Weekly Vulnerabilities Reports > January 30 to February 5, 2023

A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0.

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.

Grafana is an open-source platform for monitoring and observability.

Symfony is a PHP framework for web and console applications and a set of reusable PHP components.

Symfony is a PHP framework for web and console applications and a set of reusable PHP components.

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.

Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.

Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.

Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions.

Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.

Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.

Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter.

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.

PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1.

A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module.

In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow.

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow.

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01.

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog.

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature.

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability.

Dell BIOS contains a Stack based buffer overflow vulnerability.

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability.

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally.

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability.

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters.

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3.

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.

A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.

AMI Megarac Password reset interception via API

Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app.

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.

VMware Workstation contains an arbitrary file deletion vulnerability.

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices.

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0.

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur.

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.

Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module.

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server.

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network.

Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.

Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.

Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.

Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.

All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks.

All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.

An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file.

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer.

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection.

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api.

HP has identified a potential vulnerability in BIOS firmware of some Workstation products.

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution.

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution.

Potential security vulnerabilities have been identified in HP Support Assistant.

Potential security vulnerabilities have been identified in HP Support Assistant.

Potential security vulnerabilities have been identified in HP Support Assistant.

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

HPSFViewer might allow Escalation of Privilege.

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability.

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password.

All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.

Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.

Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint.

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component.

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory.

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database.

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application.

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution.

Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.

Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.

Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized.

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device.

Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.

There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity.

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user.

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

A vulnerability was found in Segmentio is-url up to 1.2.2.

CKAN is an open-source DMS (data management system) for powering data hubs and data portals.

NVS365 V01 is vulnerable to Incorrect Access Control.

In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS).

SwagPayPal is a PayPal integration for shopware/platform.

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag.

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php.

Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.

Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.

Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.

An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.

An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.

An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.

Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application's listening port.

SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.

Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.

A vulnerability was found in BDCOM 1704-WGL 2.0.6314.

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.

Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.

A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2.

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component.

A vulnerability classified as critical was found in dst-admin 1.5.0.

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0.

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0.

A vulnerability has been found in dst-admin 1.5.0 and classified as critical.

Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login.

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3.

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3.

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing.

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate.

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization.

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate.

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.

A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0.

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01.

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0.

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical.

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure.

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214  to solve it.

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability.

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol.

Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop.

Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal.

Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php.

BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed.

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control.

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port.

Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function.

This affects versions of the package http-cache-semantics before 4.1.1.

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site.

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software.

A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5.

Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.

Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.

An exploitable firmware modification vulnerability was discovered in certain Netgear products.

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.

Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.

An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.

The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

Dell BIOS contains a heap buffer overflow vulnerability.

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Dell BIOS contains a Time-of-check Time-of-use vulnerability.

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability.

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability.

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1.

Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.

Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API.

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling.

Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.

A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0.

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets.

An issue was discovered in dotCMS core 4.x through 22.10.2.

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8.

IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.

lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.

Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue.

A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter.

On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF).

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses.

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.

SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command.

Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series.

An issue was discovered in Joomla! 4.0.0 through 4.2.6.

A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki.

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.

Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31.

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1.

Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.

A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic.

kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.

Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy.

Connectwise Automate 2022.11 is vulnerable to Clickjacking.

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS).

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability.

Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.

Eta is an embedded JS templating engine that works inside Node, Deno, and the browser.

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router.

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS).

Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.

Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.

A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.

The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks.

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks.

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate.

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication.

Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.

Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.

A flaw was found in pesign.

A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645.

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool.

Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component.

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component.

Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().

ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path.

A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor.

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor.

Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier.

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e.

WEPA Print Away is vulnerable to a stored XSS.

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes.

Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.

Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.

Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.

Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.

Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings.

Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings.

Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings.

Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings.

Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings.

Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings.

Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings.

Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS.

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS.

DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.

A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic.

All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie.

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.

Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.

The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.

The Widgets for Google Reviews WordPress plugin before 9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.

The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS).

Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.

Discourse is an open source discussion platform.

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup.

An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.

In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file.

Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates.

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS.

A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6.

AMI Megarac Weak password hashes for Redfish & API

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3.

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.

Dell BIOS contains an improper input validation vulnerability.

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges.

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information.

lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.  Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request.

Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session.

Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking.

A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications.

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.

An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API.

An issue was discovered in Joomla! 4.0.0 through 4.2.4.

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.

The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users.

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system.