Weekly Vulnerabilities Reports > January 23 to 29, 2023

Overview

544 new vulnerabilities reported during this period, including 98 critical vulnerabilities and 207 high severity vulnerabilities. This weekly summary report vulnerabilities in 520 products from 204 vendors including Tracker Software, Siretta, Jenkins, Google, and Gitlab. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "Classic Buffer Overflow", "Out-of-bounds Read", and "SQL Injection".

  • 401 reported vulnerabilities are remotely exploitables.
  • 166 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 310 reported vulnerabilities are exploitable by an anonymous user.
  • Tracker Software has the most reported vulnerabilities, with 65 reported vulnerabilities.
  • Siretta has the most reported critical vulnerabilities, with 42 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

98 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-29 CVE-2023-0570 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0.

9.8
2023-01-28 CVE-2023-0562 Phpgurukul SQL Injection vulnerability in PHPgurukul Bank Locker Management System 1.0

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0.

9.8
2023-01-27 CVE-2022-43979 Pandorafms Path Traversal vulnerability in Pandorafms Pandora FMS

There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764.

9.8
2023-01-27 CVE-2023-0558 Contentstudio Unspecified vulnerability in Contentstudio

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5.

9.8
2023-01-27 CVE-2022-48107 Dlink OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08

D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress.

9.8
2023-01-27 CVE-2022-48108 Dlink OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08

D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask.

9.8
2023-01-27 CVE-2022-48008 Limesurvey Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.4.15

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.

9.8
2023-01-27 CVE-2022-48011 Opencats SQL Injection vulnerability in Opencats 0.9.7

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.

9.8
2023-01-27 CVE-2022-48066 Totolink Improper Authentication vulnerability in Totolink A830R Firmware 4.1.2Cu.5182

An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.

9.8
2023-01-27 CVE-2022-44298 Sscms SQL Injection vulnerability in Sscms Siteserver CMS 7.1.3

SiteServer CMS 7.1.3 is vulnerable to SQL Injection.

9.8
2023-01-27 CVE-2023-0530 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0.

9.8
2023-01-26 CVE-2022-46966 Revenue Collection System Project SQL Injection vulnerability in Revenue Collection System Project Revenue Collection System 1.0

Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.

9.8
2023-01-26 CVE-2022-46967 Revenue Collection System Project Unspecified vulnerability in Revenue Collection System Project Revenue Collection System 1.0

An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory.

9.8
2023-01-26 CVE-2022-40222 Siretta OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40985 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40986 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40987 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40988 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40989 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40990 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40991 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40992 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40993 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40994 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40995 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40996 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40997 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40998 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-40999 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41000 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41001 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41002 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41003 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41004 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41005 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41006 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41007 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41008 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41009 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41010 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41011 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41012 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41013 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41014 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41015 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41016 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41017 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41018 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41019 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41030 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-41991 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-42490 Siretta OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-42491 Siretta OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-42492 Siretta OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-42493 Siretta OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

9.8
2023-01-26 CVE-2022-46998 Taogogo Server-Side Request Forgery (SSRF) vulnerability in Taogogo Taocms 3.0.2

An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).

9.8
2023-01-26 CVE-2022-46999 Tuzicms SQL Injection vulnerability in Tuzicms 2.0.6

Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php.

9.8
2023-01-26 CVE-2022-47615 Thimpress Unrestricted Upload of File with Dangerous Type vulnerability in Thimpress Learnpress

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

9.8
2023-01-26 CVE-2022-47767 Solar LOG Unspecified vulnerability in Solar-Log products

A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker.

9.8
2023-01-26 CVE-2023-24022 Baicells Use of Hard-coded Credentials vulnerability in Baicells RTD Firmware and RTS Firmware

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh.

9.8
2023-01-26 CVE-2023-24164 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.

9.8
2023-01-26 CVE-2023-24165 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.

9.8
2023-01-26 CVE-2023-24166 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.

9.8
2023-01-26 CVE-2023-24167 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.

9.8
2023-01-26 CVE-2023-24169 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.

9.8
2023-01-26 CVE-2023-24170 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.

9.8
2023-01-26 CVE-2023-24427 Jenkins Session Fixation vulnerability in Jenkins Bitbucket Oauth

Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.

9.8
2023-01-26 CVE-2023-24429 Jenkins XXE vulnerability in Jenkins Semantic Versioning

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

9.8
2023-01-26 CVE-2023-24430 Jenkins XXE vulnerability in Jenkins Semantic Versioning

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

9.8
2023-01-26 CVE-2023-24441 Jenkins XXE vulnerability in Jenkins Mstest

Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

9.8
2023-01-26 CVE-2023-24443 Jenkins XXE vulnerability in Jenkins Testcomplete Support

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

9.8
2023-01-26 CVE-2023-24444 Jenkins Improper Resource Shutdown or Release vulnerability in Jenkins Openid

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

9.8
2023-01-26 CVE-2023-24456 Jenkins Session Fixation vulnerability in Jenkins Keycloak Authentication

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.

9.8
2023-01-26 CVE-2022-44297 Sscms SQL Injection vulnerability in Sscms Siteserver CMS 7.1.3

SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.

9.8
2023-01-26 CVE-2022-45808 Thimpress SQL Injection vulnerability in Thimpress Learnpress

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

9.8
2023-01-26 CVE-2022-40037 Javaweb Blog Project Unrestricted Upload of File with Dangerous Type vulnerability in Javaweb Blog Project Javaweb Blog 1.0

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.

9.8
2023-01-26 CVE-2020-22452 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

9.8
2023-01-26 CVE-2022-25860 Simple GIT Project Unspecified vulnerability in Simple-Git Project Simple-Git

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).

9.8
2023-01-26 CVE-2022-25894 Uflo Project Code Injection vulnerability in Uflo Project Uflo

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.

9.8
2023-01-26 CVE-2022-25908 Create Choo Electron Project Unspecified vulnerability in Create-Choo-Electron Project Create-Choo-Electron

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.

9.8
2023-01-26 CVE-2022-25962 Vagrant JS Project Unspecified vulnerability in Vagrant.Js Project Vagrant.Js

All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.

9.8
2023-01-26 CVE-2022-29843 Westerndigital OS Command Injection vulnerability in Westerndigital products

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.

9.8
2023-01-26 CVE-2022-29844 Westerndigital Path Traversal vulnerability in Westerndigital products

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files.

9.8
2023-01-26 CVE-2022-31704 Vmware Unspecified vulnerability in VMWare Vrealize LOG Insight

The vRealize Log Insight contains a broken access control vulnerability.

9.8
2023-01-26 CVE-2022-31706 Vmware Path Traversal vulnerability in VMWare Vrealize LOG Insight

The vRealize Log Insight contains a Directory Traversal Vulnerability.

9.8
2023-01-25 CVE-2022-3806 Zephyrproject Double Free vulnerability in Zephyrproject Zephyr

Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.

9.8
2023-01-24 CVE-2023-23331 Amano SQL Injection vulnerability in Amano Xoffice 7.1.3879

Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.

9.8
2023-01-23 CVE-2023-23560 Lexmark Server-Side Request Forgery (SSRF) vulnerability in Lexmark products

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

9.8
2023-01-23 CVE-2021-43445 Onlyoffice Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.

9.8
2023-01-23 CVE-2022-0316 Chimpgroup
Soundblast Project
Spikes Black Project
Pixfill
Club Theme Project
Statfort Project
Aidreform Project
Footysquare Project
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
9.8
2023-01-23 CVE-2022-4305 WP BUY Unspecified vulnerability in Wp-Buy Login AS User or Customer (User Switching)

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

9.8
2023-01-23 CVE-2022-4383 Codeboxr Unspecified vulnerability in Codeboxr CBX Petition for Wordpress 1.0.3

The CBX Petition for WordPress plugin through 1.0.3 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

9.8
2023-01-23 CVE-2022-4693 Pickplugins Insufficiently Protected Credentials vulnerability in Pickplugins User Verification

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability.

9.8
2023-01-26 CVE-2023-24508 Baicells Cross-site Scripting vulnerability in Baicells RTD Firmware and RTS Firmware

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections.

9.6
2023-01-27 CVE-2022-39811 Italtel Missing Authorization vulnerability in Italtel Netmatch-S CI 5.2.020211008

Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader.

9.1
2023-01-26 CVE-2023-0321 Campbellsci Information Exposure vulnerability in Campbellsci products

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network.

9.1
2023-01-26 CVE-2020-18330 Chinamobileltd Path Traversal vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2000En01

An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface.

9.1
2023-01-26 CVE-2020-18331 Chinamobileltd Path Traversal vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2000En01

Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc.

9.1

207 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-28 CVE-2021-4315 Psiturk Code Injection vulnerability in Psiturk

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical.

8.8
2023-01-28 CVE-2023-0561 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0.

8.8
2023-01-27 CVE-2021-41144 Openmage Command Injection vulnerability in Openmage Magento

OpenMage LTS is an e-commerce platform.

8.8
2023-01-27 CVE-2022-44715 Netscout Incorrect Permission Assignment for Critical Resource vulnerability in Netscout Ngeniusone 6.3.2

Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.

8.8
2023-01-26 CVE-2023-0493 Btcpayserver Injection vulnerability in Btcpayserver Btcpay Server

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.

8.8
2023-01-26 CVE-2022-36279 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

8.8
2023-01-26 CVE-2022-38066 Siretta OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

8.8
2023-01-26 CVE-2022-38459 Siretta Classic Buffer Overflow vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

8.8
2023-01-26 CVE-2022-38715 Siretta Unspecified vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

8.8
2023-01-26 CVE-2022-39045 Siretta Path Traversal vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

8.8
2023-01-26 CVE-2022-40220 Siretta OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

8.8
2023-01-26 CVE-2022-40969 Siretta OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

8.8
2023-01-26 CVE-2023-0455 Bumsys Project Unrestricted Upload of File with Dangerous Type vulnerability in Bumsys Project Bumsys 1.0.0/1.0.1/1.0.2

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.

8.8
2023-01-26 CVE-2022-47042 Mingsoft Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.10/5.2.8/5.2.9

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.

8.8
2023-01-26 CVE-2022-48199 Softperfect Unspecified vulnerability in Softperfect Networx 7.1.1

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function.

8.8
2023-01-26 CVE-2023-0444 Deltaww Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.02A

A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a.

8.8
2023-01-26 CVE-2023-22482 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Argo-Cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

8.8
2023-01-26 CVE-2023-23612 Amazon Improper Authentication vulnerability in Amazon Opensearch

OpenSearch is an open source distributed and RESTful search engine.

8.8
2023-01-26 CVE-2023-23614 PI Hole Insufficient Session Expiration vulnerability in Pi-Hole web Interface

Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole.

8.8
2023-01-26 CVE-2023-23619 Lfprojects Code Injection vulnerability in Lfprojects Modelina

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents.

8.8
2023-01-26 CVE-2023-24422 Jenkins OS Command Injection vulnerability in Jenkins Script Security

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

8.8
2023-01-26 CVE-2023-24424 Jenkins Session Fixation vulnerability in Jenkins Openid Connect Authentication

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.

8.8
2023-01-26 CVE-2023-24426 Jenkins Insufficient Session Expiration vulnerability in Jenkins Azure AD

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.

8.8
2023-01-26 CVE-2023-24432 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Orka BY Macstadium

A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

8.8
2023-01-26 CVE-2023-24434 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Pull Request Builder

A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

8.8
2023-01-26 CVE-2023-24437 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jira Pipeline Steps

A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

8.8
2023-01-26 CVE-2023-24446 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openid

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.

8.8
2023-01-26 CVE-2023-24447 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rabbitmq Consumer

A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.

8.8
2023-01-26 CVE-2023-24452 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Testquality Updater 1.1/1.3

A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.

8.8
2023-01-26 CVE-2023-24458 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bearychat

A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL.

8.8
2023-01-26 CVE-2022-45820 Thimpress SQL Injection vulnerability in Thimpress Learnpress

SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

8.8
2023-01-26 CVE-2022-40035 Blog SSM Project Unrestricted Upload of File with Dangerous Type vulnerability in Blog-Ssm Project Blog-Ssm 1.0

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.

8.8
2023-01-26 CVE-2022-40717 Dlink Out-of-bounds Write vulnerability in Dlink Dir-2150 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers.

8.8
2023-01-26 CVE-2022-40718 Dlink Out-of-bounds Write vulnerability in Dlink Dir-2150 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers.

8.8
2023-01-26 CVE-2022-40719 Dlink OS Command Injection vulnerability in Dlink Dir-2150 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers.

8.8
2023-01-26 CVE-2022-40720 Dlink OS Command Injection vulnerability in Dlink Dir-2150 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers.

8.8
2023-01-26 CVE-2022-41140 Dlink Out-of-bounds Write vulnerability in Dlink products

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers.

8.8
2023-01-26 CVE-2022-41142 Centreon SQL Injection vulnerability in Centreon 22.04.2

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon.

8.8
2023-01-23 CVE-2023-23824 WP Topbar Project SQL Injection vulnerability in WP Topbar Project WP Topbar 5.36

Auth.

8.8
2023-01-23 CVE-2022-37718 Edgenexus OS Command Injection vulnerability in Edgenexus Application Delivery Controller 4.2.8

The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability.

8.8
2023-01-23 CVE-2022-37719 Edgenexus Cross-Site Request Forgery (CSRF) vulnerability in Edgenexus Application Delivery Controller 4.2.8

A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.

8.8
2023-01-23 CVE-2022-47065 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-820Ap Firmware 1.01.B01

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule.

8.8
2023-01-23 CVE-2022-4017 Booster Unspecified vulnerability in Booster for Woocommerce

The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks

8.8
2023-01-23 CVE-2022-4230 Veronalabs SQL Injection vulnerability in Veronalabs WP Statistics

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks.

8.8
2023-01-23 CVE-2023-24095 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-820Ap Firmware 1.01.B01

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck.

8.8
2023-01-23 CVE-2023-24096 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-820Ap Firmware 1.01.B01

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup.

8.8
2023-01-23 CVE-2023-24097 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-820Ap Firmware 1.01.B01

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth.

8.8
2023-01-23 CVE-2023-24098 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-820Ap Firmware 1.01.B01

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog.

8.8
2023-01-23 CVE-2023-24099 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-820Ap Firmware 1.01.B01

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword.

8.8
2023-01-23 CVE-2023-23314 Zdir Project Path Traversal vulnerability in Zdir Project Zdir 3.2.0

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.

8.8
2023-01-23 CVE-2022-23005 Jedec Improper Synchronization vulnerability in Jedec Universal Flash Storage

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability.

8.7
2023-01-26 CVE-2023-22736 Linuxfoundation Missing Authorization vulnerability in Linuxfoundation Argo-Cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

8.5
2023-01-24 CVE-2023-21775 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.3
2023-01-24 CVE-2023-21795 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

8.3
2023-01-24 CVE-2023-21796 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

8.3
2023-01-27 CVE-2020-36658 Lemonldap NG
Debian
Improper Certificate Validation vulnerability in multiple products

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.

8.1
2023-01-27 CVE-2020-36659 Lemonldap NG
Debian
Improper Certificate Validation vulnerability in multiple products

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.

8.1
2023-01-26 CVE-2022-40701 Siretta Path Traversal vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

8.1
2023-01-26 CVE-2023-0284 Tribe29 Improper Input Validation vulnerability in Tribe29 Checkmk

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server.

8.1
2023-01-26 CVE-2023-24057 HL7
Hapifhir
Path Traversal vulnerability in multiple products

HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).

8.1
2023-01-23 CVE-2021-43449 Onlyoffice Server-Side Request Forgery (SSRF) vulnerability in Onlyoffice Server 7.0.0.49

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF).

8.1
2023-01-26 CVE-2022-4092 Gitlab Cross-site Scripting vulnerability in Gitlab 15.6.0

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1.

8.0
2023-01-27 CVE-2022-4139 Linux Memory Leak vulnerability in Linux Kernel

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks.

7.8
2023-01-27 CVE-2023-22240 Adobe Out-of-bounds Write vulnerability in Adobe products

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-27 CVE-2023-22241 Adobe Out-of-bounds Write vulnerability in Adobe products

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-27 CVE-2023-22242 Adobe Out-of-bounds Write vulnerability in Adobe products

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-27 CVE-2022-48070 Phicomm OS Command Injection vulnerability in Phicomm K2 Firmware 22.6.534.263

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.

7.8
2023-01-27 CVE-2022-48072 Phicomm OS Command Injection vulnerability in Phicomm K2 Firmware 22.6.3.20

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.

7.8
2023-01-26 CVE-2022-44263 Dentsplysirona Incorrect Permission Assignment for Critical Resource vulnerability in Dentsplysirona Sidexis 4.2

Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control.

7.8
2023-01-26 CVE-2022-44264 Dentsplysirona Unquoted Search Path or Element vulnerability in Dentsplysirona Sidexis 4.2

Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.

7.8
2023-01-26 CVE-2022-45770 Adguard Unspecified vulnerability in Adguard

Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation.

7.8
2023-01-26 CVE-2022-47040 Askey Unspecified vulnerability in Askey Rtf3505Vw-N1 Firmware Brsvg000R3505Vmn1001S327

An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.

7.8
2023-01-26 CVE-2022-4510 Microsoft Path Traversal vulnerability in Microsoft Binwalk

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included.

7.8
2023-01-26 CVE-2023-20904 Google Unspecified vulnerability in Google Android 12.1/13.0

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code.

7.8
2023-01-26 CVE-2023-20905 Google Out-of-bounds Write vulnerability in Google Android 10.0

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check.

7.8
2023-01-26 CVE-2023-20912 Google Missing Authorization vulnerability in Google Android 13.0

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check.

7.8
2023-01-26 CVE-2023-20913 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack.

7.8
2023-01-26 CVE-2023-20915 Google Always-Incorrect Control Flow Implementation vulnerability in Google Android

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code.

7.8
2023-01-26 CVE-2023-20916 Google Missing Authorization vulnerability in Google Android 12.0/12.1

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check.

7.8
2023-01-26 CVE-2023-20919 Google Unspecified vulnerability in Google Android 13.0

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code.

7.8
2023-01-26 CVE-2023-20920 Google Use After Free vulnerability in Google Android

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free.

7.8
2023-01-26 CVE-2023-20925 Google Use After Free vulnerability in Google Android

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free.

7.8
2023-01-26 CVE-2023-20928 Google Improper Locking vulnerability in Google Android

In binder_vma_close of binder.c, there is a possible use after free due to improper locking.

7.8
2023-01-26 CVE-2022-43997 Aternity Unspecified vulnerability in Aternity 9.0

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation.

7.8
2023-01-26 CVE-2018-25078 MAN DB Project Unspecified vulnerability in Man-Db Project Man-Db

man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root.

7.8
2023-01-26 CVE-2020-36657 Uptimed Project Unspecified vulnerability in Uptimed Project Uptimed

uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.

7.8
2023-01-26 CVE-2021-41988 Qlik Exposure of Resource to Wrong Sphere vulnerability in Qlik Nprinting Designer 21.14.3.0

Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions.

7.8
2023-01-26 CVE-2021-41989 Qlik Exposure of Resource to Wrong Sphere vulnerability in Qlik Qlikview 12.60.20100.0

Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.

7.8
2023-01-26 CVE-2022-1890 Lenovo Out-of-bounds Write vulnerability in Lenovo products

A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

7.8
2023-01-26 CVE-2022-1891 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

7.8
2023-01-26 CVE-2022-1892 Lenovo Classic Buffer Overflow vulnerability in Lenovo products

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

7.8
2023-01-26 CVE-2022-20456 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2023-01-26 CVE-2022-20461 Google Type Confusion vulnerability in Google Android

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion.

7.8
2023-01-26 CVE-2022-20489 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2023-01-26 CVE-2022-20490 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2023-01-26 CVE-2022-20492 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2023-01-26 CVE-2022-20493 Google Improper Validation of Specified Quantity in Input vulnerability in Google Android

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation.

7.8
2023-01-26 CVE-2022-21810 Smartctl Project Unspecified vulnerability in Smartctl Project Smartctl

All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.

7.8
2023-01-26 CVE-2022-25350 Helecloud Unspecified vulnerability in Helecloud Puppet-Facter

All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.

7.8
2023-01-26 CVE-2022-38774 Elastic Unspecified vulnerability in Elastic Endgame and Endpoint Security

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

7.8
2023-01-26 CVE-2022-38775 Elastic Unspecified vulnerability in Elastic Endpoint Security

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

7.8
2023-01-26 CVE-2022-41141 Windscribe Uncontrolled Search Path Element vulnerability in Windscribe 2.3.16

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe.

7.8
2023-01-26 CVE-2022-41143 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-41144 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-41147 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-41148 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-41149 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-41150 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-41151 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-41152 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42370 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42371 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42372 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42373 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42374 Tracker Software Use After Free vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42377 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42378 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42379 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42380 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42381 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42382 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42394 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42395 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42396 Tracker Software Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42399 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42400 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42402 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42403 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42405 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42410 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42415 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42416 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42417 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42418 Tracker Software Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42419 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42420 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42421 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-26 CVE-2022-42423 Tracker Software Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor.

7.8
2023-01-24 CVE-2022-45639 Sleuthkit OS Command Injection vulnerability in Sleuthkit the Sleuth KIT 4.11.1

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.

7.8
2023-01-23 CVE-2023-24068 Signal Unspecified vulnerability in Signal Signal-Desktop

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory.

7.8
2023-01-29 CVE-2023-0564 Froxlor Weak Password Requirements vulnerability in Froxlor

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.

7.5
2023-01-28 CVE-2023-23617 Openmage Infinite Loop vulnerability in Openmage Magento

OpenMage LTS is an e-commerce platform.

7.5
2023-01-28 CVE-2023-23621 Discourse Unspecified vulnerability in Discourse

Discourse is an open-source discussion platform.

7.5
2023-01-27 CVE-2022-39812 Italtel Path Traversal vulnerability in Italtel Netmatch-S CI 5.2.020211008

Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader.

7.5
2023-01-27 CVE-2022-4205 Gitlab Type Confusion vulnerability in Gitlab

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.

7.5
2023-01-27 CVE-2019-25053 Sage Path Traversal vulnerability in Sage FRP 1000

A path traversal vulnerability exists in Sage FRP 1000 before November 2019.

7.5
2023-01-27 CVE-2022-48069 Totolink OS Command Injection vulnerability in Totolink A830R Firmware 4.1.2Cu.5182

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.

7.5
2023-01-27 CVE-2022-48071 Phicomm Cleartext Storage of Sensitive Information vulnerability in Phicomm K2 Firmware 22.6.534.263

Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.

7.5
2023-01-27 CVE-2022-48073 Phicomm Cleartext Storage of Sensitive Information vulnerability in Phicomm K2 Firmware 22.6.534.263

Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext.

7.5
2023-01-27 CVE-2022-2712 Eclipse Path Traversal vulnerability in Eclipse Glassfish 5.1.0/6.0.0/6.2.5

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'.

7.5
2023-01-26 CVE-2022-47100 Sengled Unspecified vulnerability in Sengled Es21-N1Eaw Firmware 0X0000024

A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame.

7.5
2023-01-26 CVE-2023-0356 Socomec Weak Cryptography for Passwords vulnerability in Socomec NET Vision 7.20

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.

7.5
2023-01-26 CVE-2023-0451 Econolite Improper Access Control vulnerability in Econolite EOS

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files.

7.5
2023-01-26 CVE-2023-22486 Github Resource Exhaustion vulnerability in Github Cmark-Gfm

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

7.5
2023-01-26 CVE-2023-22500 Glpi Project Incorrect Authorization vulnerability in Glpi-Project Glpi

GLPI is a Free Asset and IT Management Software package.

7.5
2023-01-26 CVE-2022-43864 IBM Path Traversal vulnerability in IBM Business Automation Workflow and Business Monitor

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system.

7.5
2023-01-26 CVE-2022-43917 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information.

7.5
2023-01-26 CVE-2022-44018 Softing NULL Pointer Dereference vulnerability in Softing Uatoolkit Embedded 1.31/1.40

In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.

7.5
2023-01-26 CVE-2022-45920 Softing Memory Leak vulnerability in Softing Uatoolkit Embedded 1.31/1.40

In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.

7.5
2023-01-26 CVE-2022-3924 ISC Reachable Assertion vulnerability in ISC Bind

This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete.

7.5
2023-01-26 CVE-2022-42330 XEN Unspecified vulnerability in XEN 4.17.0

Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g.

7.5
2023-01-26 CVE-2020-18329 Carel Improper Preservation of Permissions vulnerability in Carel Pcoweb Card Bios, Pcoweb Card Boot and Pcoweb Card web

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.

7.5
2023-01-26 CVE-2021-28510 Arista Improper Validation of Specified Quantity in Input vulnerability in Arista EOS

For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart.

7.5
2023-01-26 CVE-2022-21192 Serve Lite Project Path Traversal vulnerability in Serve-Lite Project Serve-Lite

All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().

7.5
2023-01-26 CVE-2022-22462 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Verify Governance 10.0.1

IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2023-01-26 CVE-2022-25882 Linuxfoundation Path Traversal vulnerability in Linuxfoundation Onnx

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"

7.5
2023-01-26 CVE-2022-25927 UA Parser JS Project Unspecified vulnerability in Ua-Parser-Js Project Ua-Parser-Js

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

7.5
2023-01-26 CVE-2022-27508 Citrix Resource Exhaustion vulnerability in Citrix Application Delivery Controller and Gateway

Unauthenticated denial of service

7.5
2023-01-26 CVE-2022-31710 Vmware Deserialization of Untrusted Data vulnerability in VMWare Vrealize LOG Insight

vRealize Log Insight contains a deserialization vulnerability.

7.5
2023-01-26 CVE-2022-3094 ISC Use After Free vulnerability in ISC Bind

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory.

7.5
2023-01-26 CVE-2022-3488 ISC Reachable Assertion vulnerability in ISC Bind

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

7.5
2023-01-26 CVE-2022-3736 ISC Unspecified vulnerability in ISC Bind

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

7.5
2023-01-23 CVE-2023-22483 Github Algorithmic Complexity vulnerability in Github Cmark-Gfm

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

7.5
2023-01-23 CVE-2023-22484 Github Algorithmic Complexity vulnerability in Github Cmark-Gfm

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

7.5
2023-01-23 CVE-2022-46639 Correos Path Traversal vulnerability in Correos

A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal.

7.5
2023-01-23 CVE-2023-22960 Lexmark Improper Restriction of Excessive Authentication Attempts vulnerability in Lexmark products

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

7.5
2023-01-23 CVE-2022-38725 Oneidentity Integer Overflow or Wraparound vulnerability in Oneidentity Syslog-Ng and Syslog-Ng Store BOX

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function.

7.5
2023-01-23 CVE-2021-24881 Passster Project Unspecified vulnerability in Passster Project Passter

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.

7.5
2023-01-23 CVE-2021-43444 Onlyoffice Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.

7.5
2023-01-23 CVE-2021-43447 Onlyoffice Missing Authentication for Critical Function vulnerability in Onlyoffice Server 7.0.0.49

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.

7.5
2023-01-23 CVE-2022-4303 Ciphercoin Authentication Bypass by Spoofing vulnerability in Ciphercoin WP Limit Login Attempts

The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.

7.5
2023-01-23 CVE-2022-4746 Wpmanageninja Authentication Bypass by Spoofing vulnerability in Wpmanageninja Fluentauth

The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.

7.5
2023-01-26 CVE-2023-0509 Pyload NG Project
Pyload
Improper Certificate Validation vulnerability in multiple products

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.

7.4
2023-01-26 CVE-2023-23609 Contiki NG Out-of-bounds Write vulnerability in Contiki-Ng

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices.

7.4
2023-01-29 CVE-2022-48285 Jszip Project Path Traversal vulnerability in Jszip Project Jszip

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.

7.3
2023-01-26 CVE-2023-20921 Google Always-Incorrect Control Flow Implementation vulnerability in Google Android

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code.

7.3
2023-01-26 CVE-2022-34405 Dell Unspecified vulnerability in Dell Realtek High Definition Audio Driver

An improper access control vulnerability was identified in the Realtek audio driver.

7.3
2023-01-28 CVE-2023-0560 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0.

7.2
2023-01-27 CVE-2022-48116 Ayacms Project Unspecified vulnerability in Ayacms Project Ayacms 3.1.2

AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.

7.2
2023-01-27 CVE-2021-41143 Openmage Path Traversal vulnerability in Openmage Magento

OpenMage LTS is an e-commerce platform.

7.2
2023-01-27 CVE-2021-41231 Openmage Unrestricted Upload of File with Dangerous Type vulnerability in Openmage Magento

OpenMage LTS is an e-commerce platform.

7.2
2023-01-27 CVE-2021-39217 Openmage Command Injection vulnerability in Openmage Magento

OpenMage LTS is an e-commerce platform.

7.2
2023-01-26 CVE-2022-41020 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41021 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41022 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41023 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41024 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41025 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41026 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41027 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41028 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2022-41029 Siretta Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

7.2
2023-01-26 CVE-2023-0515 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical.

7.2
2023-01-26 CVE-2023-0516 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0.

7.2
2023-01-23 CVE-2022-3425 Sumo Unspecified vulnerability in Sumo Google Analyticator

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

7.2
2023-01-23 CVE-2022-4323 Sumo Unspecified vulnerability in Sumo Google Analyticator

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

7.2
2023-01-26 CVE-2023-0412 Wireshark
Debian
Improper Resource Shutdown or Release vulnerability in multiple products

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

7.1

233 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-27 CVE-2022-47632 Razer Uncontrolled Search Path Element vulnerability in Razer Synapse

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation.

6.8
2023-01-26 CVE-2023-20924 Google Improper Authentication vulnerability in Google Android

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure.

6.8
2023-01-25 CVE-2023-0396 Zephyrproject Out-of-bounds Read vulnerability in Zephyrproject Zephyr

A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.

6.8
2023-01-26 CVE-2022-3432 Lenovo Incorrect Default Permissions vulnerability in Lenovo Ideapad Y700-14Isk Firmware

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

6.7
2023-01-23 CVE-2022-3430 Lenovo Incorrect Default Permissions vulnerability in Lenovo products

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

6.7
2023-01-29 CVE-2023-0569 Publify Project Weak Password Requirements vulnerability in Publify Project Publify

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

6.5
2023-01-28 CVE-2023-22737 Wire Missing Authorization vulnerability in Wire

wire-server provides back end services for Wire, a team communication and collaboration platform.

6.5
2023-01-27 CVE-2023-0556 Contentstudio Unspecified vulnerability in Contentstudio

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5.

6.5
2023-01-27 CVE-2023-22740 Discourse Allocation of Resources Without Limits or Throttling vulnerability in Discourse

Discourse is an open source platform for community discussion.

6.5
2023-01-26 CVE-2022-38088 Siretta Path Traversal vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

6.5
2023-01-26 CVE-2022-41154 Siretta Path Traversal vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

A directory traversal vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

6.5
2023-01-26 CVE-2023-0411 Wireshark Excessive Iteration vulnerability in Wireshark

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

6.5
2023-01-26 CVE-2023-0413 Wireshark Improper Resource Shutdown or Release vulnerability in Wireshark

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

6.5
2023-01-26 CVE-2023-0414 Wireshark Improper Resource Shutdown or Release vulnerability in Wireshark 4.0.0/4.0.1

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

6.5
2023-01-26 CVE-2023-0415 Wireshark Improper Resource Shutdown or Release vulnerability in Wireshark

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

6.5
2023-01-26 CVE-2023-0416 Wireshark Improper Resource Shutdown or Release vulnerability in Wireshark

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

6.5
2023-01-26 CVE-2023-0417 Wireshark Improper Resource Shutdown or Release vulnerability in Wireshark

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

6.5
2023-01-26 CVE-2023-0476 Tenable Injection vulnerability in Tenable Tenable.Sc

A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.

6.5
2023-01-26 CVE-2023-22739 Discourse Allocation of Resources Without Limits or Throttling vulnerability in Discourse

Discourse is an open source platform for community discussion.

6.5
2023-01-26 CVE-2023-23151 Bloofox Unspecified vulnerability in Bloofox Bloofoxcms 0.5.2.1

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.

6.5
2023-01-26 CVE-2023-23610 Glpi Project Incorrect Permission Assignment for Critical Resource vulnerability in Glpi-Project Glpi

GLPI is a Free Asset and IT Management Software package.

6.5
2023-01-26 CVE-2023-23613 Amazon Information Exposure vulnerability in Amazon Opensearch

OpenSearch is an open source distributed and RESTful search engine.

6.5
2023-01-26 CVE-2023-24423 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gerrit Trigger

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

6.5
2023-01-26 CVE-2023-24425 Jenkins Unspecified vulnerability in Jenkins Kubernetes Credentials Provider

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.

6.5
2023-01-26 CVE-2023-24433 Jenkins Missing Authorization vulnerability in Jenkins Orka BY Macstadium

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

6.5
2023-01-26 CVE-2023-24435 Jenkins Missing Authorization vulnerability in Jenkins Github Pull Request Builder

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

6.5
2023-01-26 CVE-2023-24438 Jenkins Missing Authorization vulnerability in Jenkins Jira Pipeline Steps

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

6.5
2023-01-26 CVE-2023-24448 Jenkins Missing Authorization vulnerability in Jenkins Rabbitmq Consumer

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.

6.5
2023-01-26 CVE-2023-24450 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins View-Cloner 1.0/1.1

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

6.5
2023-01-26 CVE-2023-24453 Jenkins Missing Authorization vulnerability in Jenkins Testquality Updater 1.1/1.3

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

6.5
2023-01-26 CVE-2023-24457 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Keycloak Authentication

A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.

6.5
2023-01-26 CVE-2023-24459 Jenkins Missing Authorization vulnerability in Jenkins Bearychat

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

6.5
2023-01-26 CVE-2023-24495 Tenable Server-Side Request Forgery (SSRF) vulnerability in Tenable Tenable.Sc

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data.

6.5
2023-01-26 CVE-2022-40036 Blog SSM Project Unspecified vulnerability in Blog-Ssm Project Blog-Ssm 1.0

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.

6.5
2023-01-26 CVE-2021-36539 Instructure Authorization Bypass Through User-Controlled Key vulnerability in Instructure Canvas Learning Management Service 20200729

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).

6.5
2023-01-26 CVE-2022-27507 Citrix Resource Exhaustion vulnerability in Citrix Application Delivery Controller and Gateway

Authenticated denial of service

6.5
2023-01-26 CVE-2022-3820 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.

6.5
2023-01-24 CVE-2023-21719 Microsoft Incorrect Authorization vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

6.5
2023-01-23 CVE-2022-4443 Brutebank Unspecified vulnerability in Brutebank

The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

6.5
2023-01-23 CVE-2022-4548 Imageseo Cross-Site Request Forgery (CSRF) vulnerability in Imageseo Optimize Images ALT Text (Alt Tag) & Names for SEO Using AI

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

6.5
2023-01-23 CVE-2023-0438 Modoboa Cross-Site Request Forgery (CSRF) vulnerability in Modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

6.5
2023-01-26 CVE-2022-3902 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1.

6.4
2023-01-23 CVE-2022-41505 TP Link Unspecified vulnerability in Tp-Link Tapo C200 V1 Firmware

An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.

6.4
2023-01-28 CVE-2023-23629 Metabase Improper Privilege Management vulnerability in Metabase

Metabase is an open source data analytics platform.

6.3
2023-01-27 CVE-2023-0528 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0.

6.3
2023-01-27 CVE-2023-0529 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0.

6.3
2023-01-26 CVE-2023-0229 Redhat Unspecified vulnerability in Redhat Openshift 4.11/4.12

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.

6.3
2023-01-29 CVE-2009-10003 Wordcraft Project Cross-site Scripting vulnerability in Wordcraft Project Wordcraft

A vulnerability was found in capnsquarepants wordcraft up to 0.6.

6.1
2023-01-29 CVE-2016-15022 Cimage Cross-site Scripting vulnerability in Cimage

A vulnerability was found in mosbth cimage up to 0.7.18.

6.1
2023-01-28 CVE-2023-23627 Sanitize Project Cross-site Scripting vulnerability in Sanitize Project Sanitize

Sanitize is an allowlist-based HTML and CSS sanitizer.

6.1
2023-01-27 CVE-2022-39813 Italtel Cross-site Scripting vulnerability in Italtel Netmatch-S CI 5.2.020211008

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter.

6.1
2023-01-27 CVE-2022-48118 Jorani Cross-site Scripting vulnerability in Jorani 1.0.0

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.

6.1
2023-01-27 CVE-2022-48012 Opencats Cross-site Scripting vulnerability in Opencats 0.9.7

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.

6.1
2023-01-27 CVE-2022-44024 Netscout Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.2

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

6.1
2023-01-27 CVE-2022-44025 Netscout Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.2

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

6.1
2023-01-27 CVE-2022-44026 Netscout Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.2

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

6.1
2023-01-27 CVE-2022-44027 Netscout Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.2

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

6.1
2023-01-27 CVE-2022-44028 Netscout Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.2

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

6.1
2023-01-27 CVE-2022-44029 Netscout Cross-site Scripting vulnerability in Netscout Ngeniusone 6.3.2

An issue was discovered in NetScout nGeniusONE 6.3.2 before P10.

6.1
2023-01-27 CVE-2023-0527 Online Security Guards Hiring System Project Cross-site Scripting vulnerability in Online Security Guards Hiring System Project Online Security Guards Hiring System 1.0

A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic.

6.1
2023-01-26 CVE-2022-46128 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Doctor Appointment Management System 1.0.0

phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.

6.1
2023-01-26 CVE-2022-46624 Online Graduate Tracer System Project Cross-site Scripting vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0.0

A cross-site scripting (XSS) vulnerability in Online Graduate Tracer System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

6.1
2023-01-26 CVE-2022-46957 Online Graduate Tracer System Project Cross-site Scripting vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0.0

Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS).

6.1
2023-01-26 CVE-2022-47052 Netgear Injection vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.1121.0.1/1.1.0.1141.0.1

The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection.

6.1
2023-01-26 CVE-2023-0448 Matbao Cross-site Scripting vulnerability in Matbao WP Helper Premium

The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.

6.1
2023-01-26 CVE-2023-22722 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is a Free Asset and IT Management Software package.

6.1
2023-01-26 CVE-2023-22971 Hughes Cross-site Scripting vulnerability in Hughes products

Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.

6.1
2023-01-26 CVE-2023-23950 Broadcom Cross-site Scripting vulnerability in Broadcom products

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.

6.1
2023-01-26 CVE-2023-23951 Broadcom Cross-site Scripting vulnerability in Broadcom products

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application

6.1
2023-01-26 CVE-2023-24445 Jenkins Open Redirect vulnerability in Jenkins Openid

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

6.1
2023-01-26 CVE-2022-45730 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Doctor Appointment Management System 1.0.0

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.

6.1
2023-01-26 CVE-2020-22327 Hfish Project Cross-site Scripting vulnerability in Hfish Project Hfish 0.5.1

An issue was discovered in HFish 0.5.1.

6.1
2023-01-26 CVE-2022-25847 Serve Lite Project Cross-site Scripting vulnerability in Serve-Lite Project Serve-Lite

All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.

6.1
2023-01-26 CVE-2022-38758 Netiq Cross-site Scripting vulnerability in Netiq Imanager

Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser.

6.1
2023-01-26 CVE-2022-3572 Gitlab Cross-site Scripting vulnerability in Gitlab

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.

6.1
2023-01-23 CVE-2021-43446 Onlyoffice Cross-site Scripting vulnerability in Onlyoffice Server 7.0.0.49

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS).

6.1
2023-01-23 CVE-2022-4307 WP Master Unspecified vulnerability in Wp-Master Pardakht-Delkhah

The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.

6.1
2023-01-23 CVE-2023-24070 Misp Project Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform

app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.

6.1
2023-01-26 CVE-2022-47951 Openstack
Debian
Path Traversal vulnerability in multiple products

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0.

5.7
2023-01-26 CVE-2023-24428 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Oauth

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.

5.7
2023-01-26 CVE-2023-24493 Tenable Improper Input Validation vulnerability in Tenable Tenable.Sc

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.

5.7
2023-01-27 CVE-2022-4285 GNU
Fedoraproject
Redhat
NULL Pointer Dereference vulnerability in multiple products

An illegal memory access flaw was found in the binutils package.

5.5
2023-01-27 CVE-2022-48067 Totolink Use of Hard-coded Credentials vulnerability in Totolink A830R Firmware 4.1.2Cu.5182

An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.

5.5
2023-01-26 CVE-2022-4054 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1.

5.5
2023-01-26 CVE-2023-0394 Linux NULL Pointer Dereference vulnerability in Linux Kernel

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel.

5.5
2023-01-26 CVE-2023-0469 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup.

5.5
2023-01-26 CVE-2023-20908 Google Resource Exhaustion vulnerability in Google Android

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion.

5.5
2023-01-26 CVE-2023-20922 Google Resource Exhaustion vulnerability in Google Android

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion.

5.5
2023-01-26 CVE-2023-20923 Google Unspecified vulnerability in Google Android

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass.

5.5
2023-01-26 CVE-2023-24439 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Jira Pipeline Steps

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

5.5
2023-01-26 CVE-2023-24440 Jenkins Cleartext Transmission of Sensitive Information vulnerability in Jenkins Jira Pipeline Steps

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

5.5
2023-01-26 CVE-2023-24442 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Github Pull Request Coverage Status

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

5.5
2023-01-26 CVE-2023-24454 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Testquality Updater 1.1/1.3

Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

5.5
2023-01-26 CVE-2022-20213 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack.

5.5
2023-01-26 CVE-2022-20215 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack.

5.5
2023-01-26 CVE-2022-20235 Google Out-of-bounds Write vulnerability in Google Android

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem.

5.5
2023-01-26 CVE-2022-20458 Google Information Exposure Through Log Files vulnerability in Google Android 12.1

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build.

5.5
2023-01-26 CVE-2022-20494 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion.

5.5
2023-01-26 CVE-2022-41145 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-41146 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-41153 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42369 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42375 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42376 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42383 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42384 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42385 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42386 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42387 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42388 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42389 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42390 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42391 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42392 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42393 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42397 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42398 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42401 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42404 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42406 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42407 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42408 Tracker Software Use After Free vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42409 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42411 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42412 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42413 Tracker Software Out-of-bounds Read vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-26 CVE-2022-42414 Tracker Software Use After Free vulnerability in Tracker-Software Pdf-Xchange Editor

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor.

5.5
2023-01-23 CVE-2022-4816 Lenovo Unspecified vulnerability in Lenovo Safecenter

A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.

5.5
2023-01-23 CVE-2023-0446 MY Youtube Channel Project Unspecified vulnerability in MY Youtube Channel Project MY Youtube Channel 3.0.12.1

The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping.

5.5
2023-01-23 CVE-2022-48281 Libtiff
Debian
Out-of-bounds Write vulnerability in multiple products

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

5.5
2023-01-29 CVE-2023-24065 Nosh Chartingsystem Project Cross-site Scripting vulnerability in Nosh Chartingsystem Project Nosh Chartingsystem

NOSH 4a5cfdb allows stored XSS via the create user page.

5.4
2023-01-29 CVE-2023-0571 Canteen Management System Project Cross-site Scripting vulnerability in Canteen Management System Project Canteen Management System 1.0

A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic.

5.4
2023-01-27 CVE-2022-23552 Grafana Cross-site Scripting vulnerability in Grafana

Grafana is an open-source platform for monitoring and observability.

5.4
2023-01-27 CVE-2022-43980 Pandorafms Cross-site Scripting vulnerability in Pandorafms Pandora FMS

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality.

5.4
2023-01-27 CVE-2022-46968 Revenue Collection System Project Cross-site Scripting vulnerability in Revenue Collection System Project Revenue Collection System 1.0

A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages.

5.4
2023-01-27 CVE-2023-0555 Thingsforrestaurants Unspecified vulnerability in Thingsforrestaurants Quick Restaurant Menu

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2.

5.4
2023-01-27 CVE-2023-0549 Yetanotherforum Cross-site Scripting vulnerability in Yetanotherforum Yaf.Net

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10.

5.4
2023-01-27 CVE-2022-48007 Piwigo Cross-site Scripting vulnerability in Piwigo 13.4.0

A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.

5.4
2023-01-27 CVE-2022-48010 Limesurvey Cross-site Scripting vulnerability in Limesurvey 5.4.15

LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts.

5.4
2023-01-27 CVE-2022-48013 Opencats Cross-site Scripting vulnerability in Opencats 0.9.7

Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar.

5.4
2023-01-26 CVE-2023-0519 Modoboa Cross-site Scripting vulnerability in Modoboa

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

5.4
2023-01-26 CVE-2023-0470 Modoboa Cross-site Scripting vulnerability in Modoboa

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

5.4
2023-01-26 CVE-2023-0488 Pyload
Pyload NG Project
Cross-site Scripting vulnerability in multiple products

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.

5.4
2023-01-26 CVE-2022-47073 Small CRM Project Cross-site Scripting vulnerability in Small CRM Project Small CRM 3.0

A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.

5.4
2023-01-26 CVE-2023-0513 Dreamer CMS Project Cross-site Scripting vulnerability in Dreamer CMS Project Dreamer CMS

A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic.

5.4
2023-01-26 CVE-2023-22468 Discourse Cross-site Scripting vulnerability in Discourse 0.9.2/2.9.0/3.0.0

Discourse is an open source platform for community discussion.

5.4
2023-01-26 CVE-2023-23611 Openedx Unspecified vulnerability in Openedx Xblock-Lti-Consumer

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools.

5.4
2023-01-26 CVE-2023-23949 Broadcom Cross-site Scripting vulnerability in Broadcom products

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

5.4
2023-01-26 CVE-2023-24494 Tenable Cross-site Scripting vulnerability in Tenable Tenable.Sc

A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.

5.4
2023-01-26 CVE-2021-36686 Ymfe Cross-site Scripting vulnerability in Ymfe Yapi 1.9.1

Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.

5.4
2023-01-24 CVE-2022-4554 Idyazilim Cross-site Scripting vulnerability in Idyazilim B2B Dealer Order System

B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability.

5.4
2023-01-23 CVE-2022-40034 Javaweb Blog Project Cross-site Scripting vulnerability in Javaweb Blog Project Javaweb Blog 1.0

Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.

5.4
2023-01-23 CVE-2023-22721 OI Yandex Maps Project Cross-site Scripting vulnerability in OI Yandex.Maps Project OI Yandex.Maps

Auth.

5.4
2023-01-23 CVE-2023-23687 Youtube Shortcode Project Cross-site Scripting vulnerability in Youtube Shortcode Project Youtube Shortcode 1.8.5

Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.

5.4
2023-01-23 CVE-2021-24837 Passster Project Unspecified vulnerability in Passster Project Passter

The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

5.4
2023-01-23 CVE-2022-4467 Codeamp Unspecified vulnerability in Codeamp Search & Filter

The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

5.4
2023-01-23 CVE-2022-4474 Easysocialfeed Unspecified vulnerability in Easysocialfeed Easy Social Feed

The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

5.4
2023-01-23 CVE-2022-4475 Twinpictures Unspecified vulnerability in Twinpictures Collapse-O-Matic

The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

5.4
2023-01-23 CVE-2022-4485 Page List Project Unspecified vulnerability in Page-List Project Page-List

The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4509 Code Atlantic Unspecified vulnerability in Code-Atlantic Content Control

The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4542 Tipsandtricks HQ Unspecified vulnerability in Tipsandtricks-Hq Compact WP Audio Player

The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4545 Sitemap Project Unspecified vulnerability in Sitemap Project Sitemap

The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4570 TOP 10 Project Unspecified vulnerability in TOP 10 Project TOP 10

The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4576 Easy Bootstrap Shortcode Project Unspecified vulnerability in Easy Bootstrap Shortcode Project Easy Bootstrap Shortcode 4.5.4

The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4624 Gsplugins Unspecified vulnerability in Gsplugins GS Logo Slider

The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4625 Wpbrigade Unspecified vulnerability in Wpbrigade Login Logout Menu

The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4627 Sevenspark Cross-site Scripting vulnerability in Sevenspark Shiftnav

The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4629 Shapedplugin Unspecified vulnerability in Shapedplugin Product Slider for Woocommerce

The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4650 Hasthemes Cross-site Scripting vulnerability in Hasthemes Hashbar

The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4
2023-01-23 CVE-2022-4668 Easy Appointments Project Unspecified vulnerability in Easy Appointments Project Easy Appointments

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4672 Tipsandtricks HQ Unspecified vulnerability in Tipsandtricks-Hq Wordpress Simple Paypal Shopping Cart

The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4673 Blazzdev Unspecified vulnerability in Blazzdev Rate MY Post

The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4
2023-01-23 CVE-2022-4675 Mongoosemarketplace Unspecified vulnerability in Mongoosemarketplace Mongoose Page Plugin

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4
2023-01-23 CVE-2022-4706 Genesis Columns Advanced Project Unspecified vulnerability in Genesis Columns Advanced Project Genesis Columns Advanced

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.

5.4
2023-01-23 CVE-2022-4715 Wpsc Plugin Unspecified vulnerability in Wpsc-Plugin Structured Content

The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4716 Timersys Unspecified vulnerability in Timersys WP Popups

The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4718 Pluginops Unspecified vulnerability in Pluginops Landing Page Builder

The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4751 Back2Nature Unspecified vulnerability in Back2Nature Word Balloon

The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4753 Print O Matic Project Unspecified vulnerability in Print-O-Matic Project Print-O-Matic

The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4758 10Web Unspecified vulnerability in 10Web MAP Builder for Google Maps

The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4760 Onlinestorekit Unspecified vulnerability in Onlinestorekit Oneclick Chat to Order

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4775 Ayecode Unspecified vulnerability in Ayecode Geodirectory

The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-23 CVE-2022-4789 Wpzoom Unspecified vulnerability in Wpzoom Portfolio

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4
2023-01-23 CVE-2022-4790 Auto Publish FOR Google MY Business Project Unspecified vulnerability in Auto Publish for Google MY Business Project Auto Publish for Google MY Business

The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4
2023-01-23 CVE-2022-4832 Agilelogix Unspecified vulnerability in Agilelogix Store Locator

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-29 CVE-2021-46873 Wireguard Unspecified vulnerability in Wireguard 0.5.3

WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used.

5.3
2023-01-29 CVE-2023-0572 Froxlor Improper Check for Unusual or Exceptional Conditions vulnerability in Froxlor

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.

5.3
2023-01-28 CVE-2023-23620 Discourse Information Exposure vulnerability in Discourse

Discourse is an open-source discussion platform.

5.3
2023-01-28 CVE-2023-23624 Discourse Information Exposure vulnerability in Discourse

Discourse is an open-source discussion platform.

5.3
2023-01-27 CVE-2022-4201 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

5.3
2023-01-27 CVE-2022-4255 Gitlab Unspecified vulnerability in Gitlab

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

5.3
2023-01-27 CVE-2023-0557 Contentstudio Unspecified vulnerability in Contentstudio

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5.

5.3
2023-01-27 CVE-2022-39380 Wire Improper Handling of Exceptional Conditions vulnerability in Wire Wire-Webapp

Wire web-app is part of Wire communications.

5.3
2023-01-26 CVE-2023-0452 Econolite Reversible One-Way Hash vulnerability in Econolite EOS

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials.

5.3
2023-01-26 CVE-2022-26329 Netiq Exposure of Resource to Wrong Sphere vulnerability in Netiq Identity Manager

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem.

5.3
2023-01-26 CVE-2022-31711 Vmware Unspecified vulnerability in VMWare Vrealize LOG Insight

VMware vRealize Log Insight contains an Information Disclosure Vulnerability.

5.3
2023-01-26 CVE-2022-3482 Gitlab Missing Authorization vulnerability in Gitlab

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only

5.3
2023-01-24 CVE-2023-22485 Github XML Injection (aka Blind XPath Injection) vulnerability in Github Cmark-Gfm

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

5.3
2023-01-23 CVE-2021-43448 Onlyoffice Improper Input Validation vulnerability in Onlyoffice Server 7.0.0.49

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation.

5.3
2023-01-23 CVE-2022-4346 Updraftplus Unspecified vulnerability in Updraftplus All-In-One Security

The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.

5.3
2023-01-23 CVE-2023-0440 Healthchecks Information Exposure Through Discrepancy vulnerability in Healthchecks

Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6.

5.3
2023-01-27 CVE-2023-24060 Havenweb Server-Side Request Forgery (SSRF) vulnerability in Havenweb Haven 5D15944

Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality.

5.0
2023-01-29 CVE-2023-0565 Froxlor Business Logic Errors vulnerability in Froxlor

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.

4.9
2023-01-26 CVE-2022-3740 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.

4.9
2023-01-29 CVE-2023-0566 Froxlor Cross-site Scripting vulnerability in Froxlor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.

4.8
2023-01-28 CVE-2023-0563 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Bank Locker Management System 1.0

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0.

4.8
2023-01-27 CVE-2023-0553 Thingsforrestaurants Cross-site Scripting vulnerability in Thingsforrestaurants Quick Restaurant Menu

The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping.

4.8
2023-01-26 CVE-2023-22724 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is a Free Asset and IT Management Software package.

4.8
2023-01-26 CVE-2023-22725 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is a Free Asset and IT Management Software package.

4.8
2023-01-26 CVE-2022-41941 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is a Free Asset and IT Management Software package.

4.8
2023-01-23 CVE-2022-3811 EU Cookie LAW Project Unspecified vulnerability in EU Cookie LAW Project EU Cookie LAW

The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-01-27 CVE-2023-0531 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0.

4.7
2023-01-27 CVE-2023-0532 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0.

4.7
2023-01-27 CVE-2023-0533 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0.

4.7
2023-01-27 CVE-2023-0534 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0.

4.7
2023-01-26 CVE-2023-0468 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs.

4.7
2023-01-26 CVE-2022-20214 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack.

4.7
2023-01-28 CVE-2023-23616 Discourse Resource Exhaustion vulnerability in Discourse

Discourse is an open-source discussion platform.

4.3
2023-01-27 CVE-2023-0550 Thingsforrestaurants Unspecified vulnerability in Thingsforrestaurants Quick Restaurant Menu

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2.

4.3
2023-01-27 CVE-2023-0554 Thingsforrestaurants Unspecified vulnerability in Thingsforrestaurants Quick Restaurant Menu

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2.

4.3
2023-01-27 CVE-2022-4335 Gitlab Server-Side Request Forgery (SSRF) vulnerability in Gitlab

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

4.3
2023-01-27 CVE-2021-21395 Openmage Cross-Site Request Forgery (CSRF) vulnerability in Openmage Magento

Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases.

4.3
2023-01-26 CVE-2023-23608 Spotipy Project Path Traversal vulnerability in Spotipy Project Spotipy

Spotipy is a light weight Python library for the Spotify Web API.

4.3
2023-01-26 CVE-2023-24431 Jenkins Missing Authorization vulnerability in Jenkins Orka BY Macstadium

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2023-01-26 CVE-2023-24436 Jenkins Missing Authorization vulnerability in Jenkins Github Pull Request Builder

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2023-01-26 CVE-2023-24449 Jenkins Path Traversal vulnerability in Jenkins Pwauth Security Realm

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

4.3
2023-01-26 CVE-2023-24451 Jenkins Missing Authorization vulnerability in Jenkins Cisco Spark

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2023-01-26 CVE-2023-24455 Jenkins Path Traversal vulnerability in Jenkins Visual Expert 1.0/1.3

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

4.3
2023-01-26 CVE-2022-3478 Gitlab Unrestricted Upload of File with Dangerous Type vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1.

4.3
2023-01-23 CVE-2023-22630 Izybat SQL Injection vulnerability in Izybat Orange Casiers

IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI.

4.3
2023-01-23 CVE-2023-0447 MY Youtube Channel Project Unspecified vulnerability in MY Youtube Channel Project MY Youtube Channel 3.0.12.1

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1.

4.3
2023-01-23 CVE-2022-46959 Sonic Project Path Traversal vulnerability in Sonic Project Sonic 1.0.4

An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.

4.3
2023-01-28 CVE-2023-23628 Metabase Information Exposure vulnerability in Metabase

Metabase is an open source data analytics platform.

4.1

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-27 CVE-2022-43978 Pandorafms Use of Hard-coded Credentials vulnerability in Pandorafms Pandora FMS

There is an improper authentication vulnerability in Pandora FMS v764.

3.7
2023-01-27 CVE-2022-39324 Grafana Cross-site Scripting vulnerability in Grafana

Grafana is an open-source platform for monitoring and observability.

3.5
2023-01-27 CVE-2022-44718 Netscout Open Redirect vulnerability in Netscout Ngeniusone 6.3.2

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904.

3.5
2023-01-26 CVE-2023-0463 Devolutions Unspecified vulnerability in Devolutions Remote Desktop Manager 2022.3.29/2022.3.30

The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.

3.3
2023-01-23 CVE-2023-24069 Signal Unspecified vulnerability in Signal Signal-Desktop

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory.

3.3
2023-01-27 CVE-2022-44717 Netscout Open Redirect vulnerability in Netscout Ngeniusone 6.3.2

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904.

3.1