Weekly Vulnerabilities Reports > January 2 to 8, 2023

Overview

446 new vulnerabilities reported during this period, including 104 critical vulnerabilities and 138 high severity vulnerabilities. This weekly summary report vulnerabilities in 296 products from 242 vendors including Google, Arubanetworks, Gpac, IBM, and Discourse. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Out-of-bounds Write", "Missing Authorization", and "Out-of-bounds Read".

  • 320 reported vulnerabilities are remotely exploitables.
  • 189 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 278 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 67 reported vulnerabilities.
  • Hitachienergy has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

104 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-03 CVE-2022-43931 Synology Unspecified vulnerability in Synology VPN Plus Server 1.4.30534

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

10.0
2023-01-08 CVE-2016-15016 Joomla MOD Einsatz Stats Project SQL Injection vulnerability in Joomla MOD Einsatz Stats Project Joomla MOD Einsatz Stats 0.1/0.2

A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2.

9.8
2023-01-08 CVE-2015-10031 Github SQL Injection vulnerability in Github 491-Project

A vulnerability classified as critical was found in purpleparrots 491-Project.

9.8
2023-01-08 CVE-2022-0668 Jfrog Improper Privilege Management vulnerability in Jfrog Artifactory

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

9.8
2023-01-08 CVE-2018-25072 Lojban SQL Injection vulnerability in Lojban Jbovlaste

A vulnerability classified as critical has been found in lojban jbovlaste.

9.8
2023-01-08 CVE-2019-25100 Twmap Project SQL Injection vulnerability in Twmap Project Twmap

A vulnerability was found in happyman twmap.

9.8
2023-01-08 CVE-2007-10002 WEB Cyradm Project SQL Injection vulnerability in Web-Cyradm Project Web-Cyradm

A vulnerability, which was classified as critical, has been found in web-cyradm.

9.8
2023-01-08 CVE-2014-125067 Curiosity Project SQL Injection vulnerability in Curiosity Project Curiosity

A vulnerability classified as critical was found in corincerami curiosity.

9.8
2023-01-08 CVE-2020-36648 Pouet SQL Injection vulnerability in Pouet Pouet2.0

A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0.

9.8
2023-01-08 CVE-2021-4308 Lboro SQL Injection vulnerability in Lboro Webpa

A vulnerability was found in WebPA up to 3.1.1.

9.8
2023-01-07 CVE-2014-125029 Paginationserviceprovider Project SQL Injection vulnerability in Paginationserviceprovider Project Paginationserviceprovider

A vulnerability was found in ttskch PaginationServiceProvider up to 0.x.

9.8
2023-01-07 CVE-2021-4301 Phpwcms SQL Injection vulnerability in PHPwcms

A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical.

9.8
2023-01-07 CVE-2022-1101 Event Management System Project Improper Authentication vulnerability in Event Management System Project Event Management System 1.0

A vulnerability was found in SourceCodester Royale Event Management System 1.0.

9.8
2023-01-07 CVE-2022-2666 Loan Management System Project SQL Injection vulnerability in Loan Management System Project Loan Management System 1.0

A vulnerability has been found in SourceCodester Loan Management System and classified as critical.

9.8
2023-01-07 CVE-2013-10009 Pychao Project SQL Injection vulnerability in Pychao Project Pychao

A vulnerability was found in DrAzraelTod pyChao and classified as critical.

9.8
2023-01-07 CVE-2014-125065 Bottle Auth Project SQL Injection vulnerability in Bottle-Auth Project Bottle-Auth

A vulnerability, which was classified as critical, was found in john5223 bottle-auth.

9.8
2023-01-07 CVE-2015-10029 Simplexrd Project XXE vulnerability in Simplexrd Project Simplexrd

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0.

9.8
2023-01-07 CVE-2016-15013 Forumhulp SQL Injection vulnerability in Forumhulp Search Results

A vulnerability was found in ForumHulp searchresults.

9.8
2023-01-07 CVE-2021-4307 Baobab Project Unspecified vulnerability in Baobab Project Baobab

A vulnerability was found in Yomguithereal Baobab up to 2.6.0.

9.8
2023-01-07 CVE-2014-125063 BID Project SQL Injection vulnerability in BID Project BID

A vulnerability was found in ada-l0velace Bid and classified as critical.

9.8
2023-01-07 CVE-2020-36645 Square SQL Injection vulnerability in Square Squalor

A vulnerability, which was classified as critical, was found in square squalor.

9.8
2023-01-07 CVE-2014-125062 Bitstorm Project SQL Injection vulnerability in Bitstorm Project Bitstorm

A vulnerability classified as critical was found in ananich bitstorm.

9.8
2023-01-07 CVE-2015-10027 Ttrrs Auth Ldap Project Injection vulnerability in Ttrrs-Auth-Ldap Project Ttrrs-Auth-Ldap 0.5

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP.

9.8
2023-01-07 CVE-2014-125059 Sternenblog Project External Control of File Name or Path vulnerability in Sternenblog Project Sternenblog

A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog.

9.8
2023-01-07 CVE-2014-125060 Collabcal Project Improper Authentication vulnerability in Collabcal Project Collabcal

A vulnerability, which was classified as critical, was found in holdennb CollabCal.

9.8
2023-01-07 CVE-2014-125061 Filebroker Project SQL Injection vulnerability in Filebroker Project Filebroker

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical.

9.8
2023-01-07 CVE-2015-10024 Larasync Project Path Traversal vulnerability in Larasync Project Larasync

A vulnerability classified as critical was found in hoffie larasync.

9.8
2023-01-07 CVE-2015-10026 Flairbot Project SQL Injection vulnerability in Flairbot Project Flairbot

A vulnerability was found in tiredtyrant flairbot.

9.8
2023-01-07 CVE-2016-15012 Salesforce SQL Injection vulnerability in Salesforce Mobile Software Development KIT 3.2.0/4.0.0

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x.

9.8
2023-01-07 CVE-2022-4880 Openutau Path Traversal vulnerability in Openutau

A vulnerability was found in stakira OpenUtau.

9.8
2023-01-07 CVE-2015-10022 Nlgis2 Project SQL Injection vulnerability in Nlgis2 Project Nlgis2

A vulnerability was found in IISH nlgis2.

9.8
2023-01-07 CVE-2015-10023 Trello Octometric Project SQL Injection vulnerability in Trello-Octometric Project Trello-Octometric

A vulnerability classified as critical has been found in Fumon trello-octometric.

9.8
2023-01-07 CVE-2018-25071 Lmeve Project SQL Injection vulnerability in Lmeve Project Lmeve

A vulnerability was found in roxlukas LMeve up to 0.1.58.

9.8
2023-01-07 CVE-2014-125058 Address Book Project SQL Injection vulnerability in Address Book Project Address Book

A vulnerability was found in LearnMeSomeCodes project3 and classified as critical.

9.8
2023-01-07 CVE-2018-25070 Aista SQL Injection vulnerability in Aista Phosphorus Five 8.2

A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical.

9.8
2023-01-07 CVE-2014-125057 Robitailletheknot Project Incorrect Comparison vulnerability in Robitailletheknot Project Robitailletheknot

A vulnerability was found in mrobit robitailletheknot.

9.8
2023-01-07 CVE-2018-25069 Netis Systems Use of Hard-coded Password vulnerability in Netis-Systems Netcore Router Firmware

A vulnerability classified as critical has been found in Netis Netcore Router.

9.8
2023-01-06 CVE-2014-125053 Piwigo SQL Injection vulnerability in Piwigo Guestbook

A vulnerability was found in Piwigo-Guest-Book up to 1.3.0.

9.8
2023-01-06 CVE-2013-10008 Eshop Project SQL Injection vulnerability in Eshop Project Eshop

A vulnerability was found in sheilazpy eShop.

9.8
2023-01-06 CVE-2014-125052 Sparql Identifiers Project SQL Injection vulnerability in Sparql-Identifiers Project Sparql-Identifiers

A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical.

9.8
2023-01-06 CVE-2018-25068 Globalpom Utils Project Exposure of Resource to Wrong Sphere vulnerability in Globalpom-Utils Project Globalpom-Utils

A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical.

9.8
2023-01-06 CVE-2022-39073 ZTE Command Injection vulnerability in ZTE Mf286R Firmware Nordicmf286Rb06

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.

9.8
2023-01-06 CVE-2014-125050 Voter JS Project SQL Injection vulnerability in Voter-Js Project Voter-Js

A vulnerability was found in ScottTZhang voter-js and classified as critical.

9.8
2023-01-06 CVE-2014-125051 Yii2 Jqgrid Widget Project SQL Injection vulnerability in Yii2-Jqgrid-Widget Project Yii2-Jqgrid-Widget

A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7.

9.8
2023-01-06 CVE-2014-125049 Blogile Project SQL Injection vulnerability in Blogile Project Blogile

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile.

9.8
2023-01-06 CVE-2015-10018 Weberp SQL Injection vulnerability in Weberp D2Files

A vulnerability has been found in DBRisinajumi d2files and classified as critical.

9.8
2023-01-06 CVE-2014-125047 School Store Project SQL Injection vulnerability in School-Store Project School-Store

A vulnerability classified as critical has been found in tbezman school-store.

9.8
2023-01-06 CVE-2015-10017 HPI SQL Injection vulnerability in HPI Prolod

A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical.

9.8
2023-01-06 CVE-2018-25066 Nodebatis Project SQL Injection vulnerability in Nodebatis Project Nodebatis

A vulnerability was found in PeterMu nodebatis up to 2.1.x.

9.8
2023-01-06 CVE-2020-36642 Jobe Project Command Injection vulnerability in Jobe Project Jobe

A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical.

9.8
2023-01-06 CVE-2014-125046 CUB Scout Tracker Project SQL Injection vulnerability in Cub-Scout-Tracker Project Cub-Scout-Tracker

A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker.

9.8
2023-01-06 CVE-2015-10016 Opensim Utils Project SQL Injection vulnerability in Opensim-Utils Project Opensim-Utils

A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils.

9.8
2023-01-06 CVE-2016-15011 E Contract XXE vulnerability in E-Contract Dssp

A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1.

9.8
2023-01-06 CVE-2023-22671 NSA Command Injection vulnerability in NSA Ghidra

Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.

9.8
2023-01-06 CVE-2022-25923 Exec Local BIN Project Unspecified vulnerability in Exec-Local-Bin Project Exec-Local-Bin

Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.

9.8
2023-01-05 CVE-2022-44877 Control Webpanel OS Command Injection vulnerability in Control-Webpanel Webpanel

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

9.8
2023-01-05 CVE-2014-125045 Meol1 Project SQL Injection vulnerability in Meol1 Project Meol1

A vulnerability has been found in meol1 and classified as critical.

9.8
2023-01-05 CVE-2021-40342 Hitachienergy Improper Authentication vulnerability in Hitachienergy Foxman-Un and Unem

In the DES implementation, the affected product versions use a default key for encryption.

9.8
2023-01-05 CVE-2022-3927 Hitachienergy Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem

The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification.

9.8
2023-01-05 CVE-2022-3929 Hitachienergy Cleartext Transmission of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem

Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP.

9.8
2023-01-05 CVE-2022-47544 Siren Unspecified vulnerability in Siren Investigate

An issue was discovered in Siren Investigate before 12.1.7.

9.8
2023-01-05 CVE-2014-125044 Wing Tight Project Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wing-Tight Project Wing-Tight

A vulnerability, which was classified as critical, was found in soshtolsus wing-tight.

9.8
2023-01-05 CVE-2017-20163 Nview Project SQL Injection vulnerability in Nview Project Nview

A vulnerability has been found in Red Snapper NView and classified as critical.

9.8
2023-01-05 CVE-2014-125041 Progetto Complementi Project SQL Injection vulnerability in Progetto-Complementi Project Progetto-Complementi

A vulnerability classified as critical was found in Miccighel PR-CWT.

9.8
2023-01-05 CVE-2015-10015 Glidernet SQL Injection vulnerability in Glidernet Ogn-Live

A vulnerability, which was classified as critical, has been found in glidernet ogn-live.

9.8
2023-01-05 CVE-2014-125040 Devnewsaggregator Project SQL Injection vulnerability in Devnewsaggregator Project Devnewsaggregator

A vulnerability was found in stevejagodzinski DevNewsAggregator.

9.8
2023-01-05 CVE-2015-10014 UKE Project SQL Injection vulnerability in UKE Project UKE

A vulnerability classified as critical has been found in arekk uke.

9.8
2023-01-05 CVE-2022-45995 Tenda Classic Buffer Overflow vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn

There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn.

9.8
2023-01-05 CVE-2020-36641 Gturri XXE vulnerability in Gturri Axmlrpc

A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0.

9.8
2023-01-05 CVE-2020-36640 Bonitasoft XXE vulnerability in Bonitasoft Webservice Connector

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0.

9.8
2023-01-05 CVE-2021-4304 Ulcc Core Project Command Injection vulnerability in Ulcc-Core Project Ulcc-Core

A vulnerability was found in eprintsug ulcc-core.

9.8
2023-01-05 CVE-2023-0077 Synology Unspecified vulnerability in Synology Router Manager

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

9.8
2023-01-05 CVE-2019-25097 Extplorer Path Traversal vulnerability in Extplorer

A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical.

9.8
2023-01-05 CVE-2019-25098 Extplorer Path Traversal vulnerability in Extplorer

A vulnerability was found in soerennb eXtplorer up to 2.1.12.

9.8
2023-01-05 CVE-2022-47523 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO

Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

9.8
2023-01-04 CVE-2021-4300 Halcyon Project Unspecified vulnerability in Halcyon Project Halcyon

A vulnerability has been found in ghostlander Halcyon and classified as critical.

9.8
2023-01-04 CVE-2022-22338 IBM SQL Injection vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection.

9.8
2023-01-04 CVE-2023-22463 Fit2Cloud Use of Hard-coded Credentials vulnerability in Fit2Cloud Kubepi

KubePi is a k8s panel.

9.8
2023-01-04 CVE-2022-45875 Apache Improper Input Validation vulnerability in Apache Dolphinscheduler

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability.

9.8
2023-01-04 CVE-2010-10003 Titlelink Project SQL Injection vulnerability in Titlelink Project Titlelink

A vulnerability classified as critical was found in gesellix titlelink on Joomla.

9.8
2023-01-04 CVE-2020-36639 Alliedmods Path Traversal vulnerability in Alliedmods AMX MOD X

A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical.

9.8
2023-01-03 CVE-2022-32665 Mediatek Command Injection vulnerability in Mediatek Linkit Software Development KIT 4.6.1

In Boa, there is a possible command injection due to improper input validation.

9.8
2023-01-03 CVE-2022-38627 Niceforyou SQL Injection vulnerability in Niceforyou Linear Emerge E3 Access Control Firmware

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter.

9.8
2023-01-03 CVE-2021-32824 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

Apache Dubbo is a java based, open source RPC framework.

9.8
2023-01-03 CVE-2022-39039 Aenrich Server-Side Request Forgery (SSRF) vulnerability in Aenrich A+Hrd 6.8/7.0

aEnrich’s a+HRD has inadequate filtering for specific URL parameter.

9.8
2023-01-03 CVE-2022-39041 Aenrich SQL Injection vulnerability in Aenrich A+Hrd 6.8/7.0

aEnrich a+HRD has insufficient user input validation for specific API parameter.

9.8
2023-01-03 CVE-2022-39042 Aenrich Improper Authentication vulnerability in Aenrich A+Hrd 6.8/7.0

aEnrich a+HRD has improper validation for login function.

9.8
2023-01-03 CVE-2022-47618 Meritlilin Use of Hard-coded Credentials vulnerability in Meritlilin Ah55B04 Firmware and Ah55B08 Firmware

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials.

9.8
2023-01-02 CVE-2015-10011 Cisco Improper Encoding or Escaping of Output vulnerability in Cisco Openresolve

A vulnerability classified as problematic has been found in OpenDNS OpenResolve.

9.8
2023-01-02 CVE-2022-3241 Rahamsolutions Unspecified vulnerability in Rahamsolutions Build APP Online

The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

9.8
2023-01-02 CVE-2022-4049 WP User Project Unspecified vulnerability in WP User Project WP User

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

9.8
2023-01-02 CVE-2022-4059 Blocksera SQL Injection vulnerability in Blocksera Cryptocurrency Widgets Pack 1.8.1

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

9.8
2023-01-02 CVE-2022-4099 Getcloudsms Unspecified vulnerability in Getcloudsms JOY of Text Lite

The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection

9.8
2023-01-02 CVE-2022-4297 Netflixtech Unspecified vulnerability in Netflixtech WP Autocomplete Search

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection

9.8
2023-01-02 CVE-2022-4298 Cedcommerce Unspecified vulnerability in Cedcommerce Wholesale Market

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server.

9.8
2023-01-02 CVE-2022-4357 Letsrecover Project Unspecified vulnerability in Letsrecover Project Letsrecover

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

9.8
2023-01-02 CVE-2016-15007 Centralized Salesforce Development Framework Project Injection vulnerability in Centralized Salesforce Development Framework Project Centralized Salesforce Development Framework

A vulnerability was found in Centralized-Salesforce-Dev-Framework.

9.8
2023-01-02 CVE-2014-125037 License TO Kill Project SQL Injection vulnerability in License to Kill Project License to Kill

A vulnerability, which was classified as critical, was found in License to Kill.

9.8
2023-01-02 CVE-2014-125038 IS Projecto2 Project SQL Injection vulnerability in IS Projecto2 Project IS Projecto2

A vulnerability has been found in IS_Projecto2 and classified as critical.

9.8
2023-01-02 CVE-2015-10009 Nonfiction Code Injection vulnerability in Nonfiction Nterchange 4.0.0/4.1.0

A vulnerability was found in nterchange up to 4.1.0.

9.8
2023-01-02 CVE-2015-10008 Weipdcrm Project SQL Injection vulnerability in Weipdcrm Project Weipdcrm

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM.

9.8
2023-01-02 CVE-2022-42475 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortios

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

9.8
2023-01-02 CVE-2014-125032 GO With ME Project SQL Injection vulnerability in Go-With-Me Project Go-With-Me

A vulnerability was found in porpeeranut go-with-me.

9.8
2023-01-02 CVE-2021-4298 ND SQL Injection vulnerability in ND Sipity

A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity.

9.8

138 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-06 CVE-2022-2482 Nokia Insufficient Protections on the Volatile Memory Containing Boot Code vulnerability in Nokia products

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux.

8.8
2023-01-06 CVE-2022-44149 Nexxtsolutions OS Command Injection vulnerability in Nexxtsolutions Amp300 Firmware 42.103.1.5095/80.103.2.5045

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component.

8.8
2023-01-06 CVE-2022-42979 Rydesharing Improper Certificate Validation vulnerability in Rydesharing Ryde 5.8.43

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link.

8.8
2023-01-05 CVE-2023-0088 Swifty Page Manager Project Cross-Site Request Forgery (CSRF) vulnerability in Swifty Page Manager Project Swifty Page Manager 3.0.1

The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1.

8.8
2023-01-05 CVE-2022-43844 IBM Insufficient Session Expiration vulnerability in IBM Robotic Process Automation for Cloud PAK

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control.

8.8
2023-01-05 CVE-2016-15009 Openacs Cross-Site Request Forgery (CSRF) vulnerability in Openacs Bug-Tracker

A vulnerability classified as problematic has been found in OpenACS bug-tracker.

8.8
2023-01-05 CVE-2022-43519 Arubanetworks SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.

8.8
2023-01-05 CVE-2022-43520 Arubanetworks SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.

8.8
2023-01-05 CVE-2022-43521 Arubanetworks SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.

8.8
2023-01-05 CVE-2022-43522 Arubanetworks SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.

8.8
2023-01-05 CVE-2022-43523 Arubanetworks SQL Injection vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.

8.8
2023-01-05 CVE-2022-43530 Arubanetworks SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance.

8.8
2023-01-05 CVE-2022-43531 Arubanetworks SQL Injection vulnerability in Arubanetworks Clearpass Policy Manager

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance.

8.8
2023-01-05 CVE-2022-43536 Arubanetworks OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host.

8.8
2023-01-05 CVE-2022-44535 Arubanetworks Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user.

8.8
2023-01-04 CVE-2022-43920 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter.

8.8
2023-01-04 CVE-2023-22457 Xwiki Cross-Site Request Forgery (CSRF) vulnerability in Xwiki Ckeditor Integration

CKEditor Integration UI adds support for editing wiki pages using CKEditor.

8.8
2023-01-04 CVE-2023-0048 Daloradius Code Injection vulnerability in Daloradius

Code Injection in GitHub repository lirantal/daloradius prior to master-branch.

8.8
2023-01-04 CVE-2022-42435 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Automation Workflow

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2023-01-03 CVE-2022-32664 Mediatek Command Injection vulnerability in Mediatek Linkit Software Development KIT 4.6.1

In Config Manager, there is a possible command injection due to improper input validation.

8.8
2023-01-03 CVE-2022-35845 Fortinet OS Command Injection vulnerability in Fortinet Fortitester

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.

8.8
2023-01-03 CVE-2022-39947 Fortinet OS Command Injection vulnerability in Fortinet Fortiadc

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

8.8
2023-01-03 CVE-2022-43436 Easy Test Project Unrestricted Upload of File with Dangerous Type vulnerability in Easy Test Project Easy Test 22H29

The File Upload function of EasyTest has insufficient filtering for special characters and file type.

8.8
2023-01-03 CVE-2022-43437 Easy Test Project SQL Injection vulnerability in Easy Test Project Easy Test 17L18S

The Download function’s parameter of EasyTest has insufficient validation for user input.

8.8
2023-01-03 CVE-2022-43438 Easy Test Project Incorrect Authorization vulnerability in Easy Test Project Easy Test

The Administrator function of EasyTest has an Incorrect Authorization vulnerability.

8.8
2023-01-03 CVE-2022-46304 Changingtec OS Command Injection vulnerability in Changingtec Servisign

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter.

8.8
2023-01-02 CVE-2021-30558 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

8.8
2023-01-02 CVE-2022-2742 Google Race Condition vulnerability in Google Chrome

Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.

8.8
2023-01-02 CVE-2022-2743 Google Integer Overflow or Wraparound vulnerability in Google Chrome

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions.

8.8
2023-01-02 CVE-2022-3860 Smackcoders Unspecified vulnerability in Smackcoders Visual Email Designer for Woocommerce

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author.

8.8
2023-01-02 CVE-2022-3911 Iubenda Missing Authorization vulnerability in Iubenda Iubenda-Cookie-Law-Solution

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays.

8.8
2023-01-02 CVE-2022-4237 Collne Unspecified vulnerability in Collne Welcart E-Commerce

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present on the blog

8.8
2023-01-02 CVE-2023-22451 Kiwitcms Weak Password Requirements vulnerability in Kiwitcms Kiwi Tcms

Kiwi TCMS is an open source test management system.

8.8
2023-01-03 CVE-2022-38723 Gravitee Path Traversal vulnerability in Gravitee API Management

Gravitee API Management before 3.15.13 allows path traversal through HTML injection.

8.6
2023-01-05 CVE-2022-46177 Discourse Insufficient Session Expiration vulnerability in Discourse

Discourse is an option source discussion platform.

8.1
2023-01-04 CVE-2022-48217 Tradr Project Unspecified vulnerability in Tradr-Project TF Remapper 1.1.1

The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior.

8.1
2023-01-03 CVE-2022-36943 Ssziparchive Project Link Following vulnerability in Ssziparchive Project Ssziparchive

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks.

8.1
2023-01-03 CVE-2022-38766 Renault Authentication Bypass by Capture-replay vulnerability in Renault ZOE E-Tech Firmware 2021

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.

8.1
2023-01-06 CVE-2022-2484 Nokia Insufficient Protections on the Volatile Memory Containing Boot Code vulnerability in Nokia Asik Airscale 474021A.101 Firmware

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware.

7.8
2023-01-06 CVE-2022-40201 Bentley Stack-based Buffer Overflow vulnerability in Bentley Microstation Connect 10.16.0.80/10.16.2.034

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed.

7.8
2023-01-06 CVE-2022-41613 Bentley Out-of-bounds Read vulnerability in Bentley Microstation Connect 10.16.0.80/10.16.2.034

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.

7.8
2023-01-06 CVE-2022-44939 Echatserver Uncontrolled Search Path Element vulnerability in Echatserver Easy Chat Server 3.1

Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll.

7.8
2023-01-05 CVE-2022-47653 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113

7.8
2023-01-05 CVE-2022-47654 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261

7.8
2023-01-05 CVE-2022-47655 Struktur
Debian
Out-of-bounds Write vulnerability in multiple products

Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>

7.8
2023-01-05 CVE-2022-47656 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273

7.8
2023-01-05 CVE-2022-47657 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662

7.8
2023-01-05 CVE-2022-47658 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039

7.8
2023-01-05 CVE-2022-47659 Gpac Out-of-bounds Write vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data

7.8
2023-01-05 CVE-2022-47660 Gpac Integer Overflow or Wraparound vulnerability in Gpac

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c

7.8
2023-01-05 CVE-2022-47661 Gpac Out-of-bounds Write vulnerability in Gpac

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes

7.8
2023-01-05 CVE-2022-47663 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609

7.8
2023-01-05 CVE-2022-4378 Linux Out-of-bounds Write vulnerability in Linux Kernel

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables.

7.8
2023-01-05 CVE-2022-3715 GNU
Redhat
Out-of-bounds Write vulnerability in multiple products

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform.

7.8
2023-01-05 CVE-2022-47087 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c

7.8
2023-01-05 CVE-2022-47088 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.

7.8
2023-01-05 CVE-2022-47089 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c

7.8
2023-01-05 CVE-2022-47091 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c

7.8
2023-01-05 CVE-2022-47093 Gpac Use After Free vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid

7.8
2023-01-05 CVE-2022-47094 Gpac NULL Pointer Dereference vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid

7.8
2023-01-05 CVE-2022-47095 Gpac Classic Buffer Overflow vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c

7.8
2023-01-05 CVE-2022-37933 HPE Injection vulnerability in HPE products

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers.

7.8
2023-01-05 CVE-2022-43533 Arubanetworks Unspecified vulnerability in Arubanetworks Clearpass Policy Manager

A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges.

7.8
2023-01-05 CVE-2022-43534 Arubanetworks Unspecified vulnerability in Arubanetworks Clearpass Policy Manager

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges.

7.8
2023-01-05 CVE-2022-43535 Arubanetworks Unspecified vulnerability in Arubanetworks Clearpass Policy Manager

A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges.

7.8
2023-01-04 CVE-2023-0054 VIM Out-of-bounds Write vulnerability in VIM

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.

7.8
2023-01-04 CVE-2022-25926 Window Control Project Unspecified vulnerability in Window-Control Project Window-Control

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.

7.8
2023-01-04 CVE-2023-0051 VIM Heap-based Buffer Overflow vulnerability in VIM

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.

7.8
2023-01-04 CVE-2023-0049 VIM
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

7.8
2023-01-03 CVE-2022-32635 Google Out-of-bounds Write vulnerability in Google Android

In gps, there is a possible out of bounds write due to a missing bounds check.

7.8
2023-01-03 CVE-2022-41645 Fujielectric Out-of-bounds Read vulnerability in Fujielectric V-Server

Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.

7.8
2023-01-03 CVE-2022-43448 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Tellus and V-Sft

Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.

7.8
2023-01-03 CVE-2022-46306 Changingtec Path Traversal vulnerability in Changingtec Servisign

ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path.

7.8
2023-01-03 CVE-2022-46360 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Tellus and V-Sft

Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file.

7.8
2023-01-03 CVE-2022-47317 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server

Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.

7.8
2023-01-03 CVE-2022-47908 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.

7.8
2023-01-02 CVE-2017-20161 Macgeiger Project Injection vulnerability in Macgeiger Project Macgeiger

A vulnerability classified as problematic has been found in rofl0r MacGeiger.

7.8
2023-01-08 CVE-2014-125066 Yuko BOT Project Improper Resource Shutdown or Release vulnerability in Yuko-Bot Project Yuko-Bot

A vulnerability was found in emmflo yuko-bot.

7.5
2023-01-07 CVE-2020-36646 Mediaarea NULL Pointer Dereference vulnerability in Mediaarea Zenlib

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38.

7.5
2023-01-07 CVE-2021-4306 Terminal KIT Project Unspecified vulnerability in Terminal-Kit Project Terminal-Kit

A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7.

7.5
2023-01-07 CVE-2015-10025 Miniconf Project Improper Resource Shutdown or Release vulnerability in Miniconf Project Miniconf

A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic.

7.5
2023-01-07 CVE-2023-0113 Netis Systems Information Exposure vulnerability in Netis-Systems Netcore Router Firmware

A vulnerability was found in Netis Netcore Router up to 2.2.6.

7.5
2023-01-06 CVE-2021-46867 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

7.5
2023-01-06 CVE-2021-46868 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

7.5
2023-01-06 CVE-2022-46761 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.

7.5
2023-01-06 CVE-2022-46762 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

7.5
2023-01-06 CVE-2022-47975 Huawei Double Free vulnerability in Huawei Emui and Harmonyos

The DUBAI module has a double free vulnerability.

7.5
2023-01-06 CVE-2022-47976 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.

7.5
2023-01-06 CVE-2022-4879 Forged Alliance Forever Project Unspecified vulnerability in Forged Alliance Forever Project Forged Alliance Forever

A vulnerability was found in Forged Alliance Forever up to 3746.

7.5
2023-01-06 CVE-2022-40049 Theme Park Ticketing System Project SQL Injection vulnerability in Theme Park Ticketing System Project Theme Park Ticketing System 1.0

SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page.

7.5
2023-01-05 CVE-2007-10001 WEB Cyradm Project SQL Injection vulnerability in Web-Cyradm Project Web-Cyradm

A vulnerability classified as problematic has been found in web-cyradm.

7.5
2023-01-05 CVE-2021-4305 Bridgeline Unspecified vulnerability in Bridgeline Robots-Txt-Guard

A vulnerability was found in Woorank robots-txt-guard.

7.5
2023-01-05 CVE-2022-43932 Synology Unspecified vulnerability in Synology Router Manager

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

7.5
2023-01-05 CVE-2022-4869 Evolution Events Unspecified vulnerability in Evolution-Events Artaxerxes

A vulnerability was found in Evolution Events Artaxerxes.

7.5
2023-01-05 CVE-2022-45857 Fortinet Unspecified vulnerability in Fortinet Fortimanager

An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted.

7.5
2023-01-05 CVE-2023-22626 Pghero Project Information Exposure Through an Error Message vulnerability in Pghero Project Pghero

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message.

7.5
2023-01-05 CVE-2022-37934 HP
HPE
Path Traversal vulnerability in multiple products

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series.

7.5
2023-01-04 CVE-2023-22467 Momentjs Unspecified vulnerability in Momentjs Luxon

Luxon is a library for working with dates and times in JavaScript.

7.5
2023-01-04 CVE-2022-48216 Uniswap Improper Locking vulnerability in Uniswap Universal Router Firmware

Uniswap Universal Router before 1.1.0 mishandles reentrancy.

7.5
2023-01-04 CVE-2023-22460 Protocol Improper Input Validation vulnerability in Protocol Go-Ipld-Prime

go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects.

7.5
2023-01-04 CVE-2022-46081 Garmin Information Exposure vulnerability in Garmin Connect 4.61

In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information.

7.5
2023-01-03 CVE-2022-2967 Prosysopc Insufficiently Protected Credentials vulnerability in Prosysopc UA Modbus Server and UA Simulation Server

Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data.

7.5
2023-01-03 CVE-2022-23506 Linuxfoundation Information Exposure Through Log Files vulnerability in Linuxfoundation Spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images.

7.5
2023-01-03 CVE-2022-45143 Apache Improper Encoding or Escaping of Output vulnerability in Apache Tomcat

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values.

7.5
2023-01-03 CVE-2021-32821 Mootools Unspecified vulnerability in Mootools

MooTools is a collection of JavaScript utilities for JavaScript developers.

7.5
2023-01-03 CVE-2013-10007 WP Print Friendly Project Information Exposure vulnerability in Wp-Print-Friendly Project WP Print Friendly

A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2.

7.5
2023-01-03 CVE-2015-10012 Sumocoders Information Exposure Through an Error Message vulnerability in Sumocoders Frameworkuserbundle

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x.

7.5
2023-01-03 CVE-2022-39040 Aenrich Path Traversal vulnerability in Aenrich A+Hrd 6.8/7.0

aEnrich a+HRD log read function has a path traversal vulnerability.

7.5
2023-01-03 CVE-2022-3460 Octopus Improper Cross-boundary Removal of Sensitive Data vulnerability in Octopus Server

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.

7.5
2023-01-02 CVE-2022-3842 Google Use After Free vulnerability in Google Chrome

Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

7.5
2023-01-02 CVE-2022-4140 Collne Unspecified vulnerability in Collne Welcart E-Commerce

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

7.5
2023-01-02 CVE-2014-125033 Rails CV APP Project Path Traversal vulnerability in Rails-Cv-App Project Rails-Cv-App

A vulnerability was found in rails-cv-app.

7.5
2023-01-02 CVE-2021-4299 String KIT Project Unspecified vulnerability in String KIT Project String KIT

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7.

7.5
2023-01-02 CVE-2019-13768 Google Use After Free vulnerability in Google Chrome

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

7.4
2023-01-06 CVE-2018-25067 Joomgallery Project SQL Injection vulnerability in Joomgallery Project Joomgallery

A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3.

7.2
2023-01-05 CVE-2022-43537 Arubanetworks OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host.

7.2
2023-01-05 CVE-2022-43538 Arubanetworks OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host.

7.2
2023-01-05 CVE-2022-44534 Arubanetworks Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host.

7.2
2023-01-04 CVE-2023-0046 Daloradius Improper Restriction of Names for Files and Other Resources vulnerability in Daloradius

Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.

7.2
2023-01-03 CVE-2022-44036 B2Evolution Unrestricted Upload of File with Dangerous Type vulnerability in B2Evolution CMS 7.2.5

In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution.

7.2
2023-01-03 CVE-2022-45867 Mybb Path Traversal vulnerability in Mybb

MyBB before 1.8.33 allows Directory Traversal.

7.2
2023-01-03 CVE-2022-4871 Nflpick EM SQL Injection vulnerability in Nflpick-Em

A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x.

7.2
2023-01-03 CVE-2022-40740 Realtek Unspecified vulnerability in Realtek Usdk and Xpon Software Development KIT

Realtek GPON router has insufficient filtering for special characters.

7.2
2023-01-02 CVE-2022-4302 Videousermanuals Unspecified vulnerability in Videousermanuals White Label CMS 2.2.9

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

7.2
2023-01-02 CVE-2022-4324 Wpgogo Unspecified vulnerability in Wpgogo Custom Field Template

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.

7.2
2023-01-02 CVE-2022-4351 QE SEO Handyman Project Unspecified vulnerability in QE SEO Handyman Project QE SEO Handyman

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-01-02 CVE-2022-4352 QE SEO Handyman Project Unspecified vulnerability in QE SEO Handyman Project QE SEO Handyman

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-01-02 CVE-2022-4355 Letsrecover Project Unspecified vulnerability in Letsrecover Project Letsrecover

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-01-02 CVE-2022-4356 Letsrecover Project Unspecified vulnerability in Letsrecover Project Letsrecover

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-01-02 CVE-2022-4358 WP RSS BY Publishers Project Unspecified vulnerability in WP RSS BY Publishers Project WP RSS BY Publishers

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-01-02 CVE-2022-4359 WP RSS BY Publishers Project Unspecified vulnerability in WP RSS BY Publishers Project WP RSS BY Publishers

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-01-02 CVE-2022-4360 WP RSS BY Publishers Project SQL Injection vulnerability in WP RSS BY Publishers Project WP RSS BY Publishers

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-01-02 CVE-2022-4370 Multimedial Images Project Unspecified vulnerability in Multimedial Images Project Multimedial Images

The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

7.2
2023-01-02 CVE-2022-4371 Mohanjith Unspecified vulnerability in Mohanjith web Invoice

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default.

7.2
2023-01-02 CVE-2022-4372 WEB Invoice Project Unspecified vulnerability in web Invoice Project web Invoice

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default.

7.2
2023-01-02 CVE-2022-4373 Quote O Matic Project Unspecified vulnerability in Quote-O-Matic Project Quote-O-Matic

The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2
2023-01-06 CVE-2022-2483 Nokia Assumed-Immutable Data Stored in Writable Memory vulnerability in Nokia products

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature.

7.1
2023-01-05 CVE-2022-47092 Gpac Integer Overflow or Wraparound vulnerability in Gpac

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316

7.1

202 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-04 CVE-2022-39081 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In network service, there is a missing permission check.

6.7
2023-01-04 CVE-2022-39082 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In network service, there is a missing permission check.

6.7
2023-01-04 CVE-2022-39083 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In network service, there is a missing permission check.

6.7
2023-01-04 CVE-2022-39084 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In network service, there is a missing permission check.

6.7
2023-01-04 CVE-2022-39085 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In network service, there is a missing permission check.

6.7
2023-01-04 CVE-2022-39086 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In network service, there is a missing permission check.

6.7
2023-01-04 CVE-2022-39087 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In network service, there is a missing permission check.

6.7
2023-01-04 CVE-2022-39088 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In network service, there is a missing permission check.

6.7
2023-01-03 CVE-2022-32623 Google Unspecified vulnerability in Google Android 12.0

In mdp, there is a possible out of bounds write due to incorrect error handling.

6.7
2023-01-03 CVE-2022-32636 Google Out-of-bounds Write vulnerability in Google Android

In keyinstall, there is a possible out of bounds write due to an integer overflow.

6.7
2023-01-03 CVE-2022-32637 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

In hevc decoder, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-01-03 CVE-2022-32640 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In meta wifi, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-01-03 CVE-2022-32641 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In meta wifi, there is a possible out of bounds read due to a missing bounds check.

6.7
2023-01-03 CVE-2022-32646 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In gpu drm, there is a possible stack overflow due to a missing bounds check.

6.7
2023-01-03 CVE-2022-32647 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In ccu, there is a possible out of bounds write due to improper input validation.

6.7
2023-01-03 CVE-2022-32649 Google Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0

In jpeg, there is a possible use after free due to a logic error.

6.7
2023-01-03 CVE-2022-32650 Google Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0/13.0

In mtk-isp, there is a possible use after free due to a logic error.

6.7
2023-01-03 CVE-2022-32651 Google Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0

In mtk-aie, there is a possible use after free due to a logic error.

6.7
2023-01-03 CVE-2022-32652 Google Improper Input Validation vulnerability in Google Android 11.0/12.0/13.0

In mtk-aie, there is a possible use after free due to a logic error.

6.7
2023-01-03 CVE-2022-32653 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In mtk-aie, there is a possible use after free due to a logic error.

6.7
2023-01-03 CVE-2022-32657 Mediatek Improper Handling of Exceptional Conditions vulnerability in Mediatek products

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling.

6.7
2023-01-03 CVE-2022-32658 Mediatek Improper Handling of Exceptional Conditions vulnerability in Mediatek products

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling.

6.7
2023-01-03 CVE-2022-32659 Mediatek
Thelinuxfoundation
Improper Handling of Exceptional Conditions vulnerability in multiple products

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling.

6.7
2023-01-06 CVE-2022-47974 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.

6.5
2023-01-05 CVE-2022-23548 Discourse Unspecified vulnerability in Discourse

Discourse is an option source discussion platform.

6.5
2023-01-05 CVE-2022-23549 Discourse Unspecified vulnerability in Discourse

Discourse is an option source discussion platform.

6.5
2023-01-05 CVE-2023-0086 Crocoblock Unspecified vulnerability in Crocoblock Jetwidgets for Elementor

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12.

6.5
2023-01-05 CVE-2022-22371 IBM Insufficient Session Expiration vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.

6.5
2023-01-05 CVE-2022-43528 Arubanetworks Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code.

6.5
2023-01-04 CVE-2022-45052 Axiell Files or Directories Accessible to External Parties vulnerability in Axiell Iguana 4.0.0

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS.

6.5
2023-01-04 CVE-2022-22337 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user.

6.5
2023-01-03 CVE-2022-46305 Changingtec Path Traversal vulnerability in Changingtec Servisign

ChangingTec ServiSign component has a path traversal vulnerability.

6.5
2023-01-03 CVE-2022-46309 Vitalsesp Path Traversal vulnerability in Vitalsesp Vitals ESP

Vitals ESP upload function has a path traversal vulnerability.

6.5
2023-01-02 CVE-2022-0337 Google Exposure of Resource to Wrong Sphere vulnerability in Google Chrome

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

6.5
2023-01-02 CVE-2022-4236 Collne Files or Directories Accessible to External Parties vulnerability in Collne Welcart E-Commerce

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.

6.5
2023-01-02 CVE-2023-22452 Kenny2Automate Project Improper Input Validation vulnerability in Kenny2Automate Project Kenny2Automate

kenny2automate is a Discord bot.

6.5
2023-01-03 CVE-2022-32638 Google Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 11.0/12.0/13.0

In isp, there is a possible out of bounds write due to a race condition.

6.4
2023-01-03 CVE-2022-32644 Google Improper Synchronization vulnerability in Google Android 11.0/12.0/13.0

In vow, there is a possible use after free due to a race condition.

6.4
2023-01-03 CVE-2022-32648 Google Improper Synchronization vulnerability in Google Android 11.0/12.0

In disp, there is a possible use after free due to a race condition.

6.4
2023-01-08 CVE-2014-125070 Console Project Cross-site Scripting vulnerability in Console Project Console

A vulnerability has been found in yanheven console and classified as problematic.

6.1
2023-01-08 CVE-2021-4309 01 Scripts Cross-site Scripting vulnerability in 01-Scripts 01Acp

A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP.

6.1
2023-01-07 CVE-2022-1102 Event Management System Project Cross-site Scripting vulnerability in Event Management System Project Event Management System 1.0

A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0.

6.1
2023-01-07 CVE-2017-20164 Symbiote Open Redirect vulnerability in Symbiote Seed 6.0.0/6.0.1/6.0.2

A vulnerability was found in Symbiote Seed up to 6.0.2.

6.1
2023-01-07 CVE-2015-10028 Pear Programming Project Cross-site Scripting vulnerability in Pear Programming Project Pear Programming

A vulnerability has been found in ss15-this-is-sparta and classified as problematic.

6.1
2023-01-07 CVE-2015-10021 Rimdev Cross-site Scripting vulnerability in Rimdev Definely

A vulnerability was found in ritterim definely.

6.1
2023-01-07 CVE-2020-36644 Inline SVG Project Cross-site Scripting vulnerability in Inline SVG Project Inline SVG

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic.

6.1
2023-01-07 CVE-2015-10019 Mysimplifiedsql Project Cross-site Scripting vulnerability in Mysimplifiedsql Project Mysimplifiedsql

A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL.

6.1
2023-01-06 CVE-2022-45911 Zimbra Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0

An issue was discovered in Zimbra Collaboration (ZCS) 9.0.

6.1
2023-01-06 CVE-2022-45913 Zimbra Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15/9.0.0

An issue was discovered in Zimbra Collaboration (ZCS) 9.0.

6.1
2023-01-06 CVE-2023-22475 Thinkst Cross-site Scripting vulnerability in Thinkst Canarytokens 20190301/20220701

Canarytokens is an open source tool which helps track activity and actions on your network.

6.1
2023-01-06 CVE-2022-44870 Maccms Cross-site Scripting vulnerability in Maccms 10.0

A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.

6.1
2023-01-05 CVE-2021-32828 Hyland Cross-site Scripting vulnerability in Hyland Nuxeo

The Nuxeo Platform is an open source content management platform for building business applications.

6.1
2023-01-05 CVE-2023-22455 Discourse Cross-site Scripting vulnerability in Discourse

Discourse is an option source discussion platform.

6.1
2023-01-05 CVE-2023-22454 Discourse Cross-site Scripting vulnerability in Discourse

Discourse is an option source discussion platform.

6.1
2023-01-05 CVE-2015-10013 Webdevstudios Cross-site Scripting vulnerability in Webdevstudios Taxonomy Switcher 1.0.0/1.0.1

A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress.

6.1
2023-01-05 CVE-2018-25065 Wikimedia Cross-site Scripting vulnerability in Wikimedia Mediawiki-Extensions-I18Ntags

A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic.

6.1
2023-01-05 CVE-2022-4877 Keter Project Cross-site Scripting vulnerability in Keter Project Keter

A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic.

6.1
2023-01-05 CVE-2016-15010 Django Ucamlookup Project Cross-site Scripting vulnerability in Django-Ucamlookup Project Django-Ucamlookup

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1.

6.1
2023-01-05 CVE-2018-25064 Show ME THE WAY Project Cross-site Scripting vulnerability in Show-Me-The-Way Project Show-Me-The-Way

A vulnerability was found in OSM Lab show-me-the-way.

6.1
2023-01-05 CVE-2021-4303 Xataface Project Cross-site Scripting vulnerability in Xataface Project Xataface

A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x.

6.1
2023-01-05 CVE-2019-25095 Ldapcherry Project Cross-site Scripting vulnerability in Ldapcherry Project Ldapcherry

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x.

6.1
2023-01-05 CVE-2019-25096 Extplorer Cross-site Scripting vulnerability in Extplorer

A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic.

6.1
2023-01-05 CVE-2022-34330 IBM Cross-site Scripting vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting.

6.1
2023-01-05 CVE-2022-43525 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.

6.1
2023-01-05 CVE-2022-43526 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.

6.1
2023-01-05 CVE-2022-43527 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.

6.1
2023-01-05 CVE-2023-0057 Pyload
Pyload NG Project
Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.

6.1
2023-01-04 CVE-2022-4876 Kaltura Cross-site Scripting vulnerability in Kaltura Mwembed

A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic.

6.1
2023-01-04 CVE-2021-4302 Phpwcms Cross-site Scripting vulnerability in PHPwcms

A vulnerability was found in slackero phpwcms up to 1.9.26.

6.1
2023-01-04 CVE-2022-4875 Linuxfoundation Cross-site Scripting vulnerability in Linuxfoundation Fossology

A vulnerability has been found in fossology and classified as problematic.

6.1
2023-01-04 CVE-2022-45049 Axiell Cross-site Scripting vulnerability in Axiell Iguana

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser.

6.1
2023-01-04 CVE-2022-45051 Axiell Cross-site Scripting vulnerability in Axiell Iguana

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser.

6.1
2023-01-04 CVE-2022-46456 Nasm Classic Buffer Overflow vulnerability in Nasm Netwide Assembler 2.16/2.16.01

NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.

6.1
2023-01-04 CVE-2023-22461 Sanitize SVG Project Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Sanitize-Svg Project Sanitize-Svg

The `sanitize-svg` package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS.

6.1
2023-01-04 CVE-2014-125039 Neoxplora Project Cross-site Scripting vulnerability in Neoxplora Project Neoxplora

A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora.

6.1
2023-01-04 CVE-2016-15008 Coebot WWW Project Cross-site Scripting vulnerability in Coebot-Www Project Coebot-Www

A vulnerability was found in oxguy3 coebot-www and classified as problematic.

6.1
2023-01-04 CVE-2019-25094 Innologi Cross-site Scripting vulnerability in Innologi Appointment Scheduler

A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3.

6.1
2023-01-03 CVE-2023-22456 Viewvc Cross-site Scripting vulnerability in Viewvc

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29.

6.1
2023-01-03 CVE-2022-4663 Youngtechleads Cross-site Scripting vulnerability in Youngtechleads Members Import 1.4.2

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping.

6.1
2023-01-03 CVE-2023-0038 AYS PRO Unspecified vulnerability in Ays-Pro Survey Maker

The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping.

6.1
2023-01-03 CVE-2012-10003 Rivettracker Project Cross-site Scripting vulnerability in Rivettracker Project Rivettracker

A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker.

6.1
2023-01-03 CVE-2012-10002 Rivettracker Project Cross-site Scripting vulnerability in Rivettracker Project Rivettracker 20120303

A vulnerability was found in ahmyi RivetTracker.

6.1
2023-01-03 CVE-2022-3614 Octopus Open Redirect vulnerability in Octopus Server

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.

6.1
2023-01-02 CVE-2022-0801 Google Cross-site Scripting vulnerability in Google Chrome

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page.

6.1
2023-01-02 CVE-2022-3863 Google Use After Free vulnerability in Google Chrome

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.1
2023-01-02 CVE-2022-4329 Product List Widget FOR Woocommerce Project Unspecified vulnerability in Product List Widget for Woocommerce Project Product List Widget for Woocommerce

The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).

6.1
2023-01-02 CVE-2022-4369 Wplite Cross-site Scripting vulnerability in Wplite Wp-Lister Lite for Amazon

The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin.

6.1
2023-01-02 CVE-2015-10010 Cisco Cross-site Scripting vulnerability in Cisco Openresolve

A vulnerability was found in OpenDNS OpenResolve.

6.1
2023-01-02 CVE-2014-125035 Jobs Plugin Project Cross-site Scripting vulnerability in Jobs-Plugin Project Jobs-Plugin

A vulnerability classified as problematic was found in Jobs-Plugin.

6.1
2023-01-02 CVE-2022-48197 YUI Project Cross-site Scripting vulnerability in YUI Project YUI 2000/2800

Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.

6.1
2023-01-02 CVE-2014-125034 Contact APP Project Cross-site Scripting vulnerability in Contact APP Project Contact APP

A vulnerability has been found in stiiv contact_app and classified as problematic.

6.1
2023-01-02 CVE-2015-10007 Weipdcrm Project Cross-site Scripting vulnerability in Weipdcrm Project Weipdcrm

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic.

6.1
2023-01-02 CVE-2014-125031 Teknet Project Cross-site Scripting vulnerability in Teknet Project Teknet

A vulnerability was found in kirill2485 TekNet.

6.1
2023-01-07 CVE-2016-15014 Cesnet Insufficiently Protected Credentials vulnerability in Cesnet Theme-Cesnet

A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic.

5.5
2023-01-07 CVE-2023-0114 Netis Systems Cleartext Storage in a File or on Disk vulnerability in Netis-Systems Netcore Router Firmware

A vulnerability was found in Netis Netcore Router.

5.5
2023-01-06 CVE-2022-45787 Apache Cleartext Storage of Sensitive Information vulnerability in Apache James

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users.

5.5
2023-01-06 CVE-2022-45935 Apache Exposure of Resource to Wrong Sphere vulnerability in Apache James

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit.

5.5
2023-01-05 CVE-2021-40341 Hitachienergy Inadequate Encryption Strength vulnerability in Hitachienergy Foxman-Un and Unem

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements.

5.5
2023-01-05 CVE-2022-3928 Hitachienergy Use of Hard-coded Credentials vulnerability in Hitachienergy Foxman-Un and Unem

Hardcoded credential is found in affected products' message queue.

5.5
2023-01-05 CVE-2022-23546 Discourse Information Exposure vulnerability in Discourse

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information.

5.5
2023-01-05 CVE-2022-47662 Gpac Uncontrolled Recursion vulnerability in Gpac

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662

5.5
2023-01-05 CVE-2022-46489 Gpac Memory Leak vulnerability in Gpac

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.

5.5
2023-01-05 CVE-2022-46490 Gpac Memory Leak vulnerability in Gpac

GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.

5.5
2023-01-05 CVE-2022-47086 Gpac Unspecified vulnerability in Gpac

GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c

5.5
2023-01-05 CVE-2022-43540 Arubanetworks Unspecified vulnerability in Arubanetworks Clearpass Policy Manager

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information.

5.5
2023-01-04 CVE-2022-46457 Nasm Unspecified vulnerability in Nasm Netwide Assembler 2.16

NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.

5.5
2023-01-04 CVE-2022-38678 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In contacts service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-38682 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In contacts service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-38683 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In contacts service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-38684 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In contacts service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-39104 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In contacts service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-39116 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-01-04 CVE-2022-39118 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-01-04 CVE-2022-44422 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In music service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44423 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In music service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44424 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In music service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44425 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44426 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44427 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44428 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44429 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44430 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44431 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44432 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44434 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In messaging service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44435 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In messaging service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44436 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In messaging service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44437 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In messaging service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44438 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In messaging service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44439 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In messaging service, there is a missing permission check.

5.5
2023-01-04 CVE-2022-44440 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44441 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44442 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

5.5
2023-01-04 CVE-2022-44443 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44444 Google Integer Underflow (Wrap or Wraparound) vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44445 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-04 CVE-2022-44446 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing bounds check.

5.5
2023-01-08 CVE-2022-4881 Pac3 Project Cross-site Scripting vulnerability in Pac3 Project Pac3

A vulnerability was found in CapsAdmin PAC3.

5.4
2023-01-07 CVE-2023-0106 Usememos Cross-site Scripting vulnerability in Usememos Memos

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4
2023-01-07 CVE-2023-0107 Usememos Cross-site Scripting vulnerability in Usememos Memos

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4
2023-01-07 CVE-2023-0108 Usememos Cross-site Scripting vulnerability in Usememos Memos

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4
2023-01-07 CVE-2023-0110 Usememos Cross-site Scripting vulnerability in Usememos Memos

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4
2023-01-07 CVE-2023-0111 Usememos Cross-site Scripting vulnerability in Usememos Memos

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4
2023-01-07 CVE-2023-0112 Usememos Cross-site Scripting vulnerability in Usememos Memos

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4
2023-01-06 CVE-2022-39072 ZTE SQL Injection vulnerability in ZTE Mf286R Firmware and Mf289D Firmware

There is a SQL injection vulnerability in Some ZTE Mobile Internet products.

5.4
2023-01-06 CVE-2014-125048 Kluks Session Fixation vulnerability in Kluks Xingwall

A vulnerability, which was classified as critical, has been found in kassi xingwall.

5.4
2023-01-05 CVE-2022-43524 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface.

5.4
2023-01-05 CVE-2022-43529 Arubanetworks Session Fixation vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event.

5.4
2023-01-04 CVE-2023-22466 Tokio Improper Initialization vulnerability in Tokio

Tokio is a runtime for writing applications with Rust.

5.4
2023-01-04 CVE-2021-38928 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

5.4
2023-01-04 CVE-2022-22352 IBM Cross-site Scripting vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting.

5.4
2023-01-04 CVE-2022-46180 Discourse Cross-site Scripting vulnerability in Discourse Mermaid

Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax.

5.4
2023-01-04 CVE-2023-22464 Viewvc Cross-site Scripting vulnerability in Viewvc

ViewVC is a browser interface for CVS and Subversion version control repositories.

5.4
2023-01-03 CVE-2022-42710 Niceforyou Cross-site Scripting vulnerability in Niceforyou Linear Emerge E3 Access Control Firmware

Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).

5.4
2023-01-03 CVE-2022-42471 Fortinet Injection vulnerability in Fortinet Fortiweb

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

5.4
2023-01-02 CVE-2021-21200 Google Out-of-bounds Read vulnerability in Google Chrome

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

5.4
2023-01-02 CVE-2022-4114 Apusthemes Unspecified vulnerability in Apusthemes Superio

The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks.

5.4
2023-01-02 CVE-2022-4362 Code Atlantic Unspecified vulnerability in Code-Atlantic Popup Maker

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

5.4
2023-01-02 CVE-2022-4381 Code Atlantic Unspecified vulnerability in Code-Atlantic Popup Maker

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

5.4
2023-01-02 CVE-2019-25093 Recent Threads ON Index Project Cross-site Scripting vulnerability in Recent Threads on Index Project Recent Threads on Index

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index.

5.4
2023-01-08 CVE-2016-15015 Paysafe Information Exposure Through Discrepancy vulnerability in Paysafe Barzahlen Payment Module PHP SDK

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0.

5.3
2023-01-08 CVE-2014-125068 Maps JS Icoads Project Path Traversal vulnerability in Maps-Js-Icoads Project Maps-Js-Icoads

A vulnerability was found in saxman maps-js-icoads and classified as critical.

5.3
2023-01-08 CVE-2014-125069 Maps JS Icoads Project Path Traversal vulnerability in Maps-Js-Icoads Project Maps-Js-Icoads

A vulnerability was found in saxman maps-js-icoads.

5.3
2023-01-08 CVE-2015-10030 Surpass Project Path Traversal vulnerability in Surpass Project Surpass

A vulnerability has been found in SUKOHI Surpass and classified as critical.

5.3
2023-01-08 CVE-2020-36647 Yunohost Path Traversal vulnerability in Yunohost Transmission YNH

A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh.

5.3
2023-01-07 CVE-2014-125056 Pylonsproject Information Exposure Through Timing Discrepancy vulnerability in Pylonsproject Horus

A vulnerability was found in Pylons horus and classified as problematic.

5.3
2023-01-07 CVE-2014-125055 Easy Script Project Information Exposure Through Timing Discrepancy vulnerability in Easy-Script Project Easy-Script

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt.

5.3
2023-01-06 CVE-2019-25099 Afkmods Path Traversal vulnerability in Afkmods Qsf-Portal

A vulnerability classified as critical was found in Arthmoor QSF-Portal.

5.3
2023-01-06 CVE-2022-4878 Jatos Path Traversal vulnerability in Jatos

A vulnerability classified as critical has been found in JATOS.

5.3
2023-01-05 CVE-2022-47543 Siren Unspecified vulnerability in Siren Investigate

An issue was discovered in Siren Investigate before 12.1.7.

5.3
2023-01-05 CVE-2023-22453 Discourse Information Exposure vulnerability in Discourse

Discourse is an option source discussion platform.

5.3
2023-01-05 CVE-2022-43573 IBM Information Exposure vulnerability in IBM products

IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects.

5.3
2023-01-05 CVE-2017-20162 Vercel Unspecified vulnerability in Vercel MS

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x.

5.3
2023-01-05 CVE-2023-22622 Wordpress Unspecified vulnerability in Wordpress

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.

5.3
2023-01-04 CVE-2023-0055 Pyload Cleartext Transmission of Sensitive Information vulnerability in Pyload 0.5.0

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.

5.3
2023-01-04 CVE-2023-22465 Typelevel Improper Input Validation vulnerability in Typelevel Http4S

Http4s is a Scala interface for HTTP services.

5.3
2023-01-02 CVE-2022-4057 Optimizingmatters Forced Browsing vulnerability in Optimizingmatters Autooptimize

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.

5.3
2023-01-02 CVE-2022-4340 Reputeinfosystems Unspecified vulnerability in Reputeinfosystems Bookingpress

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.

5.3
2023-01-02 CVE-2022-4417 Cerber Unspecified vulnerability in Cerber WP Cerber Security, Anti-Spam & Malware Scan

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users

5.3
2023-01-02 CVE-2016-15006 Enigmax Project Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Enigmax Project Enigmax

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2.

5.3
2023-01-05 CVE-2023-0087 Swifty Page Manager Project Unspecified vulnerability in Swifty Page Manager Project Swifty Page Manager 3.0.1

The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spm_plugin_options_page_tree_max_width’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping.

4.8
2023-01-05 CVE-2022-43532 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Clearpass Policy Manager

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface.

4.8
2023-01-03 CVE-2022-41336 Fortinet Cross-site Scripting vulnerability in Fortinet Fortiportal

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.

4.8
2023-01-02 CVE-2022-3936 Wpdarko Unspecified vulnerability in Wpdarko Team Members

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in a multisite setup).

4.8
2023-01-02 CVE-2022-4119 Sirv Unspecified vulnerability in Sirv Image Optimizer, Resizer and CDN

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-01-02 CVE-2022-4142 Wordpress Filter Gallery Project Unspecified vulnerability in Wordpress Filter Gallery Project Wordpress Filter Gallery

The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled.

4.8
2023-01-02 CVE-2022-4198 WP Social Sharing Project Unspecified vulnerability in WP Social Sharing Project WP Social Sharing

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-01-02 CVE-2022-4200 Miniorange Unspecified vulnerability in Miniorange Login With Cognito

The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-01-02 CVE-2022-4256 Themesgrove Unspecified vulnerability in Themesgrove All-In-One Addons for Elementor

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-01-02 CVE-2022-4260 WP BAN Project Unspecified vulnerability in Wp-Ban Project Wp-Ban

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-01-05 CVE-2022-41740 IBM Cleartext Storage of Sensitive Information vulnerability in IBM products

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory.

4.6
2023-01-05 CVE-2022-43539 Arubanetworks Unspecified vulnerability in Arubanetworks Clearpass Policy Manager

A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information.

4.5
2023-01-05 CVE-2022-4432 Lenovo Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

4.4
2023-01-05 CVE-2022-4433 Lenovo Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

4.4
2023-01-05 CVE-2022-4434 Lenovo Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.

4.4
2023-01-05 CVE-2022-4435 Lenovo Out-of-bounds Read vulnerability in Lenovo Thinkpad X13S Firmware 1.46

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

4.4
2023-01-03 CVE-2022-32639 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0

In watchdog, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-01-07 CVE-2014-125054 Reddit ON Rails Project Improper Access Control vulnerability in Reddit-On-Rails Project Reddit-On-Rails

A vulnerability classified as critical was found in koroket RedditOnRails.

4.3
2023-01-02 CVE-2022-4025 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page.

4.3
2023-01-02 CVE-2022-3994 Authenticator Project Unspecified vulnerability in Authenticator Project Authenticator

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations.

4.3
2023-01-02 CVE-2014-125036 Ansible NTP Project Unspecified vulnerability in Ansible-Ntp Project Ansible-Ntp

A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp.

4.3
2023-01-03 CVE-2022-32645 Google Improper Synchronization vulnerability in Google Android 11.0/12.0/13.0

In vow, there is a possible information disclosure due to a race condition.

4.1

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-05 CVE-2022-46168 Discourse Privacy Violation vulnerability in Discourse

Discourse is an option source discussion platform.

3.5
2023-01-02 CVE-2022-4109 Cedcommerce Unspecified vulnerability in Cedcommerce Wholesale Market for Woocommerce 1.0.7/1.0.8

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite)

2.7