Weekly Vulnerabilities Reports > January 16 to 22, 2023
Overview
483 new vulnerabilities reported during this period, including 94 critical vulnerabilities and 169 high severity vulnerabilities. This weekly summary report vulnerabilities in 524 products from 236 vendors including Oracle, Cisco, Adobe, Dell, and Apache. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "OS Command Injection", "Improper Input Validation", and "Out-of-bounds Write".
- 404 reported vulnerabilities are remotely exploitables.
- 163 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 277 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 74 reported vulnerabilities.
- Totolink has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
94 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-22 | CVE-2023-0435 | Pyload | Unspecified vulnerability in Pyload Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. | 9.8 |
2023-01-21 | CVE-2023-22884 | Apache | Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | 9.8 |
2023-01-20 | CVE-2023-24028 | Misp Project | Unspecified vulnerability in Misp-Project Misp 2.4.167 In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. | 9.8 |
2023-01-20 | CVE-2023-23607 | Dasherr Project | Unrestricted Upload of File with Dangerous Type vulnerability in Dasherr Project Dasherr erohtar/Dasherr is a dashboard for self-hosted services. | 9.8 |
2023-01-20 | CVE-2020-21152 | Inxedu | SQL Injection vulnerability in Inxedu 2.0.6 SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction. | 9.8 |
2023-01-20 | CVE-2020-22653 | Ruckuswireless | Unspecified vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature. | 9.8 |
2023-01-20 | CVE-2020-22654 | Ruckuswireless | Unspecified vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to bypass firmware image bad md5 checksum failed error. | 9.8 |
2023-01-20 | CVE-2020-22658 | Ruckuswireless | Unspecified vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image. | 9.8 |
2023-01-20 | CVE-2020-23256 | Electerm Project | Unspecified vulnerability in Electerm Project Electerm 1.3.22 An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service. | 9.8 |
2023-01-20 | CVE-2020-29297 | Online Food Ordering System Project | SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0 Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. | 9.8 |
2023-01-20 | CVE-2022-48120 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0/4.0 SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. | 9.8 |
2023-01-20 | CVE-2022-48152 | Remoteclinic | SQL Injection vulnerability in Remoteclinic Remote Clinic 2.0 SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php. | 9.8 |
2023-01-20 | CVE-2023-23488 | Strangerstudios | SQL Injection vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. | 9.8 |
2023-01-20 | CVE-2023-23489 | Sandhillsdev | SQL Injection vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. | 9.8 |
2023-01-20 | CVE-2021-26642 | Xpressengine | Unrestricted Upload of File with Dangerous Type vulnerability in Xpressengine When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. | 9.8 |
2023-01-20 | CVE-2021-26644 | Mangboard | SQL Injection vulnerability in Mangboard WP 2.0.3 SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. | 9.8 |
2023-01-20 | CVE-2022-48121 | Totolink | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | 9.8 |
2023-01-20 | CVE-2022-48122 | Totolink | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | 9.8 |
2023-01-20 | CVE-2022-48123 | Totolink | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. | 9.8 |
2023-01-20 | CVE-2022-48124 | Totolink | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. | 9.8 |
2023-01-20 | CVE-2022-48125 | Totolink | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. | 9.8 |
2023-01-20 | CVE-2022-48126 | Totolink | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. | 9.8 |
2023-01-20 | CVE-2023-20025 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. | 9.8 |
2023-01-19 | CVE-2022-46476 | Dlink | OS Command Injection vulnerability in Dlink Dir-859 A1 Firmware 1.05 D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | 9.8 |
2023-01-19 | CVE-2023-22741 | Signalwire | Classic Buffer Overflow vulnerability in Signalwire Sofia-Sip Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. | 9.8 |
2023-01-19 | CVE-2022-46887 | Nexusphp | SQL Injection vulnerability in Nexusphp 1.5 Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php. | 9.8 |
2023-01-19 | CVE-2022-47740 | Seltmann Webdesign | SQL Injection vulnerability in Seltmann-Webdesign Content Management System 6.0 Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. | 9.8 |
2023-01-19 | CVE-2022-47105 | Jeecg | SQL Injection vulnerability in Jeecg Boot 3.4.4 Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | 9.8 |
2023-01-19 | CVE-2013-10014 | 2Moons Project | SQL Injection vulnerability in 2Moons Project 2Moons A vulnerability classified as critical has been found in oktora24 2moons. | 9.8 |
2023-01-19 | CVE-2014-125083 | Anant | SQL Injection vulnerability in Anant Google-Enterprise-Connector-Dctm A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. | 9.8 |
2023-01-19 | CVE-2015-10070 | Twiddit Project | SQL Injection vulnerability in Twiddit Project Twiddit A vulnerability was found in copperwall Twiddit. | 9.8 |
2023-01-19 | CVE-2015-10069 | Cash Machine Project | SQL Injection vulnerability in Cash-Machine Project Cash-Machine A vulnerability was found in viakondratiuk cash-machine. | 9.8 |
2023-01-19 | CVE-2017-20174 | Getkirby | Injection vulnerability in Getkirby Webmentions A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. | 9.8 |
2023-01-18 | CVE-2010-10009 | Ptome Project | SQL Injection vulnerability in Ptome Project Ptome A vulnerability was found in frioux ptome. | 9.8 |
2023-01-18 | CVE-2020-35326 | Inxedu | SQL Injection vulnerability in Inxedu 2.0.6 SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value. | 9.8 |
2023-01-18 | CVE-2022-47966 | Zohocorp | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
2023-01-18 | CVE-2011-10001 | Phoenixcf Project | SQL Injection vulnerability in Phoenixcf Project Phoenixcf A vulnerability was found in iamdroppy phoenixcf. | 9.8 |
2023-01-18 | CVE-2012-10006 | Sigeprosi Project | SQL Injection vulnerability in Sigeprosi Project Sigeprosi A vulnerability classified as critical has been found in ale7714 sigeprosi. | 9.8 |
2023-01-18 | CVE-2017-20173 | Contentmap Project | SQL Injection vulnerability in Contentmap Project Contentmap A vulnerability was found in AlexRed contentmap. | 9.8 |
2023-01-18 | CVE-2017-20172 | Soundslike Project | SQL Injection vulnerability in Soundslike Project Soundslike A vulnerability was found in ridhoq soundslike. | 9.8 |
2023-01-18 | CVE-2022-41417 | Blogengine | Missing Authorization vulnerability in Blogengine Blogengine.Net 3.3.8.0 BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/. | 9.8 |
2023-01-18 | CVE-2015-10068 | Movify J Project | SQL Injection vulnerability in Movify-J Project Movify-J A vulnerability classified as critical was found in danynab movify-j. | 9.8 |
2023-01-18 | CVE-2022-34442 | Dell | Use of Hard-coded Credentials vulnerability in Dell EMC Secure Connect Gateway Policy Manager 5.10.00.00/5.12.00.00 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. | 9.8 |
2023-01-18 | CVE-2010-10007 | Click Reminder Project | SQL Injection vulnerability in Click-Reminder Project Click-Reminder ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. | 9.8 |
2023-01-18 | CVE-2022-41989 | Sewio | Out-of-bounds Write vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. | 9.8 |
2023-01-18 | CVE-2022-45444 | Sewio | Use of Hard-coded Credentials vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. | 9.8 |
2023-01-18 | CVE-2014-125082 | Redports Project | SQL Injection vulnerability in Redports Project Redports A vulnerability was found in nivit redports. | 9.8 |
2023-01-18 | CVE-2015-10066 | Wuersch Project | SQL Injection vulnerability in Wuersch Project Wuersch A vulnerability was found in tynx wuersch and classified as critical. | 9.8 |
2023-01-18 | CVE-2022-46732 | GE | Unspecified vulnerability in GE Proficy Historian Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | 9.8 |
2023-01-18 | CVE-2023-21890 | Oracle | Unspecified vulnerability in Oracle Communications Converged Application Server 7.1.0/8.0.0 Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). | 9.8 |
2023-01-17 | CVE-2014-125081 | Debutsav Project | SQL Injection vulnerability in Debutsav Project Debutsav A vulnerability, which was classified as critical, has been found in risheesh debutsav. | 9.8 |
2023-01-17 | CVE-2015-10065 | Find Project | Classic Buffer Overflow vulnerability in Find Project Find A vulnerability classified as critical was found in AenBleidd FiND. | 9.8 |
2023-01-17 | CVE-2017-20171 | Apersistence Project | SQL Injection vulnerability in Apersistence Project Apersistence A vulnerability classified as critical has been found in PrivateSky apersistence. | 9.8 |
2023-01-17 | CVE-2022-23521 | GIT SCM | Integer Overflow or Wraparound vulnerability in Git-Scm GIT Git is distributed revision control system. | 9.8 |
2023-01-17 | CVE-2022-41903 | GIT SCM | Integer Overflow or Wraparound vulnerability in Git-Scm GIT Git is distributed revision control system. | 9.8 |
2023-01-17 | CVE-2023-22732 | Shopware | Insufficient Session Expiration vulnerability in Shopware Shopware is an open source commerce platform based on Symfony Framework and Vue js. | 9.8 |
2023-01-17 | CVE-2022-43976 | GE | Unspecified vulnerability in GE MS 3000 Firmware An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. | 9.8 |
2023-01-17 | CVE-2022-43977 | GE | Unspecified vulnerability in GE MS 3000 Firmware An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. | 9.8 |
2023-01-17 | CVE-2022-46475 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-645 Firmware 1.06B01Beta01 D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | 9.8 |
2023-01-17 | CVE-2023-22727 | Cakephp | SQL Injection vulnerability in Cakephp CakePHP is a development framework for PHP web apps. | 9.8 |
2023-01-17 | CVE-2015-10062 | Galaxyproject | Injection vulnerability in Galaxyproject Galaxy A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. | 9.8 |
2023-01-17 | CVE-2015-10063 | Theradsystem Project | SQL Injection vulnerability in Theradsystem Project Theradsystem A vulnerability was found in saemorris TheRadSystem and classified as critical. | 9.8 |
2023-01-17 | CVE-2015-10064 | Pokemon Database PHP Project | SQL Injection vulnerability in Pokemon-Database-PHP Project Pokemon-Database-PHP A vulnerability was found in VictorFerraresi pokemon-database-php. | 9.8 |
2023-01-17 | CVE-2022-23739 | Github | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. | 9.8 |
2023-01-17 | CVE-2022-47853 | Totolink | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. | 9.8 |
2023-01-17 | CVE-2013-10013 | Authenticator Plugin Project | SQL Injection vulnerability in Authenticator Plugin Project Authenticator Plugin A vulnerability was found in Bricco Authenticator Plugin. | 9.8 |
2023-01-17 | CVE-2015-10061 | Trabalho Web2 Project | SQL Injection vulnerability in Trabalho-Web2 Project Trabalho-Web2 A vulnerability was found in evandro-machado Trabalho-Web2. | 9.8 |
2023-01-17 | CVE-2016-15021 | Columbia | SQL Injection vulnerability in Columbia ALS Data Browser 1 A vulnerability was found in nickzren alsdb. | 9.8 |
2023-01-17 | CVE-2017-20170 | Parontalli Project | SQL Injection vulnerability in Parontalli Project Parontalli A vulnerability was found in ollpu parontalli. | 9.8 |
2023-01-17 | CVE-2015-10060 | Mnbikeways Database Project | SQL Injection vulnerability in Mnbikeways Database Project Mnbikeways Database A vulnerability was found in MNBikeways database and classified as critical. | 9.8 |
2023-01-17 | CVE-2023-22279 | ATE Mahoroba | OS Command Injection vulnerability in Ate-Mahoroba products MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command. | 9.8 |
2023-01-17 | CVE-2023-22303 | TP Link | Improper Authentication vulnerability in Tp-Link Tl-Sg105Pe Firmware 1.0.0 TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. | 9.8 |
2023-01-17 | CVE-2023-22357 | Omron | Unspecified vulnerability in Omron Cp1L-El20Dr-D Firmware Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. | 9.8 |
2023-01-17 | CVE-2023-0332 | Online Food Ordering System Project | SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. | 9.8 |
2023-01-16 | CVE-2015-10056 | Vinylmaps Project | SQL Injection vulnerability in Vinylmaps Project Vinylmaps A vulnerability was found in 2071174A vinylmap. | 9.8 |
2023-01-16 | CVE-2015-10057 | Little Apps | Improper Access Control vulnerability in Little-Apps Little Software Stats A vulnerability was found in Little Apps Little Software Stats. | 9.8 |
2023-01-16 | CVE-2014-125080 | Faplanet Project | Path Traversal vulnerability in Faplanet Project Faplanet A vulnerability has been found in frontaccounting faplanet and classified as critical. | 9.8 |
2023-01-16 | CVE-2015-10054 | P2Manage Project | SQL Injection vulnerability in P2Manage Project P2Manage A vulnerability, which was classified as critical, was found in githuis P2Manage. | 9.8 |
2023-01-16 | CVE-2015-10055 | Picturethiswebserver Project | SQL Injection vulnerability in Picturethiswebserver Project Picturethiswebserver A vulnerability was found in PictureThisWebServer and classified as critical. | 9.8 |
2023-01-16 | CVE-2022-4060 | Odude | Unspecified vulnerability in Odude User Post Gallery 2.19 The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. | 9.8 |
2023-01-16 | CVE-2022-4447 | Fontsy Project | Unspecified vulnerability in Fontsy Project Fontsy 1.8.6 The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |
2023-01-16 | CVE-2023-0324 | Online Tours Travels Management System Project | SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0 A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. | 9.8 |
2023-01-16 | CVE-2022-4890 | Predictapp Project | Deserialization of Untrusted Data vulnerability in Predictapp Project Predictapp A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. | 9.8 |
2023-01-16 | CVE-2015-10053 | Prodigasistemas | SQL Injection vulnerability in Prodigasistemas Curupira A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. | 9.8 |
2023-01-16 | CVE-2018-25076 | Events Project | SQL Injection vulnerability in Events Project Events A vulnerability classified as critical was found in Events Extension on BigTree. | 9.8 |
2023-01-16 | CVE-2021-4313 | Nethserver Phonenehome Project | SQL Injection vulnerability in Nethserver-Phonenehome Project Nethserver-Phonenehome A vulnerability was found in NethServer phonenehome. | 9.8 |
2023-01-16 | CVE-2013-10012 | Clan7Ups Project | SQL Injection vulnerability in Clan7Ups Project Clan7Ups A vulnerability, which was classified as critical, was found in antonbolling clan7ups. | 9.8 |
2023-01-16 | CVE-2016-15020 | Liftkit Database Library Project | SQL Injection vulnerability in Liftkit Database Library Project Liftkit Database Library A vulnerability was found in liftkit database up to 2.13.1. | 9.8 |
2023-01-18 | CVE-2022-46733 | Sewio | Cross-site Scripting vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. | 9.6 |
2023-01-20 | CVE-2020-22657 | Ruckuswireless | Improper Authentication vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass. | 9.1 |
2023-01-20 | CVE-2023-22964 | Zohocorp | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.6/13.0 Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. | 9.1 |
2023-01-20 | CVE-2022-40267 | Mitsubishielectric | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishielectric products Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers. | 9.1 |
2023-01-16 | CVE-2022-4101 | Images Optimize AND Upload CF7 Project | Unspecified vulnerability in Images Optimize and Upload CF7 Project Images Optimize and Upload CF7 2.1.4 The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack. | 9.1 |
2023-01-17 | CVE-2022-36760 | Apache | HTTP Request Smuggling vulnerability in Apache Http Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. | 9.0 |
169 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-21 | CVE-2020-36655 | Yiiframework | Code Injection vulnerability in Yiiframework GII Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. | 8.8 |
2023-01-20 | CVE-2023-0052 | Sauter Controls | Missing Authentication for Critical Function vulnerability in Sauter-Controls products SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. | 8.8 |
2023-01-20 | CVE-2023-22726 | ACT Project | Path Traversal vulnerability in ACT Project ACT act is a project which allows for local running of github actions. | 8.8 |
2023-01-20 | CVE-2022-3918 | Apple | Injection vulnerability in Apple Swift Foundation A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. | 8.8 |
2023-01-20 | CVE-2021-29368 | Cuppacms | Session Fixation vulnerability in Cuppacms Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. | 8.8 |
2023-01-20 | CVE-2022-45748 | Assimp | Use After Free vulnerability in Assimp 5.1.4 An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp. | 8.8 |
2023-01-20 | CVE-2023-0101 | Tenable | Improper Privilege Management vulnerability in Tenable Nessus A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. | 8.8 |
2023-01-20 | CVE-2023-23490 | AYS PRO | SQL Injection vulnerability in Ays-Pro Survey Maker The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. | 8.8 |
2023-01-20 | CVE-2023-23492 | Idehweb | SQL Injection vulnerability in Idehweb Login With Phone Number The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. | 8.8 |
2023-01-20 | CVE-2023-23596 | Jc21 | OS Command Injection vulnerability in Jc21 Nginx Proxy Manager jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. | 8.8 |
2023-01-20 | CVE-2023-23691 | Dell | HTTP Request Smuggling vulnerability in Dell products Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. | 8.8 |
2023-01-20 | CVE-2022-20964 | Cisco | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. | 8.8 |
2023-01-20 | CVE-2023-20010 | Cisco | SQL Injection vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. | 8.8 |
2023-01-20 | CVE-2023-20038 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco Industrial Network Director A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. | 8.8 |
2023-01-19 | CVE-2022-47766 | Popojicms | Unrestricted Upload of File with Dangerous Type vulnerability in Popojicms 2.0.1 PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. | 8.8 |
2023-01-19 | CVE-2022-47745 | Easycorp | SQL Injection vulnerability in Easycorp Zentao ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. | 8.8 |
2023-01-18 | CVE-2022-45923 | Opentext | Deserialization of Untrusted Data vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
2023-01-18 | CVE-2022-45927 | Opentext | Authorization Bypass Through User-Controlled Key vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
2023-01-18 | CVE-2023-0164 | Orangescrum | OS Command Injection vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. | 8.8 |
2023-01-18 | CVE-2022-45922 | Opentext | Unspecified vulnerability in Opentext Extended ECM 21.1/22.1 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
2023-01-18 | CVE-2022-45926 | Opentext | Server-Side Request Forgery (SSRF) vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
2023-01-18 | CVE-2022-45928 | Opentext | Unspecified vulnerability in Opentext Extended ECM A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
2023-01-18 | CVE-2023-0242 | Rapid7 | Missing Authorization vulnerability in Rapid7 Velociraptor Rapid7 Velociraptor allows users to be created with different privileges on the server. | 8.8 |
2023-01-18 | CVE-2022-34456 | Dell | Code Injection vulnerability in Dell EMC Metro Node Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. | 8.8 |
2023-01-18 | CVE-2023-21832 | Oracle | Unspecified vulnerability in Oracle BI Publisher 12.2.1.4.0/5.9.0.0.0/6.4.0.0.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). | 8.8 |
2023-01-18 | CVE-2023-21846 | Oracle | Unspecified vulnerability in Oracle BI Publisher 12.2.1.4.0/5.9.0.0.0/6.4.0.0.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). | 8.8 |
2023-01-18 | CVE-2023-21848 | Oracle | Unspecified vulnerability in Oracle Communications Convergence 3.0.3.1.0 Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). | 8.8 |
2023-01-17 | CVE-2023-22731 | Shopware | Code Injection vulnerability in Shopware Shopware is an open source commerce platform based on Symfony Framework and Vue js. | 8.8 |
2023-01-17 | CVE-2022-4621 | Panasonic | Cross-Site Request Forgery (CSRF) vulnerability in Panasonic products Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges. | 8.8 |
2023-01-17 | CVE-2022-46891 | ARM | Use After Free vulnerability in ARM products An issue was discovered in the Arm Mali GPU Kernel Driver. | 8.8 |
2023-01-17 | CVE-2022-30544 | Hyumika | Cross-Site Request Forgery (CSRF) vulnerability in Hyumika Openstreetmap Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions. | 8.8 |
2023-01-16 | CVE-2022-43719 | Apache | Cross-Site Request Forgery (CSRF) vulnerability in Apache Superset Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. | 8.8 |
2023-01-16 | CVE-2023-0315 | Froxlor | Command Injection vulnerability in Froxlor Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | 8.8 |
2023-01-20 | CVE-2023-20020 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. | 8.6 |
2023-01-20 | CVE-2021-37500 | Reprisesoftware | Path Traversal vulnerability in Reprisesoftware Reprise License Manager Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | 8.1 |
2023-01-18 | CVE-2022-45924 | Opentext | Unspecified vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.1 |
2023-01-18 | CVE-2015-10067 | Ssharpsmartthreadpool Project | Race Condition vulnerability in Ssharpsmartthreadpool Project Ssharpsmartthreadpool A vulnerability was found in oznetmaster SSharpSmartThreadPool. | 8.1 |
2023-01-18 | CVE-2022-45127 | Sewio | Cross-Site Request Forgery (CSRF) vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. | 8.1 |
2023-01-18 | CVE-2022-47395 | Sewio | Cross-Site Request Forgery (CSRF) vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. | 8.1 |
2023-01-18 | CVE-2022-46331 | GE | Unspecified vulnerability in GE Proficy Historian An unauthorized user could possibly delete any file on the system. | 8.1 |
2023-01-18 | CVE-2023-21828 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). | 8.1 |
2023-01-18 | CVE-2023-21862 | Oracle | Unspecified vulnerability in Oracle web Services Manager 12.2.1.4.0 Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: XML Security component). | 8.1 |
2023-01-18 | CVE-2023-21886 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.1 |
2023-01-17 | CVE-2023-22286 | ATE Mahoroba | Cross-Site Request Forgery (CSRF) vulnerability in Ate-Mahoroba products Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in. | 8.1 |
2023-01-19 | CVE-2021-37774 | TP Link | Unspecified vulnerability in Tp-Link Tl-Wdr7660 Firmware 2.0.30 An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. | 8.0 |
2023-01-17 | CVE-2022-2251 | Gitlab | OS Command Injection vulnerability in Gitlab Runner Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user. | 8.0 |
2023-01-17 | CVE-2022-46648 | Ruby GIT Project Debian | Code Injection vulnerability in multiple products ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. | 8.0 |
2023-01-17 | CVE-2022-47318 | Ruby GIT Project Debian Fedoraproject | ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. | 8.0 |
2023-01-17 | CVE-2023-22304 | Pixela | OS Command Injection vulnerability in Pixela Pix-Rt100 Firmware 2.1.1Eq101/2.1.2Eq101 OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command. | 8.0 |
2023-01-21 | CVE-2023-0433 | VIM | Heap-based Buffer Overflow vulnerability in VIM Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. | 7.8 |
2023-01-21 | CVE-2023-24039 | Opengroup | Out-of-bounds Write vulnerability in Opengroup Common Desktop Environment 1.6 A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. | 7.8 |
2023-01-20 | CVE-2020-25502 | Cybereason | Uncontrolled Search Path Element vulnerability in Cybereason Endpoint Detection and Response 20.2.0 Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges. | 7.8 |
2023-01-20 | CVE-2021-33641 | Openeuler | Use After Free vulnerability in Openeuler Byacc When processing files, malloc stores the data of the current line. | 7.8 |
2023-01-20 | CVE-2022-47021 | Xiph Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts. | 7.8 |
2023-01-20 | CVE-2022-47024 | VIM | NULL Pointer Dereference vulnerability in VIM A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. | 7.8 |
2023-01-20 | CVE-2023-23143 | Gpac | Classic Buffer Overflow vulnerability in Gpac 2.3Devrev1G4669Ba229Master Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. | 7.8 |
2023-01-20 | CVE-2023-23145 | Gpac | Memory Leak vulnerability in Gpac 2.2Rev0Gab012Bbfbmaster GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function. | 7.8 |
2023-01-20 | CVE-2022-25631 | Broadcom | Unspecified vulnerability in Broadcom Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | 7.8 |
2023-01-19 | CVE-2022-3085 | Fujielectric | Stack-based Buffer Overflow vulnerability in Fujielectric Tellus Lite V-Simulator 4.0.12.0 Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code. | 7.8 |
2023-01-18 | CVE-2022-47990 | IBM | Classic Buffer Overflow vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. | 7.8 |
2023-01-18 | CVE-2023-21579 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21604 | Adobe | Stack-based Buffer Overflow vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21605 | Adobe | Heap-based Buffer Overflow vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21606 | Adobe | Out-of-bounds Write vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21607 | Adobe | Improper Input Validation vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21608 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21609 | Adobe | Out-of-bounds Write vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21610 | Adobe | Stack-based Buffer Overflow vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21611 | Adobe | Exposure of Resource to Wrong Sphere vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-21612 | Adobe | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. | 7.8 |
2023-01-18 | CVE-2023-22592 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Robotic Process Automation for Cloud PAK IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. | 7.8 |
2023-01-18 | CVE-2023-22809 | Sudo Project Debian Fedoraproject Apple | Improper Privilege Management vulnerability in multiple products In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. | 7.8 |
2023-01-18 | CVE-2022-34457 | Dell | Incorrect Permission Assignment for Critical Resource vulnerability in Dell Command|Configure Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. | 7.8 |
2023-01-18 | CVE-2022-34462 | Dell | Use of Hard-coded Credentials vulnerability in Dell EMC Secure Connect Gateway Policy Manager 5.10.00.00/5.12.00.00 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. | 7.8 |
2023-01-18 | CVE-2022-32490 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 7.8 |
2023-01-18 | CVE-2022-34460 | Dell | Improper Input Validation vulnerability in Dell products Prior Dell BIOS versions contain an improper input validation vulnerability. | 7.8 |
2023-01-18 | CVE-2023-0358 | Gpac | Use After Free vulnerability in Gpac Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 7.8 |
2023-01-17 | CVE-2022-41953 | GIT SCM | Untrusted Search Path vulnerability in Git-Scm GIT Git GUI is a convenient graphical tool that comes with Git for Windows. | 7.8 |
2023-01-17 | CVE-2022-3650 | Redhat | Unspecified vulnerability in Redhat Ceph 16.2.9 A privilege escalation flaw was found in Ceph. | 7.8 |
2023-01-17 | CVE-2023-22366 | Omron | Access of Uninitialized Pointer vulnerability in Omron Cx-Motion-Mch Firmware CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. | 7.8 |
2023-01-17 | CVE-2022-3087 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Tellus Lite V-Simulator 4.0.12.0 Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. | 7.8 |
2023-01-16 | CVE-2022-4258 | Hima | Unquoted Search Path or Element vulnerability in Hima products In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system. | 7.8 |
2023-01-18 | CVE-2023-21826 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). | 7.6 |
2023-01-17 | CVE-2022-23538 | Sylabs | Insufficiently Protected Credentials vulnerability in Sylabs Singularity Container Services Library github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. | 7.6 |
2023-01-17 | CVE-2023-23637 | Unistra | Cross-site Scripting vulnerability in Unistra Impatient IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. | 7.6 |
2023-01-22 | CVE-2023-0434 | Pyload | Improper Input Validation vulnerability in Pyload Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. | 7.5 |
2023-01-21 | CVE-2023-22617 | Powerdns | Uncontrolled Recursion vulnerability in Powerdns Recursor 4.8.0 A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. | 7.5 |
2023-01-21 | CVE-2023-24042 | Lightftp Project | Race Condition vulnerability in Lightftp Project Lightftp 1.1 A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. | 7.5 |
2023-01-21 | CVE-2023-24038 | Html Stripscripts Project Debian | The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. | 7.5 |
2023-01-20 | CVE-2023-24025 | Pqclean Project | Improper Verification of Cryptographic Signature vulnerability in Pqclean Project Pqclean CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector. | 7.5 |
2023-01-20 | CVE-2022-1109 | Lenovo | Incorrect Default Permissions vulnerability in Lenovo Leyun An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service. | 7.5 |
2023-01-20 | CVE-2020-22655 | Ruckuswireless | Unspecified vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to persistently to writing unauthorized image. | 7.5 |
2023-01-20 | CVE-2020-22656 | Ruckuswireless | Unspecified vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to make the Secure Boot in failed attempts state (rfwd). | 7.5 |
2023-01-20 | CVE-2020-22659 | Ruckuswireless | Unspecified vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature. | 7.5 |
2023-01-20 | CVE-2020-22660 | Ruckuswireless | Unspecified vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to force bypass Secure Boot failed attempts and run temporarily the previous Backup image. | 7.5 |
2023-01-20 | CVE-2020-22662 | Ruckuswireless | Command Injection vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. | 7.5 |
2023-01-20 | CVE-2022-47012 | Solarwinds | Use of Uninitialized Resource vulnerability in Solarwinds Dynamips 0.2.21 Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. | 7.5 |
2023-01-20 | CVE-2022-48279 | Trustwave Debian | Interpretation Conflict vulnerability in multiple products In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. | 7.5 |
2023-01-20 | CVE-2023-24021 | Trustwave Debian | Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | 7.5 |
2023-01-20 | CVE-2022-38112 | Solarwinds | Cleartext Storage of Sensitive Information vulnerability in Solarwinds Database Performance Analyzer In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. | 7.5 |
2023-01-20 | CVE-2022-47732 | Yeastar | Use of Password Hash With Insufficient Computational Effort vulnerability in Yeastar N412 Firmware and N824 Firmware In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device. | 7.5 |
2023-01-20 | CVE-2022-47747 | Uber | Path Traversal vulnerability in Uber Kraken kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. | 7.5 |
2023-01-20 | CVE-2021-27782 | Hcltech | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Bigfix Mobile 2.0 HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | 7.5 |
2023-01-20 | CVE-2023-22331 | Contec | Improper Privilege Management vulnerability in Contec Conprosys HMI System Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. | 7.5 |
2023-01-20 | CVE-2023-22339 | Contec | Unspecified vulnerability in Contec Conprosys HMI System Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | 7.5 |
2023-01-19 | CVE-2023-0126 | Sonicwall | Path Traversal vulnerability in Sonicwall Sma1000 Firmware 12.4.2 Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. | 7.5 |
2023-01-19 | CVE-2015-10071 | Gitter | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitter EZ Publish Modern Legacy A vulnerability was found in gitter-badger ezpublish-modern-legacy. | 7.5 |
2023-01-18 | CVE-2022-45925 | Opentext | Unspecified vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 7.5 |
2023-01-18 | CVE-2023-0040 | Asynchttpclient Project | Injection vulnerability in Asynchttpclient Project Async-Http-Client Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. | 7.5 |
2023-01-18 | CVE-2022-46505 | Matrixssl | Improper Initialization vulnerability in Matrixssl An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. | 7.5 |
2023-01-18 | CVE-2021-33959 | Plex | Origin Validation Error vulnerability in Plex Media Server Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service. | 7.5 |
2023-01-18 | CVE-2021-36630 | Ruckuswireless | Allocation of Resources Without Limits or Throttling vulnerability in Ruckuswireless products DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request. | 7.5 |
2023-01-18 | CVE-2022-34393 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 7.5 |
2023-01-18 | CVE-2022-34401 | Dell | Out-of-bounds Write vulnerability in Dell products Dell BIOS contains a stack based buffer overflow vulnerability. | 7.5 |
2023-01-18 | CVE-2022-25901 | Cookiejar Project | Unspecified vulnerability in Cookiejar Project Cookiejar Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression. | 7.5 |
2023-01-18 | CVE-2018-25077 | MEL Spintax Project | Unspecified vulnerability in Mel-Spintax Project Mel-Spintax A vulnerability was found in melnaron mel-spintax. | 7.5 |
2023-01-18 | CVE-2020-36651 | Nodeserver Project | Path Traversal vulnerability in Nodeserver Project Nodeserver A vulnerability has been found in youngerheart nodeserver and classified as critical. | 7.5 |
2023-01-18 | CVE-2010-10006 | Jopenid Project | Information Exposure Through Timing Discrepancy vulnerability in Jopenid Project Jopenid 1.01/1.05/1.07 A vulnerability, which was classified as problematic, was found in michaelliao jopenid. | 7.5 |
2023-01-18 | CVE-2022-38469 | GE | Insufficiently Protected Credentials vulnerability in GE Proficy Historian An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | 7.5 |
2023-01-18 | CVE-2023-21837 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2023-01-18 | CVE-2023-21838 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2023-01-18 | CVE-2023-21839 | Oracle | Deserialization of Untrusted Data vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2023-01-18 | CVE-2023-21841 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2023-01-18 | CVE-2023-21842 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). | 7.5 |
2023-01-18 | CVE-2023-21849 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). | 7.5 |
2023-01-18 | CVE-2023-21850 | Oracle | Unspecified vulnerability in Oracle Demantra Demand Management 12.1/12.2 Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). | 7.5 |
2023-01-18 | CVE-2023-21851 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 7.5 |
2023-01-18 | CVE-2023-21852 | Oracle | Unspecified vulnerability in Oracle Learning Management 12.2.12/12.2.3/12.2.9 Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: Setup). | 7.5 |
2023-01-18 | CVE-2023-21853 | Oracle | Unspecified vulnerability in Oracle Mobile Field Service Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization). | 7.5 |
2023-01-18 | CVE-2023-21854 | Oracle | Unspecified vulnerability in Oracle Sales Offline 12.2.10/12.2.12/12.2.3 Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components). | 7.5 |
2023-01-18 | CVE-2023-21855 | Oracle | Unspecified vulnerability in Oracle Sales for Handhelds 12.2.12/12.2.3 Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). | 7.5 |
2023-01-18 | CVE-2023-21856 | Oracle | Unspecified vulnerability in Oracle Isetup 12.2.12/12.2.3 Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). | 7.5 |
2023-01-18 | CVE-2023-21857 | Oracle | Unspecified vulnerability in Oracle HCM Common Architecture 12.2.12/12.2.3 Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Auomated Test Suite). | 7.5 |
2023-01-18 | CVE-2023-21858 | Oracle | Unspecified vulnerability in Oracle Collaborative Planning Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: Installation). | 7.5 |
2023-01-18 | CVE-2023-21893 | Oracle | Unspecified vulnerability in Oracle Database Server 19C/21C Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. | 7.5 |
2023-01-17 | CVE-2021-32837 | Mechanize Project | Unspecified vulnerability in Mechanize Project Mechanize mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. | 7.5 |
2023-01-17 | CVE-2023-22730 | Shopware | Improper Input Validation vulnerability in Shopware Shopware is an open source commerce platform based on Symfony Framework and Vue js. | 7.5 |
2023-01-17 | CVE-2023-22734 | Shopware | Improper Input Validation vulnerability in Shopware Shopware is an open source commerce platform based on Symfony Framework and Vue js. | 7.5 |
2023-01-17 | CVE-2022-40319 | Lsoft | Authorization Bypass Through User-Controlled Key vulnerability in Lsoft Listserv 17.0 The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. | 7.5 |
2023-01-17 | CVE-2022-43975 | GE | Path Traversal vulnerability in GE MS 3000 Firmware An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. | 7.5 |
2023-01-17 | CVE-2023-0122 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel 6.0 A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. | 7.5 |
2023-01-17 | CVE-2023-22499 | Deno | Race Condition vulnerability in Deno Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. | 7.5 |
2023-01-17 | CVE-2006-20001 | Apache | Out-of-bounds Write vulnerability in Apache Http Server A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. | 7.5 |
2023-01-17 | CVE-2022-4891 | Libsisimai | Unspecified vulnerability in Libsisimai Sisimai A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. | 7.5 |
2023-01-17 | CVE-2023-22624 | Zohocorp | XXE vulnerability in Zohocorp Manageengine Exchange Reporter Plus Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | 7.5 |
2023-01-17 | CVE-2023-23749 | Miniorange | Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. | 7.5 |
2023-01-17 | CVE-2023-22875 | IBM | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.4.0/7.5.0 IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. | 7.5 |
2023-01-17 | CVE-2022-41859 | Freeradius | Insufficiently Protected Credentials vulnerability in Freeradius In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. | 7.5 |
2023-01-17 | CVE-2022-41860 | Freeradius | NULL Pointer Dereference vulnerability in Freeradius In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. | 7.5 |
2023-01-17 | CVE-2022-3091 | Ronds | Information Exposure vulnerability in Ronds Equipment Predictive Maintenance 1.19.5 RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. | 7.5 |
2023-01-17 | CVE-2023-0158 | Nlnetlabs | Unspecified vulnerability in Nlnetlabs Krill NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. | 7.5 |
2023-01-16 | CVE-2022-47630 | ARM | Out-of-bounds Read vulnerability in ARM Trusted Firmware-A Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. | 7.4 |
2023-01-22 | CVE-2023-24059 | Rockstargames | Unspecified vulnerability in Rockstargames Grand Theft Auto V Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023. | 7.3 |
2023-01-20 | CVE-2023-20044 | Cisco | Unspecified vulnerability in Cisco CX Cloud Agent A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. | 7.3 |
2023-01-18 | CVE-2023-21894 | Oracle | Unspecified vulnerability in Oracle Global Lifecycle Management Nextgen OUI Framework 12.2.1.3.0/12.2.1.4.0/13.9.4.2.2 Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). | 7.3 |
2023-01-20 | CVE-2023-20007 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2023-01-20 | CVE-2023-20026 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. | 7.2 |
2023-01-20 | CVE-2023-20045 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. | 7.2 |
2023-01-18 | CVE-2022-43483 | Sewio | OS Command Injection vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. | 7.2 |
2023-01-18 | CVE-2022-47911 | Sewio | OS Command Injection vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. | 7.2 |
2023-01-17 | CVE-2023-22280 | ATE Mahoroba | OS Command Injection vulnerability in Ate-Mahoroba products MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 7.2 |
2023-01-17 | CVE-2022-43462 | IP Blacklist Cloud Project | SQL Injection vulnerability in IP Blacklist Cloud Project IP Blacklist Cloud 5.00 Auth. | 7.2 |
2023-01-16 | CVE-2022-4547 | Thedotstore | SQL Injection vulnerability in Thedotstore Conditional Payment Methods for Woocommerce The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin. | 7.2 |
2023-01-21 | CVE-2023-24040 | Opengroup | Injection vulnerability in Opengroup Common Desktop Environment 1.6 dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. | 7.1 |
2023-01-20 | CVE-2023-20008 | Cisco | Unspecified vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. | 7.1 |
2023-01-17 | CVE-2022-41858 | Linux Netapp | NULL Pointer Dereference vulnerability in multiple products A flaw was found in the Linux kernel. | 7.1 |
2023-01-17 | CVE-2020-36611 | Hitachi | Incorrect Default Permissions vulnerability in Hitachi Tuning Manager Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00. | 7.1 |
2023-01-20 | CVE-2022-48191 | Trendmicro | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Maximum Security 2022 17.7 A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. | 7.0 |
2023-01-19 | CVE-2023-23690 | Dell | Improper Certificate Validation vulnerability in Dell Cloud Mobility for Dell EMC Storage 1.3.0/1.3.1 Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. | 7.0 |
213 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-18 | CVE-2020-22007 | Okerthai | Missing Authorization vulnerability in Okerthai G955V1 Firmware 1.03.02.20161128 OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges. | 6.8 |
2023-01-20 | CVE-2023-20043 | Cisco | Incorrect Default Permissions vulnerability in Cisco CX Cloud Agent A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. | 6.7 |
2023-01-20 | CVE-2020-22661 | Ruckuswireless | Unspecified vulnerability in Ruckuswireless products In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to erase the backup secondary official image and write secondary backup unauthorized image. | 6.5 |
2023-01-20 | CVE-2021-39089 | IBM | Information Exposure vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. | 6.5 |
2023-01-20 | CVE-2022-47015 | Mariadb | NULL Pointer Dereference vulnerability in Mariadb MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. | 6.5 |
2023-01-20 | CVE-2021-37498 | Reprisesoftware | Server-Side Request Forgery (SSRF) vulnerability in Reprisesoftware Reprise License Manager An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. | 6.5 |
2023-01-20 | CVE-2021-37499 | Reprisesoftware | Injection vulnerability in Reprisesoftware Reprise License Manager CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | 6.5 |
2023-01-20 | CVE-2023-20018 | Cisco | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 6.5 |
2023-01-20 | CVE-2023-20047 | Cisco | Allocation of Resources Without Limits or Throttling vulnerability in Cisco products A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient resource allocation. | 6.5 |
2023-01-19 | CVE-2022-31901 | Notepad Plus Plus | Out-of-bounds Write vulnerability in Notepad-Plus-Plus Notepad++ Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files. | 6.5 |
2023-01-19 | CVE-2023-0398 | Modoboa | Cross-Site Request Forgery (CSRF) vulnerability in Modoboa Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | 6.5 |
2023-01-19 | CVE-2023-0397 | Zephyrproject | Improper Initialization vulnerability in Zephyrproject Zephyr A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. | 6.5 |
2023-01-18 | CVE-2022-47950 | Openstack Debian | Files or Directories Accessible to External Parties vulnerability in multiple products An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. | 6.5 |
2023-01-18 | CVE-2022-45103 | Dell | Information Exposure vulnerability in Dell products Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. | 6.5 |
2023-01-18 | CVE-2022-47881 | Foxit | Out-of-bounds Read vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of-Bounds Read vulnerability. | 6.5 |
2023-01-18 | CVE-2022-43455 | Sewio | Improper Input Validation vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. | 6.5 |
2023-01-18 | CVE-2022-47917 | Sewio | Improper Input Validation vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. | 6.5 |
2023-01-18 | CVE-2022-43494 | GE | Unspecified vulnerability in GE Proficy Historian An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | 6.5 |
2023-01-18 | CVE-2022-46660 | GE | Unrestricted Upload of File with Dangerous Type vulnerability in GE Proficy Historian An unauthorized user could alter or write files with full control over the path and content of the file. | 6.5 |
2023-01-18 | CVE-2023-21868 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2023-01-17 | CVE-2023-22733 | Shopware | Information Exposure Through Log Files vulnerability in Shopware Shopware is an open source commerce platform based on Symfony Framework and Vue js. | 6.5 |
2023-01-17 | CVE-2022-2907 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. | 6.5 |
2023-01-17 | CVE-2022-41861 | Freeradius | Improper Input Validation vulnerability in Freeradius A flaw was found in freeradius. | 6.5 |
2023-01-17 | CVE-2022-2893 | Ronds | Path Traversal vulnerability in Ronds Equipment Predictive Maintenance 1.19.5 RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files. | 6.5 |
2023-01-17 | CVE-2023-22316 | Pixela | Unspecified vulnerability in Pixela Pix-Rt100 Firmware 2.1.1Eq101/2.1.2Eq101 Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services. | 6.5 |
2023-01-17 | CVE-2022-45439 | Zyxel | Cleartext Storage of Sensitive Information vulnerability in Zyxel Ax7501-B0 Firmware 5.17(Abpc.1)C0 A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. | 6.5 |
2023-01-19 | CVE-2023-22745 | Tpm2 Software Stack Project | Classic Buffer Overflow vulnerability in Tpm2 Software Stack Project Tpm2 Software Stack tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). | 6.4 |
2023-01-18 | CVE-2023-21860 | Oracle | Unspecified vulnerability in Oracle Mysql Cluster Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). | 6.3 |
2023-01-18 | CVE-2023-21829 | Oracle | Unspecified vulnerability in Oracle Database 19C/21C Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. | 6.3 |
2023-01-22 | CVE-2023-24044 | Plesk | Open Redirect vulnerability in Plesk Obsidian 18.0.17 A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. | 6.1 |
2023-01-20 | CVE-2023-24026 | Misp Project | Cross-site Scripting vulnerability in Misp-Project Misp 2.4.167 In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. | 6.1 |
2023-01-20 | CVE-2023-24027 | Misp | Cross-site Scripting vulnerability in Misp 2.4.167 In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | 6.1 |
2023-01-20 | CVE-2022-45537 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | 6.1 |
2023-01-20 | CVE-2022-45538 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | 6.1 |
2023-01-20 | CVE-2022-45539 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | 6.1 |
2023-01-20 | CVE-2022-45540 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | 6.1 |
2023-01-20 | CVE-2022-45541 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | 6.1 |
2023-01-20 | CVE-2022-45557 | Left Project | Cross-site Scripting vulnerability in Left Project Left 7.1.5 Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. | 6.1 |
2023-01-20 | CVE-2022-45558 | Left Project | Cross-site Scripting vulnerability in Left Project Left 7.1.5 Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag. | 6.1 |
2023-01-20 | CVE-2023-23010 | Ecommerce Codeigniter Bootstrap Project | Cross-site Scripting vulnerability in Ecommerce-Codeigniter-Bootstrap Project Ecommerce-Codeigniter-Bootstrap 20200803 Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. | 6.1 |
2023-01-20 | CVE-2023-23012 | Classroombookings | Cross-site Scripting vulnerability in Classroombookings 2.6.4 Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php. | 6.1 |
2023-01-20 | CVE-2023-23014 | Inventory System Project | Cross-site Scripting vulnerability in Inventory System Project Inventory System Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php. | 6.1 |
2023-01-20 | CVE-2023-23015 | Kalkun Project | Cross-site Scripting vulnerability in Kalkun Project Kalkun 0.8.0 Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php. | 6.1 |
2023-01-20 | CVE-2023-23024 | Book Store Management System Project | Cross-site Scripting vulnerability in Book Store Management System Project Book Store Management System 1.0 Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. | 6.1 |
2023-01-20 | CVE-2023-23491 | Fullworksplugins | Cross-site Scripting vulnerability in Fullworksplugins Quick Event Manager The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action. | 6.1 |
2023-01-20 | CVE-2022-41441 | Reqlogic | Cross-site Scripting vulnerability in Reqlogic 11.3 Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. | 6.1 |
2023-01-20 | CVE-2023-20019 | Cisco | Cross-site Scripting vulnerability in Cisco Broadworks Xtended Services Platform A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
2023-01-20 | CVE-2023-20058 | Cisco | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
2023-01-20 | CVE-2023-0410 | Builder | Cross-site Scripting vulnerability in Builder Qwik Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. | 6.1 |
2023-01-19 | CVE-2022-46888 | Nexusphp | Cross-site Scripting vulnerability in Nexusphp 1.5 Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. | 6.1 |
2023-01-19 | CVE-2022-4892 | Mycms Project | Cross-site Scripting vulnerability in Mycms Project Mycms A vulnerability was found in MyCMS. | 6.1 |
2023-01-18 | CVE-2023-0214 | Trellix | Cross-site Scripting vulnerability in Trellix Skyhigh Secure web Gateway A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG. | 6.1 |
2023-01-18 | CVE-2020-36653 | Geni | Cross-site Scripting vulnerability in Geni Geni-Portal A vulnerability was found in GENI Portal. | 6.1 |
2023-01-18 | CVE-2020-36654 | Geni | Cross-site Scripting vulnerability in Geni Geni-Portal 20200129 A vulnerability classified as problematic has been found in GENI Portal. | 6.1 |
2023-01-17 | CVE-2022-39195 | Lsoft | Cross-site Scripting vulnerability in Lsoft Listserv 17.0 A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter. | 6.1 |
2023-01-17 | CVE-2022-40704 | Phoronix Media | Cross-site Scripting vulnerability in Phoronix-Media Phoronix Test Suite A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite. | 6.1 |
2023-01-17 | CVE-2023-0337 | Daloradius | Cross-site Scripting vulnerability in Daloradius Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | 6.1 |
2023-01-17 | CVE-2023-0338 | Daloradius | Cross-site Scripting vulnerability in Daloradius Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | 6.1 |
2023-01-17 | CVE-2015-10058 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Wikisource Category Browser A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. | 6.1 |
2023-01-17 | CVE-2015-10059 | Webapplication Veganguide Project | Cross-site Scripting vulnerability in Webapplication-Veganguide Project Webapplication-Veganguide A vulnerability has been found in s134328 Webapplication-Veganguide and classified as problematic. | 6.1 |
2023-01-17 | CVE-2023-22296 | ATE Mahoroba | Cross-site Scripting vulnerability in Ate-Mahoroba products Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 |
2023-01-17 | CVE-2023-22298 | Pgadmin Fedoraproject | Open Redirect vulnerability in multiple products Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 6.1 |
2023-01-16 | CVE-2023-0327 | Theradsystem Project | Cross-site Scripting vulnerability in Theradsystem Project Theradsystem A vulnerability was found in saemorris TheRadSystem. | 6.1 |
2023-01-16 | CVE-2022-3904 | Monsterinsights | Cross-site Scripting vulnerability in Monsterinsights The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. | 6.1 |
2023-01-16 | CVE-2022-4295 | Appjetty | Unspecified vulnerability in Appjetty Show ALL Comments The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. | 6.1 |
2023-01-16 | CVE-2022-4320 | Mhsoftware | Unspecified vulnerability in Mhsoftware Wordpress Events Calendar Plugin The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin). | 6.1 |
2023-01-20 | CVE-2023-22742 | Libgit2 | Improper Verification of Cryptographic Signature vulnerability in Libgit2 libgit2 is a cross-platform, linkable library implementation of Git. | 5.9 |
2023-01-20 | CVE-2022-43704 | Sinilink | Authentication Bypass by Capture-replay vulnerability in Sinilink Xy-Wft1 Firmware 1.3.6 The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. | 5.9 |
2023-01-19 | CVE-2022-39167 | IBM | Unspecified vulnerability in IBM Spectrum Virtualize IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. | 5.9 |
2023-01-19 | CVE-2022-3738 | Wago | Missing Authentication for Critical Function vulnerability in Wago products The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. | 5.9 |
2023-01-18 | CVE-2023-22863 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM products IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. | 5.9 |
2023-01-18 | CVE-2022-3100 | Openstack Redhat | Authentication Bypass by Primary Weakness vulnerability in multiple products A flaw was found in the openstack-barbican component. | 5.9 |
2023-01-18 | CVE-2023-21875 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). | 5.9 |
2023-01-22 | CVE-2023-24055 | Keepass | Cleartext Storage of Sensitive Information vulnerability in Keepass KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. | 5.5 |
2023-01-22 | CVE-2023-24056 | Pkgconf | Unspecified vulnerability in Pkgconf In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. | 5.5 |
2023-01-20 | CVE-2021-33642 | Openeuler | Infinite Loop vulnerability in Openeuler Byacc When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. | 5.5 |
2023-01-20 | CVE-2022-35977 | Redis | Integer Overflow or Wraparound vulnerability in Redis Redis is an in-memory database that persists on disk. | 5.5 |
2023-01-20 | CVE-2023-22458 | Redis | Integer Overflow or Wraparound vulnerability in Redis Redis is an in-memory database that persists on disk. | 5.5 |
2023-01-20 | CVE-2023-23144 | Gpac | Integer Overflow or Wraparound vulnerability in Gpac 2.2Rev0Gab012Bbfbmaster Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. | 5.5 |
2023-01-20 | CVE-2023-20040 | Cisco | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Network Services Orchestrator A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. | 5.5 |
2023-01-18 | CVE-2023-21581 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-18 | CVE-2023-21585 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-18 | CVE-2023-21613 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-18 | CVE-2023-21614 | Adobe | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-18 | CVE-2023-21601 | Adobe | Use After Free vulnerability in Adobe Dimension 3.4.3 Adobe Dimension version 3.4.6 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-18 | CVE-2023-21603 | Adobe | Out-of-bounds Read vulnerability in Adobe Dimension 3.4.3 Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-18 | CVE-2023-21869 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 5.5 |
2023-01-18 | CVE-2023-21872 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 5.5 |
2023-01-18 | CVE-2023-21877 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 5.5 |
2023-01-18 | CVE-2023-21880 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 5.5 |
2023-01-18 | CVE-2023-21898 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 5.5 |
2023-01-18 | CVE-2023-21899 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 5.5 |
2023-01-17 | CVE-2022-47929 | Linux Debian | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. | 5.5 |
2023-01-17 | CVE-2022-4121 | Libetpan Project | NULL Pointer Dereference vulnerability in Libetpan Project Libetpan In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c was found that could lead to a remote denial of service or other potential consequences. | 5.5 |
2023-01-16 | CVE-2023-0316 | Froxlor | Path Traversal: '..filename' vulnerability in Froxlor Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0. | 5.5 |
2023-01-20 | CVE-2022-45542 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | 5.4 |
2023-01-20 | CVE-2022-38110 | Solarwinds | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | 5.4 |
2023-01-20 | CVE-2023-22910 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 5.4 |
2023-01-20 | CVE-2022-20965 | Cisco | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. | 5.4 |
2023-01-20 | CVE-2022-20966 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. | 5.4 |
2023-01-20 | CVE-2022-20967 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. | 5.4 |
2023-01-20 | CVE-2023-20037 | Cisco | Cross-site Scripting vulnerability in Cisco Industrial Network Director A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. | 5.4 |
2023-01-20 | CVE-2023-22373 | Contec | Cross-site Scripting vulnerability in Contec Conprosys HMI System Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. | 5.4 |
2023-01-19 | CVE-2022-46889 | Nexusphp | Cross-site Scripting vulnerability in Nexusphp 1.5 A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php. | 5.4 |
2023-01-19 | CVE-2022-47194 | Ghost | Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
2023-01-19 | CVE-2022-47195 | Ghost | Cross-site Scripting vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
2023-01-19 | CVE-2022-47196 | Ghost | Insecure Default Initialization of Resource vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
2023-01-19 | CVE-2022-47197 | Ghost | Cross-site Scripting vulnerability in Ghost 5.9.4 An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. | 5.4 |
2023-01-19 | CVE-2023-0402 | Warfareplugins | Unspecified vulnerability in Warfareplugins Social Warfare The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. | 5.4 |
2023-01-19 | CVE-2023-0403 | Warfareplugins | Unspecified vulnerability in Warfareplugins Social Warfare The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. | 5.4 |
2023-01-19 | CVE-2023-0404 | E Dynamics | Missing Authorization vulnerability in E-Dynamics Events Made Easy The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. | 5.4 |
2023-01-18 | CVE-2022-4235 | Rushstreetinteractive | Cross-site Scripting vulnerability in Rushstreetinteractive Rushbet 2022.23.1B490616D RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. | 5.4 |
2023-01-18 | CVE-2023-22594 | IBM | Cross-site Scripting vulnerability in IBM products IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. | 5.4 |
2023-01-18 | CVE-2022-45613 | Book Store Management System Project | Cross-site Scripting vulnerability in Book Store Management System Project Book Store Management System 1.0 Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. | 5.4 |
2023-01-18 | CVE-2023-21844 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.59/8.60 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). | 5.4 |
2023-01-18 | CVE-2023-21845 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.60 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). | 5.4 |
2023-01-18 | CVE-2023-21847 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Download). | 5.4 |
2023-01-18 | CVE-2023-21861 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 5.9.0.0.0/6.4.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). | 5.4 |
2023-01-18 | CVE-2023-21888 | Oracle | Unspecified vulnerability in Oracle Primavera Gateway Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). | 5.4 |
2023-01-18 | CVE-2023-21891 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 5.9.0.0.0/6.4.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). | 5.4 |
2023-01-18 | CVE-2023-21892 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 5.9.0.0.0/6.4.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). | 5.4 |
2023-01-17 | CVE-2010-10008 | Simplesamlphp | Cross-site Scripting vulnerability in Simplesamlphp Simplesamlphp-Module-Openidprovider ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. | 5.4 |
2023-01-16 | CVE-2022-4431 | Pluginus | Unspecified vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4449 | Page Scroll TO ID Project | Unspecified vulnerability in Page Scroll to ID Project Page Scroll to ID The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4451 | Heateor | Unspecified vulnerability in Heateor Sassy Social Share The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4453 | 3Dflipbook | Cross-site Scripting vulnerability in 3Dflipbook 3D Flipbook The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. | 5.4 |
2023-01-16 | CVE-2022-4460 | Codelights Shortcodes AND Widgets Project | Unspecified vulnerability in Codelights-Shortcodes-And-Widgets Project Codelights-Shortcodes-And-Widgets 1.4 The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4464 | Themify | Unspecified vulnerability in Themify Portfolio Post Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. | 5.4 |
2023-01-16 | CVE-2022-4465 | Tipsandtricks HQ | Unspecified vulnerability in Tipsandtricks-Hq WP Video Lightbox The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | 5.4 |
2023-01-16 | CVE-2022-4469 | Simple Membership Plugin | Unspecified vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | 5.4 |
2023-01-16 | CVE-2022-4476 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | 5.4 |
2023-01-16 | CVE-2022-4477 | Smashballoon | Unspecified vulnerability in Smashballoon Smash Balloon Social Post Feed The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | 5.4 |
2023-01-16 | CVE-2022-4478 | Fontawesome | Unspecified vulnerability in Fontawesome Font Awesome The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | 5.4 |
2023-01-16 | CVE-2022-4480 | Holithemes | Cross-site Scripting vulnerability in Holithemes Click to Chat The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4481 | Extendthemes | Unspecified vulnerability in Extendthemes Mesmerize Companion The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4482 | Techearty | Unspecified vulnerability in Techearty Carousel, Slider, Gallery BY WP Carousel The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4483 | Insert Pages Project | Unspecified vulnerability in Insert Pages Project Insert Pages The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4484 | Heateor | Unspecified vulnerability in Heateor Super Socializer The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4486 | Meteor Slides Project | Unspecified vulnerability in Meteor Slides Project Meteor Slides The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4487 | Techearty | Unspecified vulnerability in Techearty Easy Accordion The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4507 | Devowl | Unspecified vulnerability in Devowl Wordpress Real Cookie Banner The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | 5.4 |
2023-01-16 | CVE-2022-4508 | Convertkit | Unspecified vulnerability in Convertkit - Email Marketing, Email Newsletter and Landing Pages The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4544 | Wpchill | Unspecified vulnerability in Wpchill Mashshare The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4571 | Castos | Unspecified vulnerability in Castos Seriously Simple Podcasting The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4578 | Video Conferencing With Zoom Project | Unspecified vulnerability in Video Conferencing With Zoom Project Video Conferencing With Zoom The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4648 | Shapedplugin | Unspecified vulnerability in Shapedplugin Real Testimonials The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-16 | CVE-2022-4653 | Greenshiftwp | Unspecified vulnerability in Greenshiftwp Greenshift - Animation and Page Builder Blocks The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 5.4 |
2023-01-16 | CVE-2022-4655 | Collne | Unspecified vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. | 5.4 |
2023-01-16 | CVE-2022-4658 | Rssimport Project | Unspecified vulnerability in Rssimport Project Rssimport The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 5.4 |
2023-01-16 | CVE-2023-0323 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. | 5.4 |
2023-01-16 | CVE-2022-41703 | Apache | SQL Injection vulnerability in Apache Superset A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). | 5.4 |
2023-01-16 | CVE-2022-43717 | Apache | Cross-site Scripting vulnerability in Apache Superset Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | 5.4 |
2023-01-16 | CVE-2022-43718 | Apache | Cross-site Scripting vulnerability in Apache Superset Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | 5.4 |
2023-01-16 | CVE-2022-43720 | Apache | Unspecified vulnerability in Apache Superset An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | 5.4 |
2023-01-16 | CVE-2022-43721 | Apache | Open Redirect vulnerability in Apache Superset An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | 5.4 |
2023-01-20 | CVE-2022-39193 | Mediawiki | Information Exposure vulnerability in Mediawiki 1.39.0/1.39.1 An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. | 5.3 |
2023-01-20 | CVE-2022-41733 | IBM | Improper Input Validation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. | 5.3 |
2023-01-20 | CVE-2023-22912 | Mediawiki | Use of Insufficiently Random Values vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 5.3 |
2023-01-20 | CVE-2023-20057 | Cisco | Injection vulnerability in Cisco Asyncos A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. | 5.3 |
2023-01-20 | CVE-2023-22334 | Contec | Improper Authentication vulnerability in Contec Conprosys HMI System Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack. | 5.3 |
2023-01-18 | CVE-2021-4314 | Linuxfoundation | Improper Authentication vulnerability in Linuxfoundation Zowe API Mediation Layer It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. | 5.3 |
2023-01-18 | CVE-2023-21825 | Oracle | Unspecified vulnerability in Oracle Isupplier Portal 12.2.6/12.2.7/12.2.8 Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Supplier Management). | 5.3 |
2023-01-18 | CVE-2023-21830 | Oracle Azul | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). | 5.3 |
2023-01-18 | CVE-2023-21831 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise CS Academic Advisement 9.2 Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). | 5.3 |
2023-01-18 | CVE-2023-21835 | Oracle Azul | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). | 5.3 |
2023-01-17 | CVE-2023-0296 | Redhat | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Redhat Openshift 4.11 The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. | 5.3 |
2023-01-17 | CVE-2022-37436 | Apache | HTTP Response Splitting vulnerability in Apache Http Server Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. | 5.3 |
2023-01-17 | CVE-2023-22278 | DAJ | Unspecified vulnerability in DAJ M-Filter m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. | 5.3 |
2023-01-16 | CVE-2022-45438 | Apache | Exposure of Resource to Wrong Sphere vulnerability in Apache Superset When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | 5.3 |
2023-01-20 | CVE-2021-39011 | IBM | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Security 1.10.0.0/1.10.2.0/1.10.6.0 IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. | 4.9 |
2023-01-20 | CVE-2022-43959 | Bitrix24 | Information Exposure vulnerability in Bitrix24 20.0.0/20.0.975 Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php. | 4.9 |
2023-01-18 | CVE-2022-34435 | Dell | Improper Input Validation vulnerability in Dell Idrac9 Firmware Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. | 4.9 |
2023-01-18 | CVE-2022-34436 | Dell | Improper Input Validation vulnerability in Dell Idrac8 Firmware Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. | 4.9 |
2023-01-18 | CVE-2023-21836 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2023-01-18 | CVE-2023-21840 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). | 4.9 |
2023-01-18 | CVE-2023-21863 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21864 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21865 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21866 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21867 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21870 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21871 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2023-01-18 | CVE-2023-21873 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21876 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21878 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21879 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21881 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21883 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2023-01-18 | CVE-2023-21887 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). | 4.9 |
2023-01-19 | CVE-2022-40697 | 3Commarketing | Cross-site Scripting vulnerability in 3Commarketing 3Com-Asesor-De-Cookies 3.4.3 Auth. | 4.8 |
2023-01-17 | CVE-2022-42462 | IP Blacklist Cloud Project | Cross-site Scripting vulnerability in IP Blacklist Cloud Project IP Blacklist Cloud 5.00 Auth. | 4.8 |
2023-01-16 | CVE-2022-2658 | Wpspellcheck | Unspecified vulnerability in Wpspellcheck The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-01-16 | CVE-2022-4199 | Ylefebvre | Unspecified vulnerability in Ylefebvre Link Library The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-16 | CVE-2022-4299 | Metricool | Unspecified vulnerability in Metricool The Metricool WordPress plugin before 1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-16 | CVE-2022-4330 | Marcomilesi | Cross-site Scripting vulnerability in Marcomilesi WP Attachments The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-16 | CVE-2022-4442 | Cozmoslabs | Unspecified vulnerability in Cozmoslabs Custom Post Types and Custom Fields Creator The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 4.8 |
2023-01-17 | CVE-2021-36647 | ARM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in ARM Mbed TLS Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA. | 4.7 |
2023-01-20 | CVE-2023-20002 | Cisco | Server-Side Request Forgery (SSRF) vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. | 4.4 |
2023-01-18 | CVE-2023-21824 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). | 4.4 |
2023-01-18 | CVE-2023-21859 | Oracle | Unspecified vulnerability in Oracle Access Manager 12.2.1.4.0 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). | 4.4 |
2023-01-18 | CVE-2023-21884 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2023-01-17 | CVE-2022-45440 | Zyxel | Link Following vulnerability in Zyxel Ax7501-B0 Firmware 5.17(Abpc.1)C0 A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. | 4.4 |
2023-01-22 | CVE-2023-24058 | Twinkletoessoftware | Unspecified vulnerability in Twinkletoessoftware Booked 2.5.5 Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. | 4.3 |
2023-01-19 | CVE-2022-46890 | Nexusphp | Unspecified vulnerability in Nexusphp 1.5 Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page). | 4.3 |
2023-01-19 | CVE-2023-0406 | Modoboa | Cross-Site Request Forgery (CSRF) vulnerability in Modoboa Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | 4.3 |
2023-01-18 | CVE-2023-0290 | Rapid7 | Path Traversal vulnerability in Rapid7 Velociraptor Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. | 4.3 |
2023-01-18 | CVE-2023-0385 | Kunalnagar | Unspecified vulnerability in Kunalnagar Custom 404 PRO The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. | 4.3 |
2023-01-18 | CVE-2022-39429 | Oracle | Unspecified vulnerability in Oracle Java Virtual Machine 19C/21C Vulnerability in the Java VM component of Oracle Database Server. | 4.3 |
2023-01-18 | CVE-2023-21827 | Oracle | Unspecified vulnerability in Oracle Database 19C/21C Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. | 4.3 |
2023-01-18 | CVE-2023-21834 | Oracle | Unspecified vulnerability in Oracle Self-Service Human Resources Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workflow, Approval, Work Force Management). | 4.3 |
2023-01-17 | CVE-2018-14628 | Samba Fedoraproject | Missing Authorization vulnerability in multiple products An information leak vulnerability was discovered in Samba's LDAP server. | 4.3 |
2023-01-16 | CVE-2022-4549 | Tickera | Unspecified vulnerability in Tickera The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | 4.3 |
2023-01-18 | CVE-2023-21900 | Oracle | Unspecified vulnerability in Oracle Solaris 10/11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-18 | CVE-2023-21885 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 3.8 |
2023-01-18 | CVE-2023-21889 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 3.8 |
2023-01-18 | CVE-2023-21843 | Oracle Azul | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). | 3.7 |
2023-01-16 | CVE-2022-4309 | Subscribe2 Project | Unspecified vulnerability in Subscribe2 Project Subscribe2 The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack. | 3.1 |
2023-01-18 | CVE-2023-21874 | Oracle | Unspecified vulnerability in Oracle Mysql Server Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). | 2.7 |
2023-01-18 | CVE-2023-21882 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 2.7 |
2023-01-18 | CVE-2022-34399 | Dell | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell products Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. | 2.3 |