4297 | Netflixtech | Unspecified vulnerability in Netflixtech WP Autocomplete Search The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection | 9.8 |
2023-01-02 | CVE-2022-4298 | Cedcommerce | Unspecified vulnerability in Cedcommerce Wholesale Market The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. | 9.8 |
2023-01-02 | CVE-2022-4357 | Letsrecover Project | Unspecified vulnerability in Letsrecover Project Letsrecover The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |
2023-01-02 | CVE-2016-15007 | Centralized Salesforce Development Framework Project | Injection vulnerability in Centralized Salesforce Development Framework Project Centralized Salesforce Development Framework A vulnerability was found in Centralized-Salesforce-Dev-Framework. | 9.8 |
2023-01-02 | CVE-2014-125037 | License TO Kill Project | SQL Injection vulnerability in License to Kill Project License to Kill A vulnerability, which was classified as critical, was found in License to Kill. | 9.8 |
2023-01-02 | CVE-2014-125038 | IS Projecto2 Project | SQL Injection vulnerability in IS Projecto2 Project IS Projecto2 A vulnerability has been found in IS_Projecto2 and classified as critical. | 9.8 |
2023-01-02 | CVE-2015-10009 | Nonfiction | Code Injection vulnerability in Nonfiction Nterchange 4.0.0/4.1.0 A vulnerability was found in nterchange up to 4.1.0. | 9.8 |
2023-01-02 | CVE-2015-10008 | Weipdcrm Project | SQL Injection vulnerability in Weipdcrm Project Weipdcrm ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. | 9.8 |
2023-01-02 | CVE-2022-42475 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortios A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | 9.8 |
2023-01-02 | CVE-2014-125032 | GO With ME Project | SQL Injection vulnerability in Go-With-Me Project Go-With-Me A vulnerability was found in porpeeranut go-with-me. | 9.8 |
2023-01-02 | CVE-2021-4298 | ND | SQL Injection vulnerability in ND Sipity A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. | 9.8 |
138 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-06 | CVE-2022-2482 | Nokia | Insufficient Protections on the Volatile Memory Containing Boot Code vulnerability in Nokia products A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. | 8.8 |
2023-01-06 | CVE-2022-44149 | Nexxtsolutions | OS Command Injection vulnerability in Nexxtsolutions Amp300 Firmware 42.103.1.5095/80.103.2.5045 The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. | 8.8 |
2023-01-06 | CVE-2022-42979 | Rydesharing | Improper Certificate Validation vulnerability in Rydesharing Ryde 5.8.43 Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link. | 8.8 |
2023-01-05 | CVE-2023-0088 | Swifty Page Manager Project | Cross-Site Request Forgery (CSRF) vulnerability in Swifty Page Manager Project Swifty Page Manager 3.0.1 The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. | 8.8 |
2023-01-05 | CVE-2022-43844 | IBM | Insufficient Session Expiration vulnerability in IBM Robotic Process Automation for Cloud PAK IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. | 8.8 |
2023-01-05 | CVE-2016-15009 | Openacs | Cross-Site Request Forgery (CSRF) vulnerability in Openacs Bug-Tracker A vulnerability classified as problematic has been found in OpenACS bug-tracker. | 8.8 |
2023-01-05 | CVE-2022-43519 | Arubanetworks | SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. | 8.8 |
2023-01-05 | CVE-2022-43520 | Arubanetworks | SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. | 8.8 |
2023-01-05 | CVE-2022-43521 | Arubanetworks | SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. | 8.8 |
2023-01-05 | CVE-2022-43522 | Arubanetworks | SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. | 8.8 |
2023-01-05 | CVE-2022-43523 | Arubanetworks | SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. | 8.8 |
2023-01-05 | CVE-2022-43530 | Arubanetworks | SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. | 8.8 |
2023-01-05 | CVE-2022-43531 | Arubanetworks | SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. | 8.8 |
2023-01-05 | CVE-2022-43536 | Arubanetworks | OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. | 8.8 |
2023-01-05 | CVE-2022-44535 | Arubanetworks | Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. | 8.8 |
2023-01-04 | CVE-2022-43920 | IBM | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. | 8.8 |
2023-01-04 | CVE-2023-22457 | Xwiki | Cross-Site Request Forgery (CSRF) vulnerability in Xwiki Ckeditor Integration CKEditor Integration UI adds support for editing wiki pages using CKEditor. | 8.8 |
2023-01-04 | CVE-2023-0048 | Daloradius | Code Injection vulnerability in Daloradius Code Injection in GitHub repository lirantal/daloradius prior to master-branch. | 8.8 |
2023-01-04 | CVE-2022-42435 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Automation Workflow IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2023-01-03 | CVE-2022-32664 | Mediatek | Command Injection vulnerability in Mediatek Linkit Software Development KIT 4.6.1 In Config Manager, there is a possible command injection due to improper input validation. | 8.8 |
2023-01-03 | CVE-2022-35845 | Fortinet | OS Command Injection vulnerability in Fortinet Fortitester Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. | 8.8 |
2023-01-03 | CVE-2022-39947 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiadc A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |
2023-01-03 | CVE-2022-43436 | Easy Test Project | Unrestricted Upload of File with Dangerous Type vulnerability in Easy Test Project Easy Test 22H29 The File Upload function of EasyTest has insufficient filtering for special characters and file type. | 8.8 |
2023-01-03 | CVE-2022-43437 | Easy Test Project | SQL Injection vulnerability in Easy Test Project Easy Test 17L18S The Download function’s parameter of EasyTest has insufficient validation for user input. | 8.8 |
2023-01-03 | CVE-2022-43438 | Easy Test Project | Incorrect Authorization vulnerability in Easy Test Project Easy Test The Administrator function of EasyTest has an Incorrect Authorization vulnerability. | 8.8 |
2023-01-03 | CVE-2022-46304 | Changingtec | OS Command Injection vulnerability in Changingtec Servisign ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. | 8.8 |
2023-01-02 | CVE-2021-30558 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 8.8 | |
2023-01-02 | CVE-2022-2742 | Race Condition vulnerability in Google Chrome Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | 8.8 | |
2023-01-02 | CVE-2022-2743 | Integer Overflow or Wraparound vulnerability in Google Chrome Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. | 8.8 | |
2023-01-02 | CVE-2022-3860 | Smackcoders | Unspecified vulnerability in Smackcoders Visual Email Designer for Woocommerce The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. | 8.8 |
2023-01-02 | CVE-2022-3911 | Iubenda | Missing Authorization vulnerability in Iubenda Iubenda-Cookie-Law-Solution The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. | 8.8 |
2023-01-02 | CVE-2022-4237 | Collne | Unspecified vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present on the blog | 8.8 |
2023-01-02 | CVE-2023-22451 | Kiwitcms | Weak Password Requirements vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS is an open source test management system. | 8.8 |
2023-01-03 | CVE-2022-38723 | Gravitee | Path Traversal vulnerability in Gravitee API Management Gravitee API Management before 3.15.13 allows path traversal through HTML injection. | 8.6 |
2023-01-05 | CVE-2022-46177 | Discourse | Insufficient Session Expiration vulnerability in Discourse Discourse is an option source discussion platform. | 8.1 |
2023-01-04 | CVE-2022-48217 | Tradr Project | Unspecified vulnerability in Tradr-Project TF Remapper 1.1.1 The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. | 8.1 |
2023-01-03 | CVE-2022-36943 | Ssziparchive Project | Link Following vulnerability in Ssziparchive Project Ssziparchive SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. | 8.1 |
2023-01-03 | CVE-2022-38766 | Renault | Authentication Bypass by Capture-replay vulnerability in Renault ZOE E-Tech Firmware 2021 The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack. | 8.1 |
2023-01-06 | CVE-2022-2484 | Nokia | Insufficient Protections on the Volatile Memory Containing Boot Code vulnerability in Nokia Asik Airscale 474021A.101 Firmware The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. | 7.8 |
2023-01-06 | CVE-2022-40201 | Bentley | Stack-based Buffer Overflow vulnerability in Bentley Microstation Connect 10.16.0.80/10.16.2.034 Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. | 7.8 |
2023-01-06 | CVE-2022-41613 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation Connect 10.16.0.80/10.16.2.034 Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code. | 7.8 |
2023-01-06 | CVE-2022-44939 | Echatserver | Uncontrolled Search Path Element vulnerability in Echatserver Easy Chat Server 3.1 Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. | 7.8 |
2023-01-05 | CVE-2022-47653 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113 | 7.8 |
2023-01-05 | CVE-2022-47654 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261 | 7.8 |
2023-01-05 | CVE-2022-47655 | Struktur Debian | Out-of-bounds Write vulnerability in multiple products Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> | 7.8 |
2023-01-05 | CVE-2022-47656 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273 | 7.8 |
2023-01-05 | CVE-2022-47657 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662 | 7.8 |
2023-01-05 | CVE-2022-47658 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039 | 7.8 |
2023-01-05 | CVE-2022-47659 | Gpac | Out-of-bounds Write vulnerability in Gpac GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data | 7.8 |
2023-01-05 | CVE-2022-47660 | Gpac | Integer Overflow or Wraparound vulnerability in Gpac GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c | 7.8 |
2023-01-05 | CVE-2022-47661 | Gpac | Out-of-bounds Write vulnerability in Gpac GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes | 7.8 |
2023-01-05 | CVE-2022-47663 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609 | 7.8 |
2023-01-05 | CVE-2022-4378 | Linux | Out-of-bounds Write vulnerability in Linux Kernel A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. | 7.8 |
2023-01-05 | CVE-2022-3715 | GNU Redhat | Out-of-bounds Write vulnerability in multiple products A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. | 7.8 |
2023-01-05 | CVE-2022-47087 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c | 7.8 |
2023-01-05 | CVE-2022-47088 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow. | 7.8 |
2023-01-05 | CVE-2022-47089 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c | 7.8 |
2023-01-05 | CVE-2022-47091 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c | 7.8 |
2023-01-05 | CVE-2022-47093 | Gpac | Use After Free vulnerability in Gpac GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid | 7.8 |
2023-01-05 | CVE-2022-47094 | Gpac | NULL Pointer Dereference vulnerability in Gpac GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid | 7.8 |
2023-01-05 | CVE-2022-47095 | Gpac | Classic Buffer Overflow vulnerability in Gpac GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c | 7.8 |
2023-01-05 | CVE-2022-37933 | HPE | Injection vulnerability in HPE products A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. | 7.8 |
2023-01-05 | CVE-2022-43533 | Arubanetworks | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. | 7.8 |
2023-01-05 | CVE-2022-43534 | Arubanetworks | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. | 7.8 |
2023-01-05 | CVE-2022-43535 | Arubanetworks | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. | 7.8 |
2023-01-04 | CVE-2023-0054 | VIM | Out-of-bounds Write vulnerability in VIM Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. | 7.8 |
2023-01-04 | CVE-2022-25926 | Window Control Project | Unspecified vulnerability in Window-Control Project Window-Control Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. | 7.8 |
2023-01-04 | CVE-2023-0051 | VIM | Heap-based Buffer Overflow vulnerability in VIM Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. | 7.8 |
2023-01-04 | CVE-2023-0049 | VIM Fedoraproject | Out-of-bounds Read vulnerability in multiple products Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. | 7.8 |
2023-01-03 | CVE-2022-32635 | Out-of-bounds Write vulnerability in Google Android In gps, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2023-01-03 | CVE-2022-41645 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric V-Server Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. | 7.8 |
2023-01-03 | CVE-2022-43448 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus and V-Sft Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 |
2023-01-03 | CVE-2022-46306 | Changingtec | Path Traversal vulnerability in Changingtec Servisign ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. | 7.8 |
2023-01-03 | CVE-2022-46360 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric Tellus and V-Sft Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 |
2023-01-03 | CVE-2022-47317 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. | 7.8 |
2023-01-03 | CVE-2022-47908 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. | 7.8 |
2023-01-02 | CVE-2017-20161 | Macgeiger Project | Injection vulnerability in Macgeiger Project Macgeiger A vulnerability classified as problematic has been found in rofl0r MacGeiger. | 7.8 |
2023-01-08 | CVE-2014-125066 | Yuko BOT Project | Improper Resource Shutdown or Release vulnerability in Yuko-Bot Project Yuko-Bot A vulnerability was found in emmflo yuko-bot. | 7.5 |
2023-01-07 | CVE-2020-36646 | Mediaarea | NULL Pointer Dereference vulnerability in Mediaarea Zenlib A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. | 7.5 |
2023-01-07 | CVE-2021-4306 | Terminal KIT Project | Unspecified vulnerability in Terminal-Kit Project Terminal-Kit A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. | 7.5 |
2023-01-07 | CVE-2015-10025 | Miniconf Project | Improper Resource Shutdown or Release vulnerability in Miniconf Project Miniconf A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. | 7.5 |
2023-01-07 | CVE-2023-0113 | Netis Systems | Information Exposure vulnerability in Netis-Systems Netcore Router Firmware A vulnerability was found in Netis Netcore Router up to 2.2.6. | 7.5 |
2023-01-06 | CVE-2021-46867 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. | 7.5 |
2023-01-06 | CVE-2021-46868 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. | 7.5 |
2023-01-06 | CVE-2022-46761 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons. | 7.5 |
2023-01-06 | CVE-2022-46762 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 |
2023-01-06 | CVE-2022-47975 | Huawei | Double Free vulnerability in Huawei Emui and Harmonyos The DUBAI module has a double free vulnerability. | 7.5 |
2023-01-06 | CVE-2022-47976 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. | 7.5 |
2023-01-06 | CVE-2022-4879 | Forged Alliance Forever Project | Unspecified vulnerability in Forged Alliance Forever Project Forged Alliance Forever A vulnerability was found in Forged Alliance Forever up to 3746. | 7.5 |
2023-01-06 | CVE-2022-40049 | Theme Park Ticketing System Project | SQL Injection vulnerability in Theme Park Ticketing System Project Theme Park Ticketing System 1.0 SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page. | 7.5 |
2023-01-05 | CVE-2007-10001 | WEB Cyradm Project | SQL Injection vulnerability in Web-Cyradm Project Web-Cyradm A vulnerability classified as problematic has been found in web-cyradm. | 7.5 |
2023-01-05 | CVE-2021-4305 | Bridgeline | Unspecified vulnerability in Bridgeline Robots-Txt-Guard A vulnerability was found in Woorank robots-txt-guard. | 7.5 |
2023-01-05 | CVE-2022-43932 | Synology | Unspecified vulnerability in Synology Router Manager Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
2023-01-05 | CVE-2022-4869 | Evolution Events | Unspecified vulnerability in Evolution-Events Artaxerxes A vulnerability was found in Evolution Events Artaxerxes. | 7.5 |
2023-01-05 | CVE-2022-45857 | Fortinet | Unspecified vulnerability in Fortinet Fortimanager An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted. | 7.5 |
2023-01-05 | CVE-2023-22626 | Pghero Project | Information Exposure Through an Error Message vulnerability in Pghero Project Pghero PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. | 7.5 |
2023-01-05 | CVE-2022-37934 | HP HPE | Path Traversal vulnerability in multiple products A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. | 7.5 |
2023-01-04 | CVE-2023-22467 | Momentjs | Unspecified vulnerability in Momentjs Luxon Luxon is a library for working with dates and times in JavaScript. | 7.5 |
2023-01-04 | CVE-2022-48216 | Uniswap | Improper Locking vulnerability in Uniswap Universal Router Firmware Uniswap Universal Router before 1.1.0 mishandles reentrancy. | 7.5 |
2023-01-04 | CVE-2023-22460 | Protocol | Improper Input Validation vulnerability in Protocol Go-Ipld-Prime go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. | 7.5 |
2023-01-04 | CVE-2022-46081 | Garmin | Information Exposure vulnerability in Garmin Connect 4.61 In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. | 7.5 |
2023-01-03 | CVE-2022-2967 | Prosysopc | Insufficiently Protected Credentials vulnerability in Prosysopc UA Modbus Server and UA Simulation Server Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data. | 7.5 |
2023-01-03 | CVE-2022-23506 | Linuxfoundation | Information Exposure Through Log Files vulnerability in Linuxfoundation Spinnaker Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. | 7.5 |
2023-01-03 | CVE-2022-45143 | Apache | Improper Encoding or Escaping of Output vulnerability in Apache Tomcat The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. | 7.5 |
2023-01-03 | CVE-2021-32821 | Mootools | Unspecified vulnerability in Mootools MooTools is a collection of JavaScript utilities for JavaScript developers. | 7.5 |
2023-01-03 | CVE-2013-10007 | WP Print Friendly Project | Information Exposure vulnerability in Wp-Print-Friendly Project WP Print Friendly A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. | 7.5 |
2023-01-03 | CVE-2015-10012 | Sumocoders | Information Exposure Through an Error Message vulnerability in Sumocoders Frameworkuserbundle ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. | 7.5 |
2023-01-03 | CVE-2022-39040 | Aenrich | Path Traversal vulnerability in Aenrich A+Hrd 6.8/7.0 aEnrich a+HRD log read function has a path traversal vulnerability. | 7.5 |
2023-01-03 | CVE-2022-3460 | Octopus | Improper Cross-boundary Removal of Sensitive Data vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. | 7.5 |
2023-01-02 | CVE-2022-3842 | Use After Free vulnerability in Google Chrome Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 7.5 | |
2023-01-02 | CVE-2022-4140 | Collne | Unspecified vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server | 7.5 |
2023-01-02 | CVE-2014-125033 | Rails CV APP Project | Path Traversal vulnerability in Rails-Cv-App Project Rails-Cv-App A vulnerability was found in rails-cv-app. | 7.5 |
2023-01-02 | CVE-2021-4299 | String KIT Project | Unspecified vulnerability in String KIT Project String KIT A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. | 7.5 |
2023-01-02 | CVE-2019-13768 | Use After Free vulnerability in Google Chrome Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 7.4 | |
2023-01-06 | CVE-2018-25067 | Joomgallery Project | SQL Injection vulnerability in Joomgallery Project Joomgallery A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. | 7.2 |
2023-01-05 | CVE-2022-43537 | Arubanetworks | OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. | 7.2 |
2023-01-05 | CVE-2022-43538 | Arubanetworks | OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. | 7.2 |
2023-01-05 | CVE-2022-44534 | Arubanetworks | Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. | 7.2 |
2023-01-04 | CVE-2023-0046 | Daloradius | Improper Restriction of Names for Files and Other Resources vulnerability in Daloradius Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch. | 7.2 |
2023-01-03 | CVE-2022-44036 | B2Evolution | Unrestricted Upload of File with Dangerous Type vulnerability in B2Evolution CMS 7.2.5 In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. | 7.2 |
2023-01-03 | CVE-2022-45867 | Mybb | Path Traversal vulnerability in Mybb MyBB before 1.8.33 allows Directory Traversal. | 7.2 |
2023-01-03 | CVE-2022-4871 | Nflpick EM | SQL Injection vulnerability in Nflpick-Em A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. | 7.2 |
2023-01-03 | CVE-2022-40740 | Realtek | Unspecified vulnerability in Realtek Usdk and Xpon Software Development KIT Realtek GPON router has insufficient filtering for special characters. | 7.2 |
2023-01-02 | CVE-2022-4302 | Videousermanuals | Unspecified vulnerability in Videousermanuals White Label CMS 2.2.9 The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 7.2 |
2023-01-02 | CVE-2022-4324 | Wpgogo | Unspecified vulnerability in Wpgogo Custom Field Template The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. | 7.2 |
2023-01-02 | CVE-2022-4351 | QE SEO Handyman Project | Unspecified vulnerability in QE SEO Handyman Project QE SEO Handyman The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4352 | QE SEO Handyman Project | Unspecified vulnerability in QE SEO Handyman Project QE SEO Handyman The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4355 | Letsrecover Project | Unspecified vulnerability in Letsrecover Project Letsrecover The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4356 | Letsrecover Project | Unspecified vulnerability in Letsrecover Project Letsrecover The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4358 | WP RSS BY Publishers Project | Unspecified vulnerability in WP RSS BY Publishers Project WP RSS BY Publishers The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4359 | WP RSS BY Publishers Project | Unspecified vulnerability in WP RSS BY Publishers Project WP RSS BY Publishers The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4360 | WP RSS BY Publishers Project | SQL Injection vulnerability in WP RSS BY Publishers Project WP RSS BY Publishers The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-01-02 | CVE-2022-4370 | Multimedial Images Project | Unspecified vulnerability in Multimedial Images Project Multimedial Images The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | 7.2 |
2023-01-02 | CVE-2022-4371 | Mohanjith | Unspecified vulnerability in Mohanjith web Invoice The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. | 7.2 |
2023-01-02 | CVE-2022-4372 | WEB Invoice Project | Unspecified vulnerability in web Invoice Project web Invoice The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. | 7.2 |
2023-01-02 | CVE-2022-4373 | Quote O Matic Project | Unspecified vulnerability in Quote-O-Matic Project Quote-O-Matic The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
2023-01-06 | CVE-2022-2483 | Nokia | Assumed-Immutable Data Stored in Writable Memory vulnerability in Nokia products The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. | 7.1 |
2023-01-05 | CVE-2022-47092 | Gpac | Integer Overflow or Wraparound vulnerability in Gpac GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316 | 7.1 |
202 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-04 | CVE-2022-39081 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In network service, there is a missing permission check. | 6.7 | |
2023-01-04 | CVE-2022-39082 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In network service, there is a missing permission check. | 6.7 | |
2023-01-04 | CVE-2022-39083 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In network service, there is a missing permission check. | 6.7 | |
2023-01-04 | CVE-2022-39084 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In network service, there is a missing permission check. | 6.7 | |
2023-01-04 | CVE-2022-39085 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In network service, there is a missing permission check. | 6.7 | |
2023-01-04 | CVE-2022-39086 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In network service, there is a missing permission check. | 6.7 | |
2023-01-04 | CVE-2022-39087 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In network service, there is a missing permission check. | 6.7 | |
2023-01-04 | CVE-2022-39088 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In network service, there is a missing permission check. | 6.7 | |
2023-01-03 | CVE-2022-32623 | Unspecified vulnerability in Google Android 12.0 In mdp, there is a possible out of bounds write due to incorrect error handling. | 6.7 | |
2023-01-03 | CVE-2022-32636 | Out-of-bounds Write vulnerability in Google Android In keyinstall, there is a possible out of bounds write due to an integer overflow. | 6.7 | |
2023-01-03 | CVE-2022-32637 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0 In hevc decoder, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-01-03 | CVE-2022-32640 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0 In meta wifi, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-01-03 | CVE-2022-32641 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In meta wifi, there is a possible out of bounds read due to a missing bounds check. | 6.7 | |
2023-01-03 | CVE-2022-32646 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In gpu drm, there is a possible stack overflow due to a missing bounds check. | 6.7 | |
2023-01-03 | CVE-2022-32647 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In ccu, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2023-01-03 | CVE-2022-32649 | Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0 In jpeg, there is a possible use after free due to a logic error. | 6.7 | |
2023-01-03 | CVE-2022-32650 | Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0/13.0 In mtk-isp, there is a possible use after free due to a logic error. | 6.7 | |
2023-01-03 | CVE-2022-32651 | Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0 In mtk-aie, there is a possible use after free due to a logic error. | 6.7 | |
2023-01-03 | CVE-2022-32652 | Improper Input Validation vulnerability in Google Android 11.0/12.0/13.0 In mtk-aie, there is a possible use after free due to a logic error. | 6.7 | |
2023-01-03 | CVE-2022-32653 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In mtk-aie, there is a possible use after free due to a logic error. | 6.7 | |
2023-01-03 | CVE-2022-32657 | Mediatek | Improper Handling of Exceptional Conditions vulnerability in Mediatek products In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. | 6.7 |
2023-01-03 | CVE-2022-32658 | Mediatek | Improper Handling of Exceptional Conditions vulnerability in Mediatek products In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. | 6.7 |
2023-01-03 | CVE-2022-32659 | Mediatek Thelinuxfoundation | Improper Handling of Exceptional Conditions vulnerability in multiple products In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. | 6.7 |
2023-01-06 | CVE-2022-47974 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. | 6.5 |
2023-01-05 | CVE-2022-23548 | Discourse | Unspecified vulnerability in Discourse Discourse is an option source discussion platform. | 6.5 |
2023-01-05 | CVE-2022-23549 | Discourse | Unspecified vulnerability in Discourse Discourse is an option source discussion platform. | 6.5 |
2023-01-05 | CVE-2023-0086 | Crocoblock | Unspecified vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. | 6.5 |
2023-01-05 | CVE-2022-22371 | IBM | Insufficient Session Expiration vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2023-01-05 | CVE-2022-43528 | Arubanetworks | Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. | 6.5 |
2023-01-04 | CVE-2022-45052 | Axiell | Files or Directories Accessible to External Parties vulnerability in Axiell Iguana 4.0.0 A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. | 6.5 |
2023-01-04 | CVE-2022-22337 | IBM | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. | 6.5 |
2023-01-03 | CVE-2022-46305 | Changingtec | Path Traversal vulnerability in Changingtec Servisign ChangingTec ServiSign component has a path traversal vulnerability. | 6.5 |
2023-01-03 | CVE-2022-46309 | Vitalsesp | Path Traversal vulnerability in Vitalsesp Vitals ESP Vitals ESP upload function has a path traversal vulnerability. | 6.5 |
2023-01-02 | CVE-2022-0337 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. | 6.5 | |
2023-01-02 | CVE-2022-4236 | Collne | Files or Directories Accessible to External Parties vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. | 6.5 |
2023-01-02 | CVE-2023-22452 | Kenny2Automate Project | Improper Input Validation vulnerability in Kenny2Automate Project Kenny2Automate kenny2automate is a Discord bot. | 6.5 |
2023-01-03 | CVE-2022-32638 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 11.0/12.0/13.0 In isp, there is a possible out of bounds write due to a race condition. | 6.4 | |
2023-01-03 | CVE-2022-32644 | Improper Synchronization vulnerability in Google Android 11.0/12.0/13.0 In vow, there is a possible use after free due to a race condition. | 6.4 | |
2023-01-03 | CVE-2022-32648 | Improper Synchronization vulnerability in Google Android 11.0/12.0 In disp, there is a possible use after free due to a race condition. | 6.4 | |
2023-01-08 | CVE-2014-125070 | Console Project | Cross-site Scripting vulnerability in Console Project Console A vulnerability has been found in yanheven console and classified as problematic. | 6.1 |
2023-01-08 | CVE-2021-4309 | 01 Scripts | Cross-site Scripting vulnerability in 01-Scripts 01Acp A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. | 6.1 |
2023-01-07 | CVE-2022-1102 | Event Management System Project | Cross-site Scripting vulnerability in Event Management System Project Event Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. | 6.1 |
2023-01-07 | CVE-2017-20164 | Symbiote | Open Redirect vulnerability in Symbiote Seed 6.0.0/6.0.1/6.0.2 A vulnerability was found in Symbiote Seed up to 6.0.2. | 6.1 |
2023-01-07 | CVE-2015-10028 | Pear Programming Project | Cross-site Scripting vulnerability in Pear Programming Project Pear Programming A vulnerability has been found in ss15-this-is-sparta and classified as problematic. | 6.1 |
2023-01-07 | CVE-2015-10021 | Rimdev | Cross-site Scripting vulnerability in Rimdev Definely A vulnerability was found in ritterim definely. | 6.1 |
2023-01-07 | CVE-2020-36644 | Inline SVG Project | Cross-site Scripting vulnerability in Inline SVG Project Inline SVG A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. | 6.1 |
2023-01-07 | CVE-2015-10019 | Mysimplifiedsql Project | Cross-site Scripting vulnerability in Mysimplifiedsql Project Mysimplifiedsql A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. | 6.1 |
2023-01-06 | CVE-2022-45911 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 9.0. | 6.1 |
2023-01-06 | CVE-2022-45913 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 9.0. | 6.1 |
2023-01-06 | CVE-2023-22475 | Thinkst | Cross-site Scripting vulnerability in Thinkst Canarytokens 20190301/20220701 Canarytokens is an open source tool which helps track activity and actions on your network. | 6.1 |
2023-01-06 | CVE-2022-44870 | Maccms | Cross-site Scripting vulnerability in Maccms 10.0 A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. | 6.1 |
2023-01-05 | CVE-2021-32828 | Hyland | Cross-site Scripting vulnerability in Hyland Nuxeo The Nuxeo Platform is an open source content management platform for building business applications. | 6.1 |
2023-01-05 | CVE-2023-22455 | Discourse | Cross-site Scripting vulnerability in Discourse Discourse is an option source discussion platform. | 6.1 |
2023-01-05 | CVE-2023-22454 | Discourse | Cross-site Scripting vulnerability in Discourse Discourse is an option source discussion platform. | 6.1 |
2023-01-05 | CVE-2015-10013 | Webdevstudios | Cross-site Scripting vulnerability in Webdevstudios Taxonomy Switcher 1.0.0/1.0.1 A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. | 6.1 |
2023-01-05 | CVE-2018-25065 | Wikimedia | Cross-site Scripting vulnerability in Wikimedia Mediawiki-Extensions-I18Ntags A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. | 6.1 |
2023-01-05 | CVE-2022-4877 | Keter Project | Cross-site Scripting vulnerability in Keter Project Keter A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. | 6.1 |
2023-01-05 | CVE-2016-15010 | Django Ucamlookup Project | Cross-site Scripting vulnerability in Django-Ucamlookup Project Django-Ucamlookup ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. | 6.1 |
2023-01-05 | CVE-2018-25064 | Show ME THE WAY Project | Cross-site Scripting vulnerability in Show-Me-The-Way Project Show-Me-The-Way A vulnerability was found in OSM Lab show-me-the-way. | 6.1 |
2023-01-05 | CVE-2021-4303 | Xataface Project | Cross-site Scripting vulnerability in Xataface Project Xataface A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. | 6.1 |
2023-01-05 | CVE-2019-25095 | Ldapcherry Project | Cross-site Scripting vulnerability in Ldapcherry Project Ldapcherry A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. | 6.1 |
2023-01-05 | CVE-2019-25096 | Extplorer | Cross-site Scripting vulnerability in Extplorer A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. | 6.1 |
2023-01-05 | CVE-2022-34330 | IBM | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. | 6.1 |
2023-01-05 | CVE-2022-43525 | Arubanetworks | Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2023-01-05 | CVE-2022-43526 | Arubanetworks | Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2023-01-05 | CVE-2022-43527 | Arubanetworks | Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2023-01-05 | CVE-2023-0057 | Pyload Pyload NG Project | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33. | 6.1 |
2023-01-04 | CVE-2022-4876 | Kaltura | Cross-site Scripting vulnerability in Kaltura Mwembed A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. | 6.1 |
2023-01-04 | CVE-2021-4302 | Phpwcms | Cross-site Scripting vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26. | 6.1 |
2023-01-04 | CVE-2022-4875 | Linuxfoundation | Cross-site Scripting vulnerability in Linuxfoundation Fossology A vulnerability has been found in fossology and classified as problematic. | 6.1 |
2023-01-04 | CVE-2022-45049 | Axiell | Cross-site Scripting vulnerability in Axiell Iguana A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. | 6.1 |
2023-01-04 | CVE-2022-45051 | Axiell | Cross-site Scripting vulnerability in Axiell Iguana A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. | 6.1 |
2023-01-04 | CVE-2022-46456 | Nasm | Classic Buffer Overflow vulnerability in Nasm Netwide Assembler 2.16/2.16.01 NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c. | 6.1 |
2023-01-04 | CVE-2023-22461 | Sanitize SVG Project | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Sanitize-Svg Project Sanitize-Svg The `sanitize-svg` package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS. | 6.1 |
2023-01-04 | CVE-2014-125039 | Neoxplora Project | Cross-site Scripting vulnerability in Neoxplora Project Neoxplora A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. | 6.1 |
2023-01-04 | CVE-2016-15008 | Coebot WWW Project | Cross-site Scripting vulnerability in Coebot-Www Project Coebot-Www A vulnerability was found in oxguy3 coebot-www and classified as problematic. | 6.1 |
2023-01-04 | CVE-2019-25094 | Innologi | Cross-site Scripting vulnerability in Innologi Appointment Scheduler A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. | 6.1 |
2023-01-03 | CVE-2023-22456 | Viewvc | Cross-site Scripting vulnerability in Viewvc ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. | 6.1 |
2023-01-03 | CVE-2022-4663 | Youngtechleads | Cross-site Scripting vulnerability in Youngtechleads Members Import 1.4.2 The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. | 6.1 |
2023-01-03 | CVE-2023-0038 | AYS PRO | Unspecified vulnerability in Ays-Pro Survey Maker The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. | 6.1 |
2023-01-03 | CVE-2012-10003 | Rivettracker Project | Cross-site Scripting vulnerability in Rivettracker Project Rivettracker A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. | 6.1 |
2023-01-03 | CVE-2012-10002 | Rivettracker Project | Cross-site Scripting vulnerability in Rivettracker Project Rivettracker 20120303 A vulnerability was found in ahmyi RivetTracker. | 6.1 |
2023-01-03 | CVE-2022-3614 | Octopus | Open Redirect vulnerability in Octopus Server In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | 6.1 |
2023-01-02 | CVE-2022-0801 | Cross-site Scripting vulnerability in Google Chrome Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. | 6.1 | |
2023-01-02 | CVE-2022-3863 | Use After Free vulnerability in Google Chrome Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.1 | |
2023-01-02 | CVE-2022-4329 | Product List Widget FOR Woocommerce Project | Unspecified vulnerability in Product List Widget for Woocommerce Project Product List Widget for Woocommerce The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin). | 6.1 |
2023-01-02 | CVE-2022-4369 | Wplite | Cross-site Scripting vulnerability in Wplite Wp-Lister Lite for Amazon The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin. | 6.1 |
2023-01-02 | CVE-2015-10010 | Cisco | Cross-site Scripting vulnerability in Cisco Openresolve A vulnerability was found in OpenDNS OpenResolve. | 6.1 |
2023-01-02 | CVE-2014-125035 | Jobs Plugin Project | Cross-site Scripting vulnerability in Jobs-Plugin Project Jobs-Plugin A vulnerability classified as problematic was found in Jobs-Plugin. | 6.1 |
2023-01-02 | CVE-2022-48197 | YUI Project | Cross-site Scripting vulnerability in YUI Project YUI 2000/2800 Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. | 6.1 |
2023-01-02 | CVE-2014-125034 | Contact APP Project | Cross-site Scripting vulnerability in Contact APP Project Contact APP A vulnerability has been found in stiiv contact_app and classified as problematic. | 6.1 |
2023-01-02 | CVE-2015-10007 | Weipdcrm Project | Cross-site Scripting vulnerability in Weipdcrm Project Weipdcrm ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. | 6.1 |
2023-01-02 | CVE-2014-125031 | Teknet Project | Cross-site Scripting vulnerability in Teknet Project Teknet A vulnerability was found in kirill2485 TekNet. | 6.1 |
2023-01-07 | CVE-2016-15014 | Cesnet | Insufficiently Protected Credentials vulnerability in Cesnet Theme-Cesnet A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. | 5.5 |
2023-01-07 | CVE-2023-0114 | Netis Systems | Cleartext Storage in a File or on Disk vulnerability in Netis-Systems Netcore Router Firmware A vulnerability was found in Netis Netcore Router. | 5.5 |
2023-01-06 | CVE-2022-45787 | Apache | Cleartext Storage of Sensitive Information vulnerability in Apache James Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. | 5.5 |
2023-01-06 | CVE-2022-45935 | Apache | Exposure of Resource to Wrong Sphere vulnerability in Apache James Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. | 5.5 |
2023-01-05 | CVE-2021-40341 | Hitachienergy | Inadequate Encryption Strength vulnerability in Hitachienergy Foxman-Un and Unem DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. | 5.5 |
2023-01-05 | CVE-2022-3928 | Hitachienergy | Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem Hardcoded credential is found in affected products' message queue. | 5.5 |
2023-01-05 | CVE-2022-23546 | Discourse | Information Exposure vulnerability in Discourse In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. | 5.5 |
2023-01-05 | CVE-2022-47662 | Gpac | Uncontrolled Recursion vulnerability in Gpac GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 | 5.5 |
2023-01-05 | CVE-2022-46489 | Gpac | Memory Leak vulnerability in Gpac GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c. | 5.5 |
2023-01-05 | CVE-2022-46490 | Gpac | Memory Leak vulnerability in Gpac GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c. | 5.5 |
2023-01-05 | CVE-2022-47086 | Gpac | Unspecified vulnerability in Gpac GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c | 5.5 |
2023-01-05 | CVE-2022-43540 | Arubanetworks | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. | 5.5 |
2023-01-04 | CVE-2022-46457 | Nasm | Unspecified vulnerability in Nasm Netwide Assembler 2.16 NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. | 5.5 |
2023-01-04 | CVE-2022-38678 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In contacts service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-38682 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In contacts service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-38683 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In contacts service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-38684 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In contacts service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-39104 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In contacts service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-39116 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-39118 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44422 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In music service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44423 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In music service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44424 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In music service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44425 | Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44426 | Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44427 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44428 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44429 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44430 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44431 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44432 | Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44434 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44435 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44436 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44437 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44438 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44439 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In messaging service, there is a missing permission check. | 5.5 | |
2023-01-04 | CVE-2022-44440 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44441 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44442 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | 5.5 | |
2023-01-04 | CVE-2022-44443 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44444 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44445 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-04 | CVE-2022-44446 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing bounds check. | 5.5 | |
2023-01-08 | CVE-2022-4881 | Pac3 Project | Cross-site Scripting vulnerability in Pac3 Project Pac3 A vulnerability was found in CapsAdmin PAC3. | 5.4 |
2023-01-07 | CVE-2023-0106 | Usememos | Cross-site Scripting vulnerability in Usememos Memos Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 |
2023-01-07 | CVE-2023-0107 | Usememos | Cross-site Scripting vulnerability in Usememos Memos Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 |
2023-01-07 | CVE-2023-0108 | Usememos | Cross-site Scripting vulnerability in Usememos Memos Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 |
2023-01-07 | CVE-2023-0110 | Usememos | Cross-site Scripting vulnerability in Usememos Memos Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 |
2023-01-07 | CVE-2023-0111 | Usememos | Cross-site Scripting vulnerability in Usememos Memos Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 |
2023-01-07 | CVE-2023-0112 | Usememos | Cross-site Scripting vulnerability in Usememos Memos Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 5.4 |
2023-01-06 | CVE-2022-39072 | ZTE | SQL Injection vulnerability in ZTE Mf286R Firmware and Mf289D Firmware There is a SQL injection vulnerability in Some ZTE Mobile Internet products. | 5.4 |
2023-01-06 | CVE-2014-125048 | Kluks | Session Fixation vulnerability in Kluks Xingwall A vulnerability, which was classified as critical, has been found in kassi xingwall. | 5.4 |
2023-01-05 | CVE-2022-43524 | Arubanetworks | Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 5.4 |
2023-01-05 | CVE-2022-43529 | Arubanetworks | Session Fixation vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. | 5.4 |
2023-01-04 | CVE-2023-22466 | Tokio | Improper Initialization vulnerability in Tokio Tokio is a runtime for writing applications with Rust. | 5.4 |
2023-01-04 | CVE-2021-38928 | IBM | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 5.4 |
2023-01-04 | CVE-2022-22352 | IBM | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. | 5.4 |
2023-01-04 | CVE-2022-46180 | Discourse | Cross-site Scripting vulnerability in Discourse Mermaid Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. | 5.4 |
2023-01-04 | CVE-2023-22464 | Viewvc | Cross-site Scripting vulnerability in Viewvc ViewVC is a browser interface for CVS and Subversion version control repositories. | 5.4 |
2023-01-03 | CVE-2022-42710 | Niceforyou | Cross-site Scripting vulnerability in Niceforyou Linear Emerge E3 Access Control Firmware Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS). | 5.4 |
2023-01-03 | CVE-2022-42471 | Fortinet | Injection vulnerability in Fortinet Fortiweb An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. | 5.4 |
2023-01-02 | CVE-2021-21200 | Out-of-bounds Read vulnerability in Google Chrome Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 5.4 | |
2023-01-02 | CVE-2022-4114 | Apusthemes | Unspecified vulnerability in Apusthemes Superio The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks. | 5.4 |
2023-01-02 | CVE-2022-4362 | Code Atlantic | Unspecified vulnerability in Code-Atlantic Popup Maker The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-01-02 | CVE-2022-4381 | Code Atlantic | Unspecified vulnerability in Code-Atlantic Popup Maker The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-01-02 | CVE-2019-25093 | Recent Threads ON Index Project | Cross-site Scripting vulnerability in Recent Threads on Index Project Recent Threads on Index A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. | 5.4 |
2023-01-08 | CVE-2016-15015 | Paysafe | Information Exposure Through Discrepancy vulnerability in Paysafe Barzahlen Payment Module PHP SDK A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. | 5.3 |
2023-01-08 | CVE-2014-125068 | Maps JS Icoads Project | Path Traversal vulnerability in Maps-Js-Icoads Project Maps-Js-Icoads A vulnerability was found in saxman maps-js-icoads and classified as critical. | 5.3 |
2023-01-08 | CVE-2014-125069 | Maps JS Icoads Project | Path Traversal vulnerability in Maps-Js-Icoads Project Maps-Js-Icoads A vulnerability was found in saxman maps-js-icoads. | 5.3 |
2023-01-08 | CVE-2015-10030 | Surpass Project | Path Traversal vulnerability in Surpass Project Surpass A vulnerability has been found in SUKOHI Surpass and classified as critical. | 5.3 |
2023-01-08 | CVE-2020-36647 | Yunohost | Path Traversal vulnerability in Yunohost Transmission YNH A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. | 5.3 |
2023-01-07 | CVE-2014-125056 | Pylonsproject | Information Exposure Through Timing Discrepancy vulnerability in Pylonsproject Horus A vulnerability was found in Pylons horus and classified as problematic. | 5.3 |
2023-01-07 | CVE-2014-125055 | Easy Script Project | Information Exposure Through Timing Discrepancy vulnerability in Easy-Script Project Easy-Script A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. | 5.3 |
2023-01-06 | CVE-2019-25099 | Afkmods | Path Traversal vulnerability in Afkmods Qsf-Portal A vulnerability classified as critical was found in Arthmoor QSF-Portal. | 5.3 |
2023-01-06 | CVE-2022-4878 | Jatos | Path Traversal vulnerability in Jatos A vulnerability classified as critical has been found in JATOS. | 5.3 |
2023-01-05 | CVE-2022-47543 | Siren | Unspecified vulnerability in Siren Investigate An issue was discovered in Siren Investigate before 12.1.7. | 5.3 |
2023-01-05 | CVE-2023-22453 | Discourse | Information Exposure vulnerability in Discourse Discourse is an option source discussion platform. | 5.3 |
2023-01-05 | CVE-2022-43573 | IBM | Information Exposure vulnerability in IBM products IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. | 5.3 |
2023-01-05 | CVE-2017-20162 | Vercel | Unspecified vulnerability in Vercel MS A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. | 5.3 |
2023-01-05 | CVE-2023-22622 | Wordpress | Unspecified vulnerability in Wordpress WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. | 5.3 |
2023-01-04 | CVE-2023-0055 | Pyload | Cleartext Transmission of Sensitive Information vulnerability in Pyload 0.5.0 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. | 5.3 |
2023-01-04 | CVE-2023-22465 | Typelevel | Improper Input Validation vulnerability in Typelevel Http4S Http4s is a Scala interface for HTTP services. | 5.3 |
2023-01-02 | CVE-2022-4057 | Optimizingmatters | Forced Browsing vulnerability in Optimizingmatters Autooptimize The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. | 5.3 |
2023-01-02 | CVE-2022-4340 | Reputeinfosystems | Unspecified vulnerability in Reputeinfosystems Bookingpress The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter. | 5.3 |
2023-01-02 | CVE-2022-4417 | Cerber | Unspecified vulnerability in Cerber WP Cerber Security, Anti-Spam & Malware Scan The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users | 5.3 |
2023-01-02 | CVE-2016-15006 | Enigmax Project | Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Enigmax Project Enigmax A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. | 5.3 |
2023-01-05 | CVE-2023-0087 | Swifty Page Manager Project | Unspecified vulnerability in Swifty Page Manager Project Swifty Page Manager 3.0.1 The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spm_plugin_options_page_tree_max_width’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. | 4.8 |
2023-01-05 | CVE-2022-43532 | Arubanetworks | Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 4.8 |
2023-01-03 | CVE-2022-41336 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortiportal An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter. | 4.8 |
2023-01-02 | CVE-2022-3936 | Wpdarko | Unspecified vulnerability in Wpdarko Team Members The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in a multisite setup). | 4.8 |
2023-01-02 | CVE-2022-4119 | Sirv | Unspecified vulnerability in Sirv Image Optimizer, Resizer and CDN The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-02 | CVE-2022-4142 | Wordpress Filter Gallery Project | Unspecified vulnerability in Wordpress Filter Gallery Project Wordpress Filter Gallery The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled. | 4.8 |
2023-01-02 | CVE-2022-4198 | WP Social Sharing Project | Unspecified vulnerability in WP Social Sharing Project WP Social Sharing The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-02 | CVE-2022-4200 | Miniorange | Unspecified vulnerability in Miniorange Login With Cognito The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-02 | CVE-2022-4256 | Themesgrove | Unspecified vulnerability in Themesgrove All-In-One Addons for Elementor The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-01-02 | CVE-2022-4260 | WP BAN Project | Unspecified vulnerability in Wp-Ban Project Wp-Ban The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-05 | CVE-2022-41740 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM products IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. | 4.6 |
2023-01-05 | CVE-2022-43539 | Arubanetworks | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. | 4.5 |
2023-01-05 | CVE-2022-4432 | Lenovo | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
2023-01-05 | CVE-2022-4433 | Lenovo | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
2023-01-05 | CVE-2022-4434 | Lenovo | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
2023-01-05 | CVE-2022-4435 | Lenovo | Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46 A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. | 4.4 |
2023-01-03 | CVE-2022-32639 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0 In watchdog, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-01-07 | CVE-2014-125054 | Reddit ON Rails Project | Improper Access Control vulnerability in Reddit-On-Rails Project Reddit-On-Rails A vulnerability classified as critical was found in koroket RedditOnRails. | 4.3 |
2023-01-02 | CVE-2022-4025 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. | 4.3 | |
2023-01-02 | CVE-2022-3994 | Authenticator Project | Unspecified vulnerability in Authenticator Project Authenticator The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations. | 4.3 |
2023-01-02 | CVE-2014-125036 | Ansible NTP Project | Unspecified vulnerability in Ansible-Ntp Project Ansible-Ntp A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. | 4.3 |
2023-01-03 | CVE-2022-32645 | Improper Synchronization vulnerability in Google Android 11.0/12.0/13.0 In vow, there is a possible information disclosure due to a race condition. | 4.1 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-05 | CVE-2022-46168 | Discourse | Privacy Violation vulnerability in Discourse Discourse is an option source discussion platform. | 3.5 |
2023-01-02 | CVE-2022-4109 | Cedcommerce | Unspecified vulnerability in Cedcommerce Wholesale Market for Woocommerce 1.0.7/1.0.8 The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite) | 2.7 |