Weekly Vulnerabilities Reports > February 13 to 19, 2023
Overview
694 new vulnerabilities reported during this period, including 79 critical vulnerabilities and 350 high severity vulnerabilities. This weekly summary report vulnerabilities in 1378 products from 248 vendors including Microsoft, Intel, Siemens, Fortinet, and Adobe. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "SQL Injection", and "Path Traversal".
- 432 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 190 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 365 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 78 reported vulnerabilities.
- Totolink has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
79 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-02-15 | CVE-2023-25765 | Jenkins | Unspecified vulnerability in Jenkins Email Extension In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 |
2023-02-19 | CVE-2014-125087 | Java Xmlbuilder Project | XXE vulnerability in Java-Xmlbuilder Project Java-Xmlbuilder A vulnerability was found in java-xmlbuilder up to 1.1. | 9.8 |
2023-02-19 | CVE-2023-0917 | Simple Customer Relationship Management System Project | SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. | 9.8 |
2023-02-19 | CVE-2023-0918 | Pharmacy Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0 A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. | 9.8 |
2023-02-18 | CVE-2023-0910 | Online Pizza Ordering System Project | SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. | 9.8 |
2023-02-18 | CVE-2023-0906 | Online Pizza Ordering System Project | Missing Authentication for Critical Function vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. | 9.8 |
2023-02-17 | CVE-2021-26277 | Vivo | Unspecified vulnerability in Vivo Frame Service The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | 9.8 |
2023-02-17 | CVE-2022-40021 | Qvidium | Command Injection vulnerability in Qvidium Amino A140 Firmware QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability. | 9.8 |
2023-02-17 | CVE-2023-23064 | Totolink | Incorrect Authorization vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610 TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. | 9.8 |
2023-02-17 | CVE-2023-23279 | Canteen Management System Project | SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0 Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. | 9.8 |
2023-02-17 | CVE-2021-32163 | Linuxfoundation | Incorrect Authorization vulnerability in Linuxfoundation Modular Open Smart Network Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. | 9.8 |
2023-02-17 | CVE-2021-33226 | Saltstack | Classic Buffer Overflow vulnerability in Saltstack Salt Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. | 9.8 |
2023-02-17 | CVE-2021-33391 | Htacg | Use After Free vulnerability in Htacg Tidy 5.7.28 An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. | 9.8 |
2023-02-17 | CVE-2021-33948 | Hotels Server Project | SQL Injection vulnerability in Hotels Server Project Hotels Server 1.0 SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter. | 9.8 |
2023-02-17 | CVE-2021-33949 | WMS Project | Unspecified vulnerability in WMS Project WMS 1.1 An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function. | 9.8 |
2023-02-17 | CVE-2021-34182 | Ttyd Project | Incorrect Default Permissions vulnerability in Ttyd Project Ttyd 1.6.3 An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | 9.8 |
2023-02-17 | CVE-2021-35261 | Bearadmin Project | Unrestricted Upload of File with Dangerous Type vulnerability in Bearadmin Project Bearadmin File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint. | 9.8 |
2023-02-17 | CVE-2022-47986 | IBM | Deserialization of Untrusted Data vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. | 9.8 |
2023-02-17 | CVE-2020-29168 | Online Doctor Appointment Booking System PHP AND Mysql Project | SQL Injection vulnerability in Online Doctor Appointment Booking System PHP and Mysql Project Online Doctor Appointment Booking System PHP and Mysql 1.0 SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. | 9.8 |
2023-02-17 | CVE-2022-40032 | Simple Task Managing System Project | SQL Injection vulnerability in Simple Task Managing System Project Simple Task Managing System 1.0 SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | 9.8 |
2023-02-17 | CVE-2022-40347 | Intern Record System Project | SQL Injection vulnerability in Intern Record System Project Intern Record System 1.0 SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | 9.8 |
2023-02-17 | CVE-2023-0883 | Online Pizza Ordering System Project | SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. | 9.8 |
2023-02-17 | CVE-2023-24219 | Luckyframe | SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5 LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | 9.8 |
2023-02-17 | CVE-2023-24220 | Luckyframe | SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5 LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | 9.8 |
2023-02-17 | CVE-2023-24221 | Luckyframe | SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5 LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | 9.8 |
2023-02-16 | CVE-2021-43529 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Thunderbird Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. | 9.8 |
2023-02-16 | CVE-2022-29514 | Intel | Unspecified vulnerability in Intel System Usage Report Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2023-02-16 | CVE-2022-33964 | Intel | Improper Input Validation vulnerability in Intel System Usage Report Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2023-02-16 | CVE-2022-25987 | Intel | Unspecified vulnerability in Intel C++ Compiler Classic Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2023-02-16 | CVE-2022-26843 | Intel | Unspecified vulnerability in Intel Oneapi Dpc++/C++ Compiler Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2023-02-16 | CVE-2021-42756 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. | 9.8 |
2023-02-16 | CVE-2021-42761 | Fortinet | Session Fixation vulnerability in Fortinet Fortiweb A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. | 9.8 |
2023-02-16 | CVE-2022-38375 | Fortinet | Unspecified vulnerability in Fortinet Fortinac and Fortinac-F An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. | 9.8 |
2023-02-16 | CVE-2022-39952 | Fortinet | Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortinac A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request. | 9.8 |
2023-02-16 | CVE-2023-22578 | Sequelizejs | Unspecified vulnerability in Sequelizejs Sequelize Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. | 9.8 |
2023-02-16 | CVE-2023-24236 | Totolink | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | 9.8 |
2023-02-16 | CVE-2023-24238 | Totolink | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | 9.8 |
2023-02-15 | CVE-2020-21119 | Kliqqi | SQL Injection vulnerability in Kliqqi CMS 2.0.2 SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code. | 9.8 |
2023-02-15 | CVE-2020-21120 | Uqcms | SQL Injection vulnerability in Uqcms 2.1.3 SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num. | 9.8 |
2023-02-15 | CVE-2021-33304 | Altran | Double Free vulnerability in Altran Picotcp and Picotcp-Ng Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code. | 9.8 |
2023-02-15 | CVE-2021-33925 | CMS Corephp Project | SQL Injection vulnerability in Cms-Corephp Project Cms-Corephp SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. | 9.8 |
2023-02-15 | CVE-2023-0849 | Netgear | Command Injection vulnerability in Netgear Wndr3700 Firmware 1.0.1.14 A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. | 9.8 |
2023-02-15 | CVE-2023-22855 | Kardex | Code Injection vulnerability in Kardex Control Center 5.7.12+0A203C2A213Master Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. | 9.8 |
2023-02-15 | CVE-2023-23459 | Priority Software | SQL Injection vulnerability in Priority-Software Priority 22.0 Priority Windows may allow Command Execution via SQL Injection using an unspecified method. | 9.8 |
2023-02-15 | CVE-2023-23460 | Priority Software | Improper Authentication vulnerability in Priority-Software Priority 19.1.0.68 Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. | 9.8 |
2023-02-15 | CVE-2023-23461 | Libpeconv Project | Unspecified vulnerability in Libpeconv Project Libpeconv Libpeconv – access violation, before commit b076013 (30/11/2022). | 9.8 |
2023-02-15 | CVE-2023-23462 | Libpeconv Project | Integer Overflow or Wraparound vulnerability in Libpeconv Project Libpeconv Libpeconv – integer overflow, before commit 75b1565 (30/11/2022). | 9.8 |
2023-02-15 | CVE-2023-22804 | LS Electric | Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. | 9.8 |
2023-02-15 | CVE-2023-22807 | LS Electric | Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. | 9.8 |
2023-02-15 | CVE-2022-46892 | Amperecomputing | Unspecified vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. | 9.8 |
2023-02-15 | CVE-2023-25156 | Kiwitcms | Improper Restriction of Excessive Authentication Attempts vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. | 9.8 |
2023-02-14 | CVE-2023-21689 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
2023-02-14 | CVE-2023-21690 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
2023-02-14 | CVE-2023-21692 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
2023-02-14 | CVE-2023-21716 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Word Remote Code Execution Vulnerability | 9.8 |
2023-02-14 | CVE-2023-21803 | Microsoft | Unspecified vulnerability in Microsoft products Windows iSCSI Discovery Service Remote Code Execution Vulnerability | 9.8 |
2023-02-14 | CVE-2023-24159 | Totolink | Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | 9.8 |
2023-02-14 | CVE-2023-24160 | Totolink | Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | 9.8 |
2023-02-14 | CVE-2023-24161 | Totolink | Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | 9.8 |
2023-02-14 | CVE-2023-24482 | Siemens | Classic Buffer Overflow vulnerability in Siemens Comos A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). | 9.8 |
2023-02-13 | CVE-2022-47034 | Playsms | Incorrect Comparison vulnerability in Playsms A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. | 9.8 |
2023-02-13 | CVE-2023-24084 | Chikoi Project | SQL Injection vulnerability in Chikoi Project Chikoi 1.0 ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. | 9.8 |
2023-02-13 | CVE-2023-24646 | Online Food Ordering System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0 An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
2023-02-13 | CVE-2023-25717 | Ruckuswireless | Code Injection vulnerability in Ruckuswireless Ruckus Wireless Admin, Smartzone and Smartzone AP Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | 9.8 |
2023-02-13 | CVE-2023-25718 | Connectwise | Improper Verification of Cryptographic Signature vulnerability in Connectwise Control 19.3.25270.7185 In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. | 9.8 |
2023-02-13 | CVE-2023-23551 | Controlbyweb | Code Injection vulnerability in Controlbyweb X-600M Firmware Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. | 9.8 |
2023-02-13 | CVE-2022-3089 | Echelon | Cleartext Storage of Sensitive Information vulnerability in Echelon I.Lon Vision 2.2 Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. | 9.8 |
2023-02-13 | CVE-2022-40022 | Microchip | Command Injection vulnerability in Microchip Syncserver S650 Firmware Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | 9.8 |
2023-02-13 | CVE-2022-4445 | Fl3R Feelbox Project | Unspecified vulnerability in Fl3R Feelbox Project Fl3R Feelbox The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 9.8 |
2023-02-13 | CVE-2022-48322 | Netgear | Out-of-bounds Write vulnerability in Netgear products NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. | 9.8 |
2023-02-13 | CVE-2022-48323 | Sunlogin | Path Traversal vulnerability in Sunlogin Sunflower 1.0.1.43315 Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. | 9.8 |
2023-02-15 | CVE-2020-19825 | Kimai | Cross-site Scripting vulnerability in Kimai 1.30.0 Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges. | 9.6 |
2023-02-16 | CVE-2022-39954 | Fortinet | XXE vulnerability in Fortinet Fortinac and Fortinac-F An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. | 9.1 |
2023-02-16 | CVE-2022-3843 | Wago | Hidden Functionality vulnerability in Wago 852-111/000-001 Firmware 01 In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | 9.1 |
2023-02-16 | CVE-2022-43969 | Ricoh | Unspecified vulnerability in Ricoh products Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. | 9.1 |
2023-02-15 | CVE-2023-0102 | LS Electric | Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. | 9.1 |
2023-02-14 | CVE-2023-25725 | Haproxy Debian | HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. | 9.1 |
2023-02-14 | CVE-2023-24530 | SAP | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. | 9.1 |
2023-02-13 | CVE-2023-24188 | Ureport Project | Path Traversal vulnerability in Ureport Project Ureport 2.2.9 ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | 9.1 |
350 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-02-19 | CVE-2023-0915 | Auto Dealer Management System Project | SQL Injection vulnerability in Auto Dealer Management System Project Auto Dealer Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. | 8.8 |
2023-02-19 | CVE-2023-0916 | Auto Dealer Management System Project | Unspecified vulnerability in Auto Dealer Management System Project Auto Dealer Management System 1.0 A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. | 8.8 |
2023-02-18 | CVE-2023-0912 | Auto Dealer Management System Project | SQL Injection vulnerability in Auto Dealer Management System Project Auto Dealer Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. | 8.8 |
2023-02-18 | CVE-2023-0913 | Auto Dealer Management System Project | SQL Injection vulnerability in Auto Dealer Management System Project Auto Dealer Management System 1.0 A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. | 8.8 |
2023-02-18 | CVE-2023-0903 | Employee Task Management System Project | SQL Injection vulnerability in Employee Task Management System Project Employee Task Management System 1.0 A vulnerability was found in SourceCodester Employee Task Management System 1.0. | 8.8 |
2023-02-18 | CVE-2023-0904 | Employee Task Management System Project | SQL Injection vulnerability in Employee Task Management System Project Employee Task Management System 1.0 A vulnerability was found in SourceCodester Employee Task Management System 1.0. | 8.8 |
2023-02-17 | CVE-2022-40231 | IBM | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. | 8.8 |
2023-02-17 | CVE-2021-33926 | Plone | Server-Side Request Forgery (SSRF) vulnerability in Plone An issue in Plone CMS v. | 8.8 |
2023-02-17 | CVE-2021-34164 | Lizhifaka Project | Incorrect Default Permissions vulnerability in Lizhifaka Project Lizhifaka 2.2.0 Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | 8.8 |
2023-02-17 | CVE-2022-40232 | IBM | Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. | 8.8 |
2023-02-17 | CVE-2023-0822 | Deltaww | Files or Directories Accessible to External Parties vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | 8.8 |
2023-02-17 | CVE-2022-45701 | Commscope | Unspecified vulnerability in Commscope products Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. | 8.8 |
2023-02-17 | CVE-2023-0882 | Krontech | Authorization Bypass Through User-Controlled Key vulnerability in Krontech Single Connect 2.16 Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. | 8.8 |
2023-02-17 | CVE-2023-24078 | Realtimelogic | Code Injection vulnerability in Realtimelogic Fuguhub Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/. | 8.8 |
2023-02-17 | CVE-2023-0877 | Froxlor | Code Injection vulnerability in Froxlor Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. | 8.8 |
2023-02-16 | CVE-2022-30303 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiweb An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests. | 8.8 |
2023-02-16 | CVE-2022-30306 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password. | 8.8 |
2023-02-16 | CVE-2022-33869 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiwan An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 8.8 |
2023-02-16 | CVE-2022-40677 | Fortinet | Argument Injection or Modification vulnerability in Fortinet Fortinac A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters. | 8.8 |
2023-02-16 | CVE-2023-23779 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiweb Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | 8.8 |
2023-02-16 | CVE-2023-23780 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests. | 8.8 |
2023-02-16 | CVE-2023-23781 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. | 8.8 |
2023-02-16 | CVE-2023-22579 | Sequelizejs | Type Confusion vulnerability in Sequelizejs Sequelize 7.0.0 Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | 8.8 |
2023-02-16 | CVE-2023-0862 | Netmodule | Path Traversal vulnerability in Netmodule Router Software The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. | 8.8 |
2023-02-16 | CVE-2023-0861 | Netmodule | OS Command Injection vulnerability in Netmodule Router Software NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | 8.8 |
2023-02-15 | CVE-2022-38867 | Rttys Project | SQL Injection vulnerability in Rttys Project Rttys SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code. | 8.8 |
2023-02-15 | CVE-2022-38935 | Niter | Unspecified vulnerability in Niter Niterforum 2.5.0 An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges. | 8.8 |
2023-02-15 | CVE-2023-23465 | Mediacp | Cross-Site Request Forgery (CSRF) vulnerability in Mediacp Media Control Panel 2.13.1 Media CP Media Control Panel latest version. | 8.8 |
2023-02-15 | CVE-2023-0841 | Gpac | Out-of-bounds Write vulnerability in Gpac 2.3Devrev40G3602A5Ded A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. | 8.8 |
2023-02-15 | CVE-2023-25767 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure Credentials A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | 8.8 |
2023-02-15 | CVE-2022-42735 | Apache | Improper Privilege Management vulnerability in Apache Shenyu 2.5.0 Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 . | 8.8 |
2023-02-15 | CVE-2022-29557 | Relx | Cross-Site Request Forgery (CSRF) vulnerability in Relx Firco Compliance Link 3.7 LexisNexis Firco Compliance Link 3.7 allows CSRF. | 8.8 |
2023-02-14 | CVE-2023-21529 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21684 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21685 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21686 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21695 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21705 | Microsoft | Unspecified vulnerability in Microsoft SQL Server Microsoft SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21706 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21707 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21713 | Microsoft | Unspecified vulnerability in Microsoft SQL Server Microsoft SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21717 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SharePoint Server Elevation of Privilege Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21797 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21798 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-21799 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-02-14 | CVE-2023-22629 | Southrivertech | Path Traversal vulnerability in Southrivertech Titan FTP Server An issue was discovered in TitanFTP through 1.94.1205. | 8.8 |
2023-02-14 | CVE-2023-22935 | Splunk | Command Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. | 8.8 |
2023-02-14 | CVE-2023-22939 | Splunk | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. | 8.8 |
2023-02-14 | CVE-2023-0830 | Easynas | OS Command Injection vulnerability in Easynas 1.1.0 A vulnerability classified as critical has been found in EasyNAS 1.1.0. | 8.8 |
2023-02-14 | CVE-2023-25149 | Timescale | Improper Privilege Management vulnerability in Timescale Timescaledb TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. | 8.8 |
2023-02-14 | CVE-2022-46862 | Expresstech | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions. | 8.8 |
2023-02-14 | CVE-2023-24377 | Lightspeedhq | Cross-Site Request Forgery (CSRF) vulnerability in Lightspeedhq Ecwid Ecommerce Shopping Cart Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. | 8.8 |
2023-02-14 | CVE-2023-24382 | Material Design Icons FOR Page Builders Project | Cross-Site Request Forgery (CSRF) vulnerability in Material Design Icons for Page Builders Project Material Design Icons for Page Builders Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions. | 8.8 |
2023-02-14 | CVE-2023-25065 | Shapedplugin | Cross-Site Request Forgery (CSRF) vulnerability in Shapedplugin WP Tabs Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. | 8.8 |
2023-02-14 | CVE-2022-43469 | Orchestrated | Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (Covid-19) Banner & Live Data Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions. | 8.8 |
2023-02-14 | CVE-2023-25066 | Foliovision | Cross-Site Request Forgery (CSRF) vulnerability in Foliovision FV Flowplayer Video Player Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. | 8.8 |
2023-02-14 | CVE-2023-24523 | SAP | Exposure of Resource to Wrong Sphere vulnerability in SAP Host Agent 7.21/7.22 An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable. | 8.8 |
2023-02-14 | CVE-2023-22375 | Planex | Cross-Site Request Forgery (CSRF) vulnerability in Planex Cs-Wmv02G Firmware Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. | 8.8 |
2023-02-13 | CVE-2023-25240 | Pimcore | Unspecified vulnerability in Pimcore 10.5.15 An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. | 8.8 |
2023-02-13 | CVE-2023-25719 | Connectwise | Injection vulnerability in Connectwise Control 19.3.25270.7185 ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. | 8.8 |
2023-02-13 | CVE-2022-41134 | Optinly | Cross-Site Request Forgery (CSRF) vulnerability in Optinly Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions. | 8.8 |
2023-02-13 | CVE-2023-0080 | Cusrev | Unspecified vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. | 8.8 |
2023-02-13 | CVE-2023-0098 | Getlasso | Unspecified vulnerability in Getlasso Simple Urls The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber. | 8.8 |
2023-02-13 | CVE-2023-0220 | Pinpoint | Unspecified vulnerability in Pinpoint Booking System The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. | 8.8 |
2023-02-13 | CVE-2023-0255 | Shortpixel | Unrestricted Upload of File with Dangerous Type vulnerability in Shortpixel Enable Media Replace The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. | 8.8 |
2023-02-13 | CVE-2023-0259 | Ljapps | Unspecified vulnerability in Ljapps WP Google Review Slider The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | 8.8 |
2023-02-13 | CVE-2023-0260 | Ljapps | Unspecified vulnerability in Ljapps WP Review Slider The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | 8.8 |
2023-02-13 | CVE-2023-0261 | Ljapps | Unspecified vulnerability in Ljapps WP Tripadvisor Review Slider The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | 8.8 |
2023-02-13 | CVE-2023-0262 | Ljapps | Unspecified vulnerability in Ljapps WP Airbnb Review Slider The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | 8.8 |
2023-02-13 | CVE-2023-0263 | Ljapps | Unspecified vulnerability in Ljapps WP Yelp Review Slider The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | 8.8 |
2023-02-13 | CVE-2022-45725 | Comfast | Improper Input Validation vulnerability in Comfast Cf-Wr610N Firmware 2.3.1 Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request | 8.8 |
2023-02-14 | CVE-2023-21777 | Microsoft | Improper Privilege Management vulnerability in Microsoft Azure APP Service on Azure Stack Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability | 8.7 |
2023-02-16 | CVE-2023-23947 | Argoproj | Incorrect Authorization vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 8.5 |
2023-02-14 | CVE-2023-23374 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.3 |
2023-02-17 | CVE-2023-23923 | Moodle | Unspecified vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. | 8.2 |
2023-02-16 | CVE-2021-0187 | Intel | Unspecified vulnerability in Intel products Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 8.2 |
2023-02-14 | CVE-2023-21806 | Microsoft | Unspecified vulnerability in Microsoft Power BI Report Server 15.0.1103.234/15.0.1104.300/15.0.1107.165 Power BI Report Server Spoofing Vulnerability | 8.2 |
2023-02-14 | CVE-2023-25564 | GSS Ntlmssp Project | Out-of-bounds Write vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. | 8.2 |
2023-02-17 | CVE-2021-3172 | PHP Fusion | Unspecified vulnerability in PHP-Fusion 9.03.90 An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | 8.1 |
2023-02-16 | CVE-2022-41335 | Fortinet | Path Traversal vulnerability in Fortinet Fortios, Fortiproxy and Fortiswitchmanager A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. | 8.1 |
2023-02-16 | CVE-2023-23926 | Neo4J | XXE vulnerability in Neo4J Awesome Procedures on Cyper APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. | 8.1 |
2023-02-16 | CVE-2023-0568 | PHP | Allocation of Resources Without Limits or Throttling vulnerability in PHP In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. | 8.1 |
2023-02-13 | CVE-2022-4138 | Gitlab | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. | 8.1 |
2023-02-14 | CVE-2023-21778 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | 8.0 |
2023-02-14 | CVE-2023-22934 | Splunk | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. | 8.0 |
2023-02-18 | CVE-2023-0908 | Xoslab | Improper Resource Shutdown or Release vulnerability in Xoslab Easy File Locker 2.2.0.184 A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. | 7.8 |
2023-02-17 | CVE-2021-32845 | Mobyproject | Unchecked Return Value vulnerability in Mobyproject Hyperkit HyperKit is a toolkit for embedding hypervisor capabilities in an application. | 7.8 |
2023-02-17 | CVE-2021-32846 | Mobyproject | Improper Check for Unusual or Exceptional Conditions vulnerability in Mobyproject Hyperkit HyperKit is a toolkit for embedding hypervisor capabilities in an application. | 7.8 |
2023-02-17 | CVE-2023-21574 | Adobe | Improper Input Validation vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-21575 | Adobe | Out-of-bounds Write vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-21576 | Adobe | Out-of-bounds Write vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-21619 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-21621 | Adobe | Improper Input Validation vulnerability in Adobe Framemaker FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-21622 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22226 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge 12.0.1 Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22227 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge 12.0.1 Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22228 | Adobe | Improper Input Validation vulnerability in Adobe Bridge 12.0.1 Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22229 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge 12.0.1 Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22230 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge 12.0.1 Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22234 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere Rush Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22236 | Adobe | Out-of-bounds Write vulnerability in Adobe Animate Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22237 | Adobe | Out-of-bounds Write vulnerability in Adobe After Effects 22.1.1/22.2.1 After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22238 | Adobe | Out-of-bounds Write vulnerability in Adobe After Effects 22.1.1/22.2.1 After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22239 | Adobe | Improper Input Validation vulnerability in Adobe After Effects 22.1.1/22.2.1 After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22243 | Adobe | Out-of-bounds Write vulnerability in Adobe Animate Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22244 | Adobe | Use After Free vulnerability in Adobe Premiere Rush Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2023-22246 | Adobe | Use After Free vulnerability in Adobe Animate Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-02-17 | CVE-2021-32142 | Libraw | Out-of-bounds Write vulnerability in Libraw 0.20.0 Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. | 7.8 |
2023-02-17 | CVE-2021-33983 | Flatcc Project | Classic Buffer Overflow vulnerability in Flatcc Project Flatcc 0.6.0 Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function. | 7.8 |
2023-02-17 | CVE-2022-32972 | Infoblox | Uncontrolled Search Path Element vulnerability in Infoblox Bloxone Endpoint Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | 7.8 |
2023-02-17 | CVE-2023-0887 | Tftpd64 Project | Unquoted Search Path or Element vulnerability in Tftpd64 Project Tftpd64 4.64 A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. | 7.8 |
2023-02-16 | CVE-2022-21163 | Intel | Unspecified vulnerability in Intel Crypto API Toolkit for Intel SGX Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-27170 | Intel | Unspecified vulnerability in Intel Media Software Development KIT Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-27808 | Intel | Unspecified vulnerability in Intel Administrative Tools for Intel Network Adapters Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-32575 | Intel | Out-of-bounds Write vulnerability in Intel Trace Analyzer and Collector 2017/2020 Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-33190 | Intel | Improper Input Validation vulnerability in Intel System Usage Report Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-33946 | Intel | Improper Authentication vulnerability in Intel System Usage Report Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-34346 | Intel | Out-of-bounds Read vulnerability in Intel Media Software Development KIT Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-34841 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Media Software Development KIT Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-34843 | Intel | Integer Overflow or Wraparound vulnerability in Intel Trace Analyzer and Collector 2017/2020 Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-34854 | Intel | Unspecified vulnerability in Intel System Usage Report Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-34864 | Intel | Out-of-bounds Read vulnerability in Intel Trace Analyzer and Collector 2017/2020 Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-36369 | Intel | Unspecified vulnerability in Intel Qatzip Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-36397 | Intel | Incorrect Default Permissions vulnerability in Intel Quickassist Technology 1.7.L.4.10.0/4.2 Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-36416 | Vmware | Unspecified vulnerability in VMWare Ixgben 1.10.0.1 Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-41314 | Intel | Uncontrolled Search Path Element vulnerability in Intel products Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-25992 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi-Cli Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-26840 | Intel | Unspecified vulnerability in Intel Quartus Prime Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-30530 | Intel | Unspecified vulnerability in Intel Driver & Support Assistant Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-32570 | Intel | Improper Authentication vulnerability in Intel Quartus Prime Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-33892 | Intel | Path Traversal vulnerability in Intel Quartus Prime Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-33902 | Intel | Unspecified vulnerability in Intel Quartus Prime Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-34153 | Intel | Improper Initialization vulnerability in Intel Battery Life Diagnostic Tool 2.2.0 Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-34157 | Intel | Unspecified vulnerability in Intel Quartus Prime Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-36278 | Intel | Unspecified vulnerability in Intel Battery Life Diagnostic Tool 2.2.0 Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-36348 | Intel | Unspecified vulnerability in Intel Server Platform Services Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-36398 | Intel | Uncontrolled Search Path Element vulnerability in Intel Battery Life Diagnostic Tool 2.2.0 Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-16 | CVE-2022-40080 | Acer | Out-of-bounds Write vulnerability in Acer Aspire E5-475G Firmware 1.21 Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges. | 7.8 |
2023-02-16 | CVE-2023-0866 | Gpac | Heap-based Buffer Overflow vulnerability in Gpac Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 7.8 |
2023-02-16 | CVE-2022-27482 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiadc A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. | 7.8 |
2023-02-16 | CVE-2022-40678 | Fortinet | Insufficiently Protected Credentials vulnerability in Fortinet Fortinac An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords. | 7.8 |
2023-02-16 | CVE-2022-40683 | Fortinet | Double Free vulnerability in Fortinet Fortiweb 7.0.0/7.0.1/7.0.2 A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands | 7.8 |
2023-02-16 | CVE-2023-23782 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands. | 7.8 |
2023-02-16 | CVE-2023-23783 | Fortinet | Use of Externally-Controlled Format String vulnerability in Fortinet Fortiweb A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | 7.8 |
2023-02-16 | CVE-2023-25602 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | 7.8 |
2023-02-16 | CVE-2023-24483 | Citrix | Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | 7.8 |
2023-02-16 | CVE-2023-24485 | Citrix | Incorrect Authorization vulnerability in Citrix Workspace 1912/2105/2203.1 Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | 7.8 |
2023-02-16 | CVE-2023-25173 | Linuxfoundation | Incorrect Authorization vulnerability in Linuxfoundation Containerd containerd is an open source container runtime. | 7.8 |
2023-02-15 | CVE-2022-42455 | Asus | Unspecified vulnerability in Asus Armoury Crate ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. | 7.8 |
2023-02-15 | CVE-2022-47506 | Solarwinds | Path Traversal vulnerability in Solarwinds Orion Platform 2022.4.1 SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. | 7.8 |
2023-02-15 | CVE-2022-45153 | Suse Opensuse | Incorrect Default Permissions vulnerability in multiple products An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. | 7.8 |
2023-02-15 | CVE-2023-25011 | NEC | Unspecified vulnerability in NEC PC Settings Tool PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. | 7.8 |
2023-02-15 | CVE-2023-20927 | Unspecified vulnerability in Google Android 13.0 In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. | 7.8 | |
2023-02-15 | CVE-2023-22368 | Elecom | Untrusted Search Path vulnerability in Elecom Camera Assistant and Quickfiledealer Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
2023-02-14 | CVE-2023-21566 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2019 Visual Studio Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21808 | Microsoft | Unspecified vulnerability in Microsoft products .NET and Visual Studio Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21815 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2019 Visual Studio Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21823 | Microsoft | Integer Overflow or Wraparound vulnerability in Microsoft products Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-23381 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2019 Visual Studio Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-23618 | GIT FOR Windows Project | Untrusted Search Path vulnerability in GIT for Windows Project GIT for Windows Git for Windows is the Windows port of the revision control system Git. | 7.8 |
2023-02-14 | CVE-2023-21528 | Microsoft | Unspecified vulnerability in Microsoft SQL Server Microsoft SQL Server Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21688 | Microsoft | Unspecified vulnerability in Microsoft products NT OS Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21704 | Microsoft | Unspecified vulnerability in Microsoft SQL Server Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21718 | Microsoft | Unspecified vulnerability in Microsoft SQL Server Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21800 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2008 R2 Windows Installer Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21801 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21802 | Microsoft | Unspecified vulnerability in Microsoft products Windows Media Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21804 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21805 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21809 | Microsoft | Unspecified vulnerability in Microsoft Defender Security Intelligence Updates Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21812 | Microsoft | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21817 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-21822 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-23376 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-23377 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 20.0.1 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-23378 | Microsoft | Unspecified vulnerability in Microsoft Print 3D Print 3D Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2023-23379 | Microsoft | Unspecified vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Elevation of Privilege Vulnerability | 7.8 |
2023-02-14 | CVE-2023-23390 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 20.0.1 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-02-14 | CVE-2022-31808 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). | 7.8 |
2023-02-14 | CVE-2022-47936 | Siemens | Stack-based Buffer Overflow vulnerability in Siemens JT Open Toolkit, JT Utilities and Parasolid A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). | 7.8 |
2023-02-14 | CVE-2022-47977 | Siemens | Out-of-bounds Write vulnerability in Siemens JT Open Toolkit and JT Utilities A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). | 7.8 |
2023-02-14 | CVE-2023-24549 | Siemens | Stack-based Buffer Overflow vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24550 | Siemens | Heap-based Buffer Overflow vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24551 | Siemens | Heap-based Buffer Overflow vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24552 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2022 and Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24553 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24554 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24555 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2022 and Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24556 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24557 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24558 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24559 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24560 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24561 | Siemens | Access of Uninitialized Pointer vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24562 | Siemens | Access of Uninitialized Pointer vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24563 | Siemens | Access of Uninitialized Pointer vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24564 | Siemens | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24581 | Siemens | Use After Free vulnerability in Siemens Solid Edge Se2023 223.0 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). | 7.8 |
2023-02-14 | CVE-2023-24978 | Siemens | Access of Uninitialized Pointer vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24979 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24980 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24981 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24982 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24983 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24984 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24985 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24986 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24987 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24988 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24989 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24990 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24991 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24992 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24993 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24994 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24995 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-24996 | Siemens | Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5 A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). | 7.8 |
2023-02-14 | CVE-2023-25140 | Siemens | Out-of-bounds Read vulnerability in Siemens Parasolid and Solid Edge A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V222.0MP12). | 7.8 |
2023-02-14 | CVE-2023-24187 | Ureport Project | XXE vulnerability in Ureport Project Ureport 2.2.9 An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | 7.8 |
2023-02-13 | CVE-2023-0817 | Gpac | Out-of-bounds Read vulnerability in Gpac Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 7.8 |
2023-02-13 | CVE-2023-0819 | Gpac | Heap-based Buffer Overflow vulnerability in Gpac Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 7.8 |
2023-02-13 | CVE-2022-48077 | Genymotion | Uncontrolled Search Path Element vulnerability in Genymotion Desktop 3.3.2 Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | 7.8 |
2023-02-13 | CVE-2022-45455 | Acronis | Incomplete Cleanup vulnerability in Acronis Agent, Cyber Protect and Cyber Protect Home Office Local privilege escalation due to incomplete uninstallation cleanup. | 7.8 |
2023-02-13 | CVE-2023-22345 | Jtekt | Out-of-bounds Write vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4 Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. | 7.8 |
2023-02-13 | CVE-2023-22346 | Jtekt | Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. | 7.8 |
2023-02-13 | CVE-2023-22347 | Jtekt | Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. | 7.8 |
2023-02-13 | CVE-2023-22349 | Jtekt | Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. | 7.8 |
2023-02-13 | CVE-2023-22350 | Jtekt | Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. | 7.8 |
2023-02-13 | CVE-2023-22353 | Jtekt | Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. | 7.8 |
2023-02-13 | CVE-2023-22360 | Jtekt | Use After Free vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4 Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. | 7.8 |
2023-02-18 | CVE-2023-0905 | Employee Task Management System Project | Improper Authentication vulnerability in Employee Task Management System Project Employee Task Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. | 7.5 |
2023-02-17 | CVE-2022-34351 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. | 7.5 |
2023-02-17 | CVE-2023-24960 | IBM | Path Traversal vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. | 7.5 |
2023-02-17 | CVE-2021-32441 | Exponentcms | SQL Injection vulnerability in Exponentcms Exponent CMS 2.6.0 SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. | 7.5 |
2023-02-17 | CVE-2021-33950 | Openkm | XXE vulnerability in Openkm 6.3.10 An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | 7.5 |
2023-02-17 | CVE-2022-20803 | Clamav | Double Free vulnerability in Clamav 0.104.0/0.104.1/0.104.2 A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. | 7.5 |
2023-02-17 | CVE-2022-41734 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
2023-02-17 | CVE-2022-43930 | IBM | Information Exposure Through Log Files vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. | 7.5 |
2023-02-17 | CVE-2022-43927 | IBM | Improper Privilege Management vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. | 7.5 |
2023-02-17 | CVE-2022-43929 | IBM | Improper Input Validation vulnerability in IBM DB2 11.1/11.5 IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. | 7.5 |
2023-02-17 | CVE-2023-24329 | Python Fedoraproject Netapp | Improper Input Validation vulnerability in multiple products An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | 7.5 |
2023-02-16 | CVE-2020-6817 | Mozilla | Unspecified vulnerability in Mozilla Bleach bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). | 7.5 |
2023-02-16 | CVE-2022-47703 | Tianjie | Missing Authentication for Critical Function vulnerability in Tianjie Cpe906-3 and Cpe906-3 Firmware TIANJIE CPE906-3 is vulnerable to password disclosure. | 7.5 |
2023-02-16 | CVE-2022-30692 | Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in Intel System Usage Report Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2023-02-16 | CVE-2022-35729 | Openbmc Project | Out-of-bounds Read vulnerability in Openbmc-Project Openbmc Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2023-02-16 | CVE-2022-26115 | Fortinet | Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. | 7.5 |
2023-02-16 | CVE-2023-25653 | Cisco | Infinite Loop vulnerability in Cisco Node-Jose node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. | 7.5 |
2023-02-16 | CVE-2023-24807 | Nodejs | Unspecified vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 7.5 |
2023-02-16 | CVE-2022-27892 | Palantir | Improper Input Validation vulnerability in Palantir Gotham Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | 7.5 |
2023-02-16 | CVE-2022-27897 | Palantir | Improper Input Validation vulnerability in Palantir Gotham Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. | 7.5 |
2023-02-16 | CVE-2023-22580 | Sequelizejs | Information Exposure vulnerability in Sequelizejs Sequelize 7.0.0 Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | 7.5 |
2023-02-16 | CVE-2023-0860 | Modoboa | Improper Restriction of Excessive Authentication Attempts vulnerability in Modoboa Installer 2.0.3 Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | 7.5 |
2023-02-16 | CVE-2023-0662 | PHP | Resource Exhaustion vulnerability in PHP In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. | 7.5 |
2023-02-15 | CVE-2021-34117 | Seopanel | SQL Injection vulnerability in Seopanel SEO Panel 4.9.0 SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | 7.5 |
2023-02-15 | CVE-2021-38239 | Dataease | SQL Injection vulnerability in Dataease SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10. | 7.5 |
2023-02-15 | CVE-2022-40016 | Media Server Project | Use After Free vulnerability in Media-Server Project Media-Server Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service. | 7.5 |
2023-02-15 | CVE-2023-0848 | Netgear | Unspecified vulnerability in Netgear Wndr3700 Firmware 1.0.1.14 A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. | 7.5 |
2023-02-15 | CVE-2023-0850 | Netgear | Unspecified vulnerability in Netgear Wndr3700 Firmware 1.0.1.14 A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. | 7.5 |
2023-02-15 | CVE-2022-45546 | Screencheck | Cleartext Transmission of Sensitive Information vulnerability in Screencheck Badgemaker 2.6.2.0 Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. | 7.5 |
2023-02-15 | CVE-2022-47508 | Solarwinds | Unspecified vulnerability in Solarwinds Server and Application Monitor 2022.4 Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos. | 7.5 |
2023-02-15 | CVE-2023-23463 | Sunellsecurity | Insufficiently Protected Credentials vulnerability in Sunellsecurity products Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. | 7.5 |
2023-02-15 | CVE-2023-23464 | Mediacp | Unspecified vulnerability in Mediacp Media Control Panel 2.13.1 Media CP Media Control Panel latest version. | 7.5 |
2023-02-15 | CVE-2023-23466 | Mediacp | Insufficiently Protected Credentials vulnerability in Mediacp Media Control Panel 2.13.1 Media CP Media Control Panel latest version. | 7.5 |
2023-02-15 | CVE-2023-24498 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear Prosafe Fs726Tp Firmware An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | 7.5 |
2023-02-15 | CVE-2023-0103 | LS Electric | Access of Memory Location After End of Buffer vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. | 7.5 |
2023-02-15 | CVE-2023-22803 | LS Electric | Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. | 7.5 |
2023-02-15 | CVE-2023-22806 | LS Electric | Cleartext Transmission of Sensitive Information vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. | 7.5 |
2023-02-15 | CVE-2023-25191 | AMI | Insufficiently Protected Credentials vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPX devices allow Password Disclosure through Redfish. | 7.5 |
2023-02-15 | CVE-2023-25578 | Starliteproject | Allocation of Resources Without Limits or Throttling vulnerability in Starliteproject Starlite Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. | 7.5 |
2023-02-15 | CVE-2023-24580 | Djangoproject Debian | Resource Exhaustion vulnerability in multiple products An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. | 7.5 |
2023-02-14 | CVE-2023-21553 | Microsoft | Unspecified vulnerability in Microsoft Azure Devops Server 2020.1.2 Azure DevOps Server Remote Code Execution Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21691 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21700 | Microsoft | Unspecified vulnerability in Microsoft products Windows iSCSI Discovery Service Denial of Service Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21701 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21702 | Microsoft | Unspecified vulnerability in Microsoft products Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21811 | Microsoft | Unspecified vulnerability in Microsoft products Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21813 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Channel Denial of Service Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21816 | Microsoft | Unspecified vulnerability in Microsoft products Windows Active Directory Domain Services API Denial of Service Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21818 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Channel Denial of Service Vulnerability | 7.5 |
2023-02-14 | CVE-2023-21819 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Channel Denial of Service Vulnerability | 7.5 |
2023-02-14 | CVE-2023-23946 | GIT SCM | Path Traversal vulnerability in Git-Scm GIT Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. | 7.5 |
2023-02-14 | CVE-2023-25577 | Palletsprojects | Allocation of Resources Without Limits or Throttling vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 7.5 |
2023-02-14 | CVE-2023-22941 | Splunk | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). | 7.5 |
2023-02-14 | CVE-2023-25563 | GSS Ntlmssp Project | Out-of-bounds Read vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. | 7.5 |
2023-02-14 | CVE-2023-25565 | GSS Ntlmssp Project | Release of Invalid Pointer or Reference vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. | 7.5 |
2023-02-14 | CVE-2023-25566 | GSS Ntlmssp Project | Memory Leak vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. | 7.5 |
2023-02-14 | CVE-2023-25567 | GSS Ntlmssp Project | Out-of-bounds Read vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. | 7.5 |
2023-02-14 | CVE-2021-46023 | Mruby | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mruby An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. | 7.5 |
2023-02-14 | CVE-2023-25576 | Fastify | Allocation of Resources Without Limits or Throttling vulnerability in Fastify Fastify-Multipart @fastify/multipart is a Fastify plugin to parse the multipart content-type. | 7.5 |
2023-02-14 | CVE-2023-25141 | Apache | Injection vulnerability in Apache Sling JCR Base Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. | 7.5 |
2023-02-14 | CVE-2023-23835 | Mendix | Improper Access Control vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). | 7.5 |
2023-02-13 | CVE-2022-3759 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. | 7.5 |
2023-02-13 | CVE-2023-0518 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. | 7.5 |
2023-02-13 | CVE-2023-24647 | Online Food Ordering System Project | SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0 Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. | 7.5 |
2023-02-13 | CVE-2023-22854 | Mitel | Unspecified vulnerability in Mitel Micontact Center Business The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. | 7.5 |
2023-02-13 | CVE-2023-0159 | Wprealize | Unspecified vulnerability in Wprealize Extensive VC Addons for Wpbakery Page Builder The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. | 7.5 |
2023-02-13 | CVE-2022-45454 | Acronis | Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect Sensitive information disclosure due to insecure folder permissions. | 7.5 |
2023-02-13 | CVE-2022-43460 | Fujifilm | Insufficiently Protected Credentials vulnerability in Fujifilm Driver Distributor Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. | 7.5 |
2023-02-13 | CVE-2023-22362 | Akindo Sushiro | Information Exposure Through Log Files vulnerability in Akindo-Sushiro products SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. | 7.5 |
2023-02-16 | CVE-2022-39948 | Fortinet | Improper Certificate Validation vulnerability in Fortinet Fortios and Fortiproxy An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy) | 7.4 |
2023-02-16 | CVE-2022-40675 | Fortinet | Unspecified vulnerability in Fortinet Fortinac and Fortinac-F Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. | 7.4 |
2023-02-16 | CVE-2022-27890 | Palantir | Improper Certificate Validation vulnerability in Palantir Atlasdb It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 7.4 |
2023-02-15 | CVE-2023-0361 | GNU Redhat Debian Fedoraproject Netapp | Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. | 7.4 |
2023-02-15 | CVE-2023-22377 | Fujitsu | XXE vulnerability in Fujitsu products Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. | 7.4 |
2023-02-14 | CVE-2023-21820 | Microsoft | Unspecified vulnerability in Microsoft products Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 7.4 |
2023-02-16 | CVE-2022-37340 | Intel | Uncontrolled Search Path Element vulnerability in Intel Quickassist Technology 1.7.L.4.10.0/4.2 Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-25905 | Intel | Uncontrolled Search Path Element vulnerability in Intel Oneapi Data Analytics Library Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-26032 | Intel | Uncontrolled Search Path Element vulnerability in Intel Distribution for Python Programming Language Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-26052 | Intel | Uncontrolled Search Path Element vulnerability in Intel MPI Library 2017 Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-26062 | Intel | Uncontrolled Search Path Element vulnerability in Intel Trace Analyzer and Collector 2017/2020 Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-26076 | Intel | Uncontrolled Search Path Element vulnerability in Intel Oneapi Deep Neural Network Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-26345 | Intel | Uncontrolled Search Path Element vulnerability in Intel Openmp Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-26421 | Intel | Uncontrolled Search Path Element vulnerability in Intel Oneapi Dpc++/C++ Compiler Runtime Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-26425 | Intel | Uncontrolled Search Path Element vulnerability in Intel Oneapi Collective Communications Library Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-26512 | Intel | Uncontrolled Search Path Element vulnerability in Intel Fpga Add-On Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-16 | CVE-2022-37329 | Intel | Uncontrolled Search Path Element vulnerability in Intel Quartus Prime Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2023-02-14 | CVE-2023-22743 | GIT FOR Windows Project | Untrusted Search Path vulnerability in GIT for Windows Project GIT for Windows Git for Windows is the Windows port of the revision control system Git. | 7.3 |
2023-02-14 | CVE-2023-21568 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability | 7.3 |
2023-02-17 | CVE-2023-26020 | Craftercms | SQL Injection vulnerability in Craftercms Crafter CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26. | 7.2 |
2023-02-17 | CVE-2023-23007 | Ecisp | SQL Injection vulnerability in Ecisp Espcms P8.21120101 An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | 7.2 |
2023-02-16 | CVE-2022-32971 | Intel | Improper Authentication vulnerability in Intel System Usage Report Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access. | 7.2 |
2023-02-16 | CVE-2022-27489 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiextender Firmware A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 7.2 |
2023-02-16 | CVE-2022-33871 | Fortinet | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations. | 7.2 |
2023-02-15 | CVE-2022-38868 | Ehoney Project | SQL Injection vulnerability in Ehoney Project Ehoney 2.0.0 SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code. | 7.2 |
2023-02-15 | CVE-2022-38111 | Solarwinds | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
2023-02-15 | CVE-2022-47503 | Solarwinds | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
2023-02-15 | CVE-2022-47504 | Solarwinds | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
2023-02-15 | CVE-2022-47507 | Solarwinds | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
2023-02-15 | CVE-2023-23836 | Solarwinds | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1 SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. | 7.2 |
2023-02-14 | CVE-2023-21703 | Microsoft | Unspecified vulnerability in Microsoft Azure Data BOX Gateway and Azure Stack Edge Azure Data Box Gateway Remote Code Execution Vulnerability | 7.2 |
2023-02-14 | CVE-2023-21710 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 7.2 |
2023-02-13 | CVE-2022-4546 | Conceptbeans | SQL Injection vulnerability in Conceptbeans Mapwiz 1.0.1 The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
2023-02-14 | CVE-2023-21564 | Microsoft | Cross-site Scripting vulnerability in Microsoft Azure Devops Server 2022 Azure DevOps Server Cross-Site Scripting Vulnerability | 7.1 |
2023-02-14 | CVE-2023-0020 | SAP | Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. | 7.1 |
2023-02-13 | CVE-2022-4745 | WP Customerarea | Unspecified vulnerability in Wp-Customerarea WP Customer Area The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example. | 7.1 |
2023-02-17 | CVE-2020-19824 | MPV | Race Condition vulnerability in MPV 0.29.1 An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. | 7.0 |
2023-02-16 | CVE-2022-26837 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 7.0 |
2023-02-16 | CVE-2022-32764 | Intel | Race Condition vulnerability in Intel Driver & Support Assistant Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.0 |
2023-02-15 | CVE-2022-32469 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32475 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32477 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32470 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32473 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32476 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32953 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32471 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32474 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32478 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32954 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. | 7.0 |
2023-02-15 | CVE-2022-32955 | Insyde | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.0 |
255 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-02-16 | CVE-2022-21216 | Intel | Unspecified vulnerability in Intel products Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. | 6.8 |
2023-02-16 | CVE-2022-48306 | Palantir | Improper Certificate Validation vulnerability in Palantir Gotham Chat IRC Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. | 6.8 |
2023-02-14 | CVE-2023-21694 | Microsoft | Unspecified vulnerability in Microsoft products Windows Fax Service Remote Code Execution Vulnerability | 6.8 |
2023-02-13 | CVE-2023-0808 | Deyeinverter Revolt Power Bosswerk | Use of Hard-coded Credentials vulnerability in multiple products A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. | 6.8 |
2023-02-16 | CVE-2022-33196 | Intel | Incorrect Default Permissions vulnerability in Intel products Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-02-16 | CVE-2022-26343 | Intel | Unspecified vulnerability in Intel products Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-02-16 | CVE-2022-30539 | Intel | Use After Free vulnerability in Intel products Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-02-16 | CVE-2022-30704 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-02-16 | CVE-2022-32231 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2023-02-14 | CVE-2022-35868 | Siemens | Untrusted Search Path vulnerability in Siemens TIA Multiuser Server and TIA Project-Server A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). | 6.7 |
2023-02-17 | CVE-2022-36775 | IBM | Injection vulnerability in IBM products IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.5 |
2023-02-16 | CVE-2023-0821 | Hashicorp | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. | 6.5 |
2023-02-16 | CVE-2022-27234 | Intel | Server-Side Request Forgery (SSRF) vulnerability in Intel Computer Vision Annotation Tool Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 |
2023-02-16 | CVE-2022-29494 | Intel | Improper Input Validation vulnerability in Intel Openbmc Egs0.91179 Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access. | 6.5 |
2023-02-16 | CVE-2023-22380 | Github | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. | 6.5 |
2023-02-16 | CVE-2022-30300 | Fortinet | Path Traversal vulnerability in Fortinet Fortiweb A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. | 6.5 |
2023-02-16 | CVE-2022-43954 | Fortinet | Information Exposure Through Log Files vulnerability in Fortinet Fortiportal 7.0.0/7.0.1/7.0.2 An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | 6.5 |
2023-02-16 | CVE-2023-0475 | Hashicorp | Unspecified vulnerability in Hashicorp Go-Getter HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. | 6.5 |
2023-02-16 | CVE-2023-23778 | Fortinet | Path Traversal vulnerability in Fortinet Fortiweb A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests. | 6.5 |
2023-02-16 | CVE-2023-23784 | Fortinet | Path Traversal vulnerability in Fortinet Fortiweb A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests. | 6.5 |
2023-02-15 | CVE-2021-33396 | Baijiacms Project | Cross-Site Request Forgery (CSRF) vulnerability in Baijiacms Project Baijiacms 4.1.4 Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php. | 6.5 |
2023-02-15 | CVE-2023-23458 | Sunellsecurity | Unspecified vulnerability in Sunellsecurity products Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. | 6.5 |
2023-02-15 | CVE-2023-25768 | Jenkins | Missing Authorization vulnerability in Jenkins Azure Credentials A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | 6.5 |
2023-02-14 | CVE-2023-21572 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.5 |
2023-02-14 | CVE-2023-21721 | Microsoft | Unspecified vulnerability in Microsoft Onenote Microsoft OneNote Elevation of Privilege Vulnerability | 6.5 |
2023-02-14 | CVE-2023-21807 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.5 |
2023-02-14 | CVE-2023-23382 | Microsoft | Unspecified vulnerability in Microsoft Azure Machine Learning 3.0.0 Azure Machine Learning Compute Instance Information Disclosure Vulnerability | 6.5 |
2023-02-14 | CVE-2022-41564 | Tibco | Unspecified vulnerability in Tibco Hawk and Operational Intelligence Hawk Redtail The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. | 6.5 |
2023-02-14 | CVE-2023-0019 | SAP | Missing Authorization vulnerability in SAP GRC Process Control In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. | 6.5 |
2023-02-14 | CVE-2023-24524 | SAP | Missing Authorization vulnerability in SAP S/4Hana 104/105 SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 6.5 |
2023-02-14 | CVE-2023-24528 | SAP | Missing Authorization vulnerability in SAP Fiori 600 SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. | 6.5 |
2023-02-14 | CVE-2023-0814 | Cozmoslabs | Incorrect Authorization vulnerability in Cozmoslabs Profile Builder The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. | 6.5 |
2023-02-13 | CVE-2022-3411 | Gitlab | Improper Validation of Specified Quantity in Input vulnerability in Gitlab A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | 6.5 |
2023-02-13 | CVE-2022-45962 | Os4Ed | SQL Injection vulnerability in Os4Ed Opensis 7.3/7.6/8.0 Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php. | 6.5 |
2023-02-13 | CVE-2022-25937 | Glance Project | Path Traversal vulnerability in Glance Project Glance Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. | 6.5 |
2023-02-16 | CVE-2023-23558 | Eternal Terminal Project | Link Following vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1 In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. | 6.3 |
2023-02-14 | CVE-2023-22936 | Splunk | Server-Side Request Forgery (SSRF) vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. | 6.3 |
2023-02-19 | CVE-2012-10007 | Buddystream Project | Cross-site Scripting vulnerability in Buddystream Project Buddystream A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress. | 6.1 |
2023-02-17 | CVE-2022-48115 | Jspreadsheet | Cross-site Scripting vulnerability in Jspreadsheet The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS). | 6.1 |
2023-02-17 | CVE-2023-23921 | Moodle | Cross-site Scripting vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. | 6.1 |
2023-02-17 | CVE-2023-23922 | Moodle | Cross-site Scripting vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. | 6.1 |
2023-02-17 | CVE-2023-24369 | Ujcms | Cross-site Scripting vulnerability in Ujcms 4.1.3/5.5.0 A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function. | 6.1 |
2023-02-17 | CVE-2023-0878 | Nuxt | Cross-site Scripting vulnerability in Nuxt Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. | 6.1 |
2023-02-16 | CVE-2019-17003 | Mozilla | Cross-site Scripting vulnerability in Mozilla Firefox Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. | 6.1 |
2023-02-16 | CVE-2021-23980 | Mozilla | Cross-site Scripting vulnerability in Mozilla Bleach A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. | 6.1 |
2023-02-16 | CVE-2022-0637 | Mozilla | Open Redirect vulnerability in Mozilla Pollbot open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | 6.1 |
2023-02-16 | CVE-2022-48324 | Mapos | Cross-site Scripting vulnerability in Mapos Map-Os 4.39.0 Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. | 6.1 |
2023-02-16 | CVE-2022-48325 | Mapos | Cross-site Scripting vulnerability in Mapos Map-Os 4.39.0 Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. | 6.1 |
2023-02-16 | CVE-2022-48326 | Mapos | Cross-site Scripting vulnerability in Mapos Map-Os 4.39.0 Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. | 6.1 |
2023-02-16 | CVE-2022-48327 | Mapos | Cross-site Scripting vulnerability in Mapos Map-Os 4.39.0 Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. | 6.1 |
2023-02-16 | CVE-2022-30304 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer. | 6.1 |
2023-02-16 | CVE-2022-38376 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortinac Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. | 6.1 |
2023-02-16 | CVE-2022-41334 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortios An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. | 6.1 |
2023-02-15 | CVE-2022-45543 | Discuz | Cross-site Scripting vulnerability in Discuz Discuzx 3.4 Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | 6.1 |
2023-02-15 | CVE-2023-23467 | Mediacp | Cross-site Scripting vulnerability in Mediacp Media Control Panel 2.13.1 Media CP Media Control Panel latest version. | 6.1 |
2023-02-15 | CVE-2022-25978 | Usememos | Cross-site Scripting vulnerability in Usememos Memos All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. | 6.1 |
2023-02-15 | CVE-2022-47373 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. | 6.1 |
2023-02-14 | CVE-2023-22932 | Splunk | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. | 6.1 |
2023-02-14 | CVE-2023-22933 | Splunk | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. | 6.1 |
2023-02-14 | CVE-2022-4286 | BR Automation | Cross-site Scripting vulnerability in Br-Automation Automation Runtime A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. | 6.1 |
2023-02-14 | CVE-2023-23852 | SAP | Cross-site Scripting vulnerability in SAP Solution Manager 720 SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2023-02-14 | CVE-2023-23853 | SAP | Open Redirect vulnerability in SAP Netweaver Application Server Abap An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | 6.1 |
2023-02-14 | CVE-2023-23858 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. | 6.1 |
2023-02-14 | CVE-2023-23859 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information. | 6.1 |
2023-02-14 | CVE-2023-23860 | SAP | Open Redirect vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | 6.1 |
2023-02-14 | CVE-2023-24521 | SAP | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. | 6.1 |
2023-02-14 | CVE-2023-24522 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. | 6.1 |
2023-02-14 | CVE-2023-24529 | SAP | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. | 6.1 |
2023-02-14 | CVE-2023-25614 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. | 6.1 |
2023-02-14 | CVE-2023-22376 | Planex | Cross-site Scripting vulnerability in Planex Cs-Wmv02G Firmware Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. | 6.1 |
2023-02-13 | CVE-2015-10079 | Walrusirc Project | Cross-site Scripting vulnerability in Walrusirc Project Walrusirc 0.0.2 A vulnerability was found in juju2143 WalrusIRC 0.0.2. | 6.1 |
2023-02-13 | CVE-2022-4905 | UDX | Cross-site Scripting vulnerability in UDX Stateless Media Plugin 3.1.1 A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress. | 6.1 |
2023-02-13 | CVE-2023-24086 | Slims Project | Cross-site Scripting vulnerability in Slims Project Slims 9.5.2 SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. | 6.1 |
2023-02-13 | CVE-2023-24648 | Zippy | Cross-site Scripting vulnerability in Zippy Zstore 6.6.0 Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php. | 6.1 |
2023-02-13 | CVE-2023-25241 | Bgerp | Cross-site Scripting vulnerability in Bgerp 22.31 bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. | 6.1 |
2023-02-13 | CVE-2022-45285 | Vsourz | Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB 1.7.2/1.9.1 Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2023-02-13 | CVE-2022-48110 | Ckeditor | Cross-site Scripting vulnerability in Ckeditor 35.4.0 CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. | 6.1 |
2023-02-13 | CVE-2023-23553 | Controlbyweb | Cross-site Scripting vulnerability in Controlbyweb X-400 Firmware Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker. | 6.1 |
2023-02-13 | CVE-2023-0099 | Getlasso | Unspecified vulnerability in Getlasso Simple Urls The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
2023-02-16 | CVE-2022-38378 | Fortinet | Improper Privilege Management vulnerability in Fortinet Fortios and Fortiproxy An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands. | 6.0 |
2023-02-17 | CVE-2023-23695 | Dell | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Secure Connect Gateway 5.12.00.10/5.14.00.12 Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. | 5.9 |
2023-02-16 | CVE-2020-12413 | Mozilla | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. | 5.9 |
2023-02-15 | CVE-2023-25171 | Kiwitcms | Allocation of Resources Without Limits or Throttling vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. | 5.9 |
2023-02-14 | CVE-2022-22564 | Dell | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell products Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. | 5.9 |
2023-02-13 | CVE-2023-22367 | Ichiranusa | Improper Certificate Validation vulnerability in Ichiranusa Ichiran Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 5.9 |
2023-02-14 | CVE-2023-21693 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.7 |
2023-02-14 | CVE-2023-22940 | Splunk | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. | 5.7 |
2023-02-13 | CVE-2022-34397 | Dell | Unspecified vulnerability in Dell products Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. | 5.7 |
2023-02-14 | CVE-2023-21567 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2019 Visual Studio Denial of Service Vulnerability | 5.6 |
2023-02-19 | CVE-2016-15024 | Doomsider Shadow Project | Unspecified vulnerability in Doomsider Shadow Project Doomsider Shadow A vulnerability was found in doomsider shadow. | 5.5 |
2023-02-18 | CVE-2023-0909 | Notepad Project | Improper Resource Shutdown or Release vulnerability in Notepad-- Project Notepad-- 1.22 A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. | 5.5 |
2023-02-18 | CVE-2023-0907 | Filseclab | Improper Resource Shutdown or Release vulnerability in Filseclab Twister Antivirus 8.17 A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. | 5.5 |
2023-02-17 | CVE-2021-32843 | Mobyproject | NULL Pointer Dereference vulnerability in Mobyproject Hyperkit HyperKit is a toolkit for embedding hypervisor capabilities in an application. | 5.5 |
2023-02-17 | CVE-2021-32844 | Mobyproject | NULL Pointer Dereference vulnerability in Mobyproject Hyperkit HyperKit is a toolkit for embedding hypervisor capabilities in an application. | 5.5 |
2023-02-17 | CVE-2023-0482 | Redhat | Unspecified vulnerability in Redhat Resteasy In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | 5.5 |
2023-02-17 | CVE-2023-21577 | Adobe | Out-of-bounds Read vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-02-17 | CVE-2023-21578 | Adobe | Out-of-bounds Read vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-02-17 | CVE-2023-21583 | Adobe | Out-of-bounds Read vulnerability in Adobe Bridge 12.0.1 Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-02-17 | CVE-2023-21584 | Adobe | Use After Free vulnerability in Adobe Framemaker FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-02-17 | CVE-2023-21593 | Adobe | NULL Pointer Dereference vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. | 5.5 |
2023-02-17 | CVE-2023-21620 | Adobe | Out-of-bounds Read vulnerability in Adobe Framemaker FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-02-17 | CVE-2023-22231 | Adobe | Out-of-bounds Read vulnerability in Adobe Bridge 12.0.1 Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-02-17 | CVE-2023-22233 | Adobe | Out-of-bounds Read vulnerability in Adobe After Effects 22.1.1/22.2.1 After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-02-17 | CVE-2023-24809 | Nethack | Classic Buffer Overflow vulnerability in Nethack NetHack is a single player dungeon exploration game. | 5.5 |
2023-02-17 | CVE-2023-24785 | Peazip Project | Allocation of Resources Without Limits or Throttling vulnerability in Peazip Project Peazip 9.0.0 An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. | 5.5 |
2023-02-17 | CVE-2023-24964 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. | 5.5 |
2023-02-17 | CVE-2023-23586 | Linux | Use After Free vulnerability in Linux Kernel Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. | 5.5 |
2023-02-16 | CVE-2021-33104 | Intel | Unspecified vulnerability in Intel ONE Boot Flash Update Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-02-16 | CVE-2022-29523 | Open CAS Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Open CAS Project Open CAS Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-02-16 | CVE-2022-31476 | Intel | Unspecified vulnerability in Intel System Usage Report Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-02-16 | CVE-2022-35883 | Intel | NULL Pointer Dereference vulnerability in Intel Media Software Development KIT NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-02-16 | CVE-2022-36289 | Intel | Unspecified vulnerability in Intel Media Software Development KIT Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-02-16 | CVE-2022-36797 | Vmware | Unspecified vulnerability in VMWare Ixgben Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2023-02-16 | CVE-2022-41614 | Intel | Insufficiently Protected Credentials vulnerability in Intel on Event Series Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-02-16 | CVE-2022-26509 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel SGX SDK Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2023-02-16 | CVE-2022-26841 | Intel | Unspecified vulnerability in Intel SGX SDK Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2023-02-16 | CVE-2022-30531 | Intel | Out-of-bounds Read vulnerability in Intel Iris XE MAX Dedicated Graphics Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2023-02-16 | CVE-2023-24484 | Citrix | Unspecified vulnerability in Citrix Workspace 1912/2105/2203.1 A malicious user can cause log files to be written to a directory that they do not have permission to write to. | 5.5 |
2023-02-16 | CVE-2023-25153 | Linuxfoundation | Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Containerd containerd is an open source container runtime. | 5.5 |
2023-02-15 | CVE-2022-45586 | Xpdfreader | Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.04 Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. | 5.5 |
2023-02-15 | CVE-2022-45587 | Xpdfreader | Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.04 Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. | 5.5 |
2023-02-15 | CVE-2022-45154 | Opensuse | Cleartext Storage of Sensitive Information vulnerability in Opensuse Supportutils 3.15.7.1 A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. | 5.5 |
2023-02-15 | CVE-2023-20949 | Out-of-bounds Write vulnerability in Google Android In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. | 5.5 | |
2023-02-14 | CVE-2023-21687 | Microsoft | Exposure of Resource to Wrong Sphere vulnerability in Microsoft products HTTP.sys Information Disclosure Vulnerability | 5.5 |
2023-02-14 | CVE-2023-21697 | Microsoft | Unspecified vulnerability in Microsoft products Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | 5.5 |
2023-02-14 | CVE-2023-21714 | Microsoft | Exposure of Resource to Wrong Sphere vulnerability in Microsoft 365 Apps and Office Long Term Servicing Channel Microsoft Office Information Disclosure Vulnerability | 5.5 |
2023-02-14 | CVE-2023-22490 | GIT SCM | Link Following vulnerability in Git-Scm GIT Git is a revision control system. | 5.5 |
2023-02-13 | CVE-2023-0795 | Libtiff | Out-of-bounds Read vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0796 | Libtiff | Out-of-bounds Read vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0797 | Libtiff | Out-of-bounds Read vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0798 | Libtiff | Out-of-bounds Read vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0799 | Libtiff | Use After Free vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0800 | Libtiff | Out-of-bounds Write vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0801 | Libtiff | Out-of-bounds Write vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0802 | Libtiff | Out-of-bounds Write vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0803 | Libtiff | Out-of-bounds Write vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0804 | Libtiff | Out-of-bounds Write vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-02-13 | CVE-2023-0818 | Gpac | Off-by-one Error vulnerability in Gpac Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 5.5 |
2023-02-13 | CVE-2023-24619 | Redpanda | Insufficiently Protected Credentials vulnerability in Redpanda Redpanda before 22.3.12 discloses cleartext AWS credentials. | 5.5 |
2023-02-13 | CVE-2023-23948 | Owncloud | SQL Injection vulnerability in Owncloud The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. | 5.5 |
2023-02-18 | CVE-2023-0902 | Simple Food Ordering System Project | Cross-site Scripting vulnerability in Simple Food Ordering System Project Simple Food Ordering System 1.0 A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. | 5.4 |
2023-02-18 | CVE-2022-40348 | Intern Record System Project | Cross-site Scripting vulnerability in Intern Record System Project Intern Record System 1.0 Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. | 5.4 |
2023-02-17 | CVE-2023-24769 | Changedetection | Cross-site Scripting vulnerability in Changedetection Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. | 5.4 |
2023-02-17 | CVE-2022-43579 | IBM | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. | 5.4 |
2023-02-17 | CVE-2023-22868 | IBM | Cross-site Scripting vulnerability in IBM Aspera Faspex 4.4.1 IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. | 5.4 |
2023-02-17 | CVE-2023-24388 | Wpdevart | Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Booking Calendar Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). | 5.4 |
2023-02-17 | CVE-2023-0879 | Btcpayserver | Cross-site Scripting vulnerability in Btcpayserver Btcpay Server Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. | 5.4 |
2023-02-16 | CVE-2022-42472 | Fortinet | Injection vulnerability in Fortinet Fortios and Fortiproxy A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | 5.4 |
2023-02-16 | CVE-2023-22638 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortinac Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. | 5.4 |
2023-02-16 | CVE-2023-23936 | Nodejs | Injection vulnerability in Nodejs Undici Undici is an HTTP/1.1 client for Node.js. | 5.4 |
2023-02-16 | CVE-2021-40555 | Flatcore | Cross-site Scripting vulnerability in Flatcore 2.0.7 Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. | 5.4 |
2023-02-15 | CVE-2023-0840 | Phpcrazy Project | Cross-site Scripting vulnerability in PHPcrazy Project PHPcrazy 1.1.1 A vulnerability classified as problematic was found in PHPCrazy 1.1.1. | 5.4 |
2023-02-15 | CVE-2023-25761 | Jenkins | Cross-site Scripting vulnerability in Jenkins Junit Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. | 5.4 |
2023-02-15 | CVE-2023-25762 | Jenkins | Cross-site Scripting vulnerability in Jenkins Pipeline: Build Step Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | 5.4 |
2023-02-15 | CVE-2023-25763 | Jenkins | Cross-site Scripting vulnerability in Jenkins Email Extension Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. | 5.4 |
2023-02-15 | CVE-2023-25764 | Jenkins | Cross-site Scripting vulnerability in Jenkins Email Extension Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. | 5.4 |
2023-02-15 | CVE-2022-47372 | Pandorafms | Cross-Site Request Forgery (CSRF) vulnerability in Pandorafms Pandora FMS Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. | 5.4 |
2023-02-14 | CVE-2023-21570 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2023-02-14 | CVE-2023-21571 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2023-02-14 | CVE-2023-21573 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2023-02-14 | CVE-2023-25571 | Linuxfoundation | Cross-site Scripting vulnerability in Linuxfoundation products Backstage is an open platform for building developer portals. | 5.4 |
2023-02-14 | CVE-2023-0827 | Pimcore | Cross-site Scripting vulnerability in Pimcore 1.4.3/1.4.9/1.5.0 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. | 5.4 |
2023-02-14 | CVE-2023-0024 | SAP | Cross-site Scripting vulnerability in SAP Solution Manager 720 SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability. | 5.4 |
2023-02-14 | CVE-2023-0025 | SAP | Cross-site Scripting vulnerability in SAP Solution Manager 720 SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources. | 5.4 |
2023-02-14 | CVE-2023-23851 | SAP | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Planning and Consolidation 200/300 SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. | 5.4 |
2023-02-14 | CVE-2023-23854 | SAP | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 5.4 |
2023-02-14 | CVE-2023-23855 | SAP | Open Redirect vulnerability in SAP Solution Manager 720 SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 5.4 |
2023-02-14 | CVE-2023-23856 | SAP | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 430 In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. | 5.4 |
2023-02-14 | CVE-2023-24525 | SAP | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2023-02-13 | CVE-2023-25572 | Marmelab | Cross-site Scripting vulnerability in Marmelab Ra-Ui-Materialui and React-Admin react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. | 5.4 |
2023-02-13 | CVE-2023-0810 | Btcpayserver | Cross-site Scripting vulnerability in Btcpayserver Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11. | 5.4 |
2023-02-13 | CVE-2022-4448 | Givewp | Unspecified vulnerability in Givewp The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-4458 | AMR Shortcode ANY Widget Project | Unspecified vulnerability in AMR Shortcode ANY Widget Project AMR Shortcode ANY Widget The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-02-13 | CVE-2022-4471 | Yarpp | Unspecified vulnerability in Yarpp YET Another Related Posts Plugin The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-4473 | Widget Shortcode Project | Unspecified vulnerability in Widget Shortcode Project Widget Shortcode The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-02-13 | CVE-2022-4488 | Widgets ON Pages Project | Unspecified vulnerability in Widgets on Pages Project Widgets on Pages The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-02-13 | CVE-2022-4512 | Better Font Awesome Project | Unspecified vulnerability in Better Font Awesome Project Better Font Awesome The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2022-4551 | Croover | Unspecified vulnerability in Croover Rich Table of Contents The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-4562 | Mekshq | Unspecified vulnerability in Mekshq Meks Flexible Shortcodes The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-02-13 | CVE-2022-4580 | Twenty20 Project | Unspecified vulnerability in Twenty20 Project Twenty20 1.5.9 The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-4628 | Wpplugin | Unspecified vulnerability in Wpplugin Easy Paypal BUY NOW Button The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-4656 | Plugins Market | Cross-site Scripting vulnerability in Plugins-Market WP Visitor Statistics The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 5.4 |
2023-02-13 | CVE-2022-4678 | Templatesnext | Unspecified vulnerability in Templatesnext Toolkit The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2022-4682 | Wpgogo | Unspecified vulnerability in Wpgogo Lightbox-Gallery The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-4759 | Liquidweb | Unspecified vulnerability in Liquidweb Gigpress The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-4783 | Youtube Channel Gallery Project | Unspecified vulnerability in Youtube Channel Gallery Project Youtube Channel Gallery The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-4830 | Strangerstudios | Cross-site Scripting vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-02-13 | CVE-2023-0034 | Crocoblock | Unspecified vulnerability in Crocoblock Jetwidgets for Elementor The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2023-0060 | Responsive Gallery Grid Project | Unspecified vulnerability in Responsive Gallery Grid Project Responsive Gallery Grid The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0061 | Judge | Unspecified vulnerability in Judge Product Reviews for Woocommerce The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0075 | Amazonjs Project | Unspecified vulnerability in Amazonjs Project Amazonjs 0.10 The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0151 | Utubevideo Gallery Project | Cross-site Scripting vulnerability in Utubevideo Gallery Project Utubevideo Gallery The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0166 | Pickplugins | Unspecified vulnerability in Pickplugins Product Slider for Woocommerce The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0169 | Zohocorp | Unspecified vulnerability in Zohocorp Zoho Forms The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0177 | Wpdevart | Unspecified vulnerability in Wpdevart Social Like BOX and Page The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0270 | Yamaps Project | Unspecified vulnerability in Yamaps Project Yamaps The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0275 | Tipsandtricks HQ | Unspecified vulnerability in Tipsandtricks-Hq Easy Accept Payments for Paypal The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0333 | Templatesnext | Unspecified vulnerability in Templatesnext Toolkit The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2023-0360 | Shapedplugin | Unspecified vulnerability in Shapedplugin Location Weather The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0362 | Themify | Unspecified vulnerability in Themify Portfolio Post Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-13 | CVE-2023-0373 | Smartwp | Cross-site Scripting vulnerability in Smartwp Lightweight Accordion The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2023-0379 | Rebelcode | Unspecified vulnerability in Rebelcode Spotlight Social Feeds The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-13 | CVE-2022-45724 | Comfast | Improper Authentication vulnerability in Comfast Cf-Wr610N Firmware 2.3.1 Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests. | 5.4 |
2023-02-13 | CVE-2023-25727 | Phpmyadmin | Cross-site Scripting vulnerability in PHPmyadmin In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | 5.4 |
2023-02-19 | CVE-2023-0914 | Pixelfed | Unspecified vulnerability in Pixelfed Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | 5.3 |
2023-02-18 | CVE-2023-0901 | Pixelfed | Unspecified vulnerability in Pixelfed Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4. | 5.3 |
2023-02-17 | CVE-2023-22232 | Adobe | Improper Access Control vulnerability in Adobe Connect Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |
2023-02-17 | CVE-2021-32419 | Schismtracker | Out-of-bounds Write vulnerability in Schismtracker Schism Tracker An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c. | 5.3 |
2023-02-16 | CVE-2022-38056 | Intel | Unspecified vulnerability in Intel Endpoint Management Assistant Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access. | 5.3 |
2023-02-16 | CVE-2023-23752 | Joomla | Unspecified vulnerability in Joomla Joomla! An issue was discovered in Joomla! 4.0.0 through 4.2.7. | 5.3 |
2023-02-16 | CVE-2022-27891 | Palantir | Missing Authentication for Critical Function vulnerability in Palantir Gotham Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. | 5.3 |
2023-02-15 | CVE-2023-25192 | AMI | Exposure of Resource to Wrong Sphere vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPX devices allow User Enumeration through Redfish. | 5.3 |
2023-02-14 | CVE-2023-21699 | Microsoft | Unspecified vulnerability in Microsoft products Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | 5.3 |
2023-02-14 | CVE-2023-21720 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Tampering Vulnerability | 5.3 |
2023-02-14 | CVE-2023-22943 | Splunk | Improper Certificate Validation vulnerability in Splunk products In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. | 5.3 |
2023-02-14 | CVE-2023-0655 | Sonicwall | Information Exposure Through an Error Message vulnerability in Sonicwall Email Security 10.0.9 SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. | 5.3 |
2023-02-13 | CVE-2023-25160 | Nextcloud | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail Nextcloud Mail is an email app for the Nextcloud home server platform. | 5.3 |
2023-02-13 | CVE-2023-25161 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. | 5.3 |
2023-02-13 | CVE-2023-25162 | Nextcloud | Server-Side Request Forgery (SSRF) vulnerability in Nextcloud Server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. | 5.3 |
2023-02-13 | CVE-2023-25159 | Nextcloud | Unspecified vulnerability in Nextcloud Server and Richdocuments Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. | 5.3 |
2023-02-13 | CVE-2022-3891 | Pixelite | Unspecified vulnerability in Pixelite WP Fullcalendar The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. | 5.3 |
2023-02-14 | CVE-2023-22370 | Planex | Cross-site Scripting vulnerability in Planex Cs-Wmv02G Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. | 5.2 |
2023-02-14 | CVE-2023-21715 | Microsoft | Incorrect Authorization vulnerability in Microsoft 365 Apps Microsoft Publisher Security Features Bypass Vulnerability | 5.0 |
2023-02-14 | CVE-2023-21722 | Microsoft | Unspecified vulnerability in Microsoft .Net Framework .NET Framework Denial of Service Vulnerability | 5.0 |
2023-02-17 | CVE-2023-0895 | WOW Company | Unspecified vulnerability in Wow-Company WP Coder The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
2023-02-16 | CVE-2022-44299 | Sscms | Path Traversal vulnerability in Sscms Siteserver CMS 7.1.3 SiteServerCMS 7.1.3 sscms has a file read vulnerability. | 4.9 |
2023-02-16 | CVE-2022-29493 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Baseboard Management Controller Firmware 2.18/2.48.Ce3E3Bd2 Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access. | 4.9 |
2023-02-15 | CVE-2022-45436 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS 765 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). | 4.8 |
2023-02-15 | CVE-2022-45437 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS 765 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). | 4.8 |
2023-02-15 | CVE-2023-24499 | Butterfly Button Project | Unspecified vulnerability in Butterfly-Button Project Butterfly-Button Butterfly Button plugin may leave traces of its use on user's device. | 4.6 |
2023-02-16 | CVE-2022-33972 | Intel | Incorrect Calculation vulnerability in Intel products Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-02-16 | CVE-2022-36382 | Intel | Out-of-bounds Write vulnerability in Intel products Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-02-16 | CVE-2022-38090 | Intel | Unspecified vulnerability in Intel products Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2023-02-16 | CVE-2022-30339 | Intel | Out-of-bounds Read vulnerability in Intel Integrated Sensor Solution Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-02-16 | CVE-2022-34849 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Iris XE MAX Dedicated Graphics Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-02-16 | CVE-2022-36794 | Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in Intel Server Platform Services Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2023-02-13 | CVE-2023-24804 | Owncloud | Path Traversal vulnerability in Owncloud The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. | 4.4 |
2023-02-17 | CVE-2023-23899 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Extensions for CF7 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. | 4.3 |
2023-02-17 | CVE-2023-0880 | Phpmyfaq | Misinterpretation of Input vulnerability in PHPmyfaq Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 4.3 |
2023-02-16 | CVE-2022-36287 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Field Programmable Gate Array Crypto Service Server Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access. | 4.3 |
2023-02-16 | CVE-2021-43074 | Fortinet | Improper Verification of Cryptographic Signature vulnerability in Fortinet products An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. | 4.3 |
2023-02-16 | CVE-2022-30299 | Fortinet | Path Traversal vulnerability in Fortinet Fortiweb A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests. | 4.3 |
2023-02-16 | CVE-2022-38731 | Qaelum | Path Traversal vulnerability in Qaelum Dose Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. | 4.3 |
2023-02-15 | CVE-2023-23848 | Jenkins | Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 4.3 |
2023-02-15 | CVE-2023-23850 | Jenkins | Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
2023-02-15 | CVE-2023-22805 | LS Electric | Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. | 4.3 |
2023-02-15 | CVE-2023-25766 | Jenkins | Missing Authorization vulnerability in Jenkins Azure Credentials A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
2023-02-14 | CVE-2023-21794 | Microsoft | Authentication Bypass by Spoofing vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 |
2023-02-14 | CVE-2023-22931 | Splunk | Incorrect Default Permissions vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. | 4.3 |
2023-02-14 | CVE-2023-22937 | Splunk | Unrestricted Upload of File with Dangerous Type vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. | 4.3 |
2023-02-14 | CVE-2023-22938 | Splunk | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. | 4.3 |
2023-02-14 | CVE-2023-22942 | Splunk | Cross-Site Request Forgery (CSRF) vulnerability in Splunk In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request. | 4.3 |
2023-02-13 | CVE-2023-0405 | Gptaipower | Unspecified vulnerability in Gptaipower GPT AI Power The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts. | 4.3 |
2023-02-14 | CVE-2023-25758 | Onekey | Unspecified vulnerability in Onekey Mini Firmware and Onekey Touch Firmware Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. | 4.2 |
2023-02-16 | CVE-2022-26888 | Intel | Cross-site Scripting vulnerability in Intel Quartus Prime Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access. | 4.1 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-02-16 | CVE-2022-48307 | Palantir | Improper Certificate Validation vulnerability in Palantir Magritte-Ftp It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 3.7 |
2023-02-16 | CVE-2022-48308 | Palantir | Improper Certificate Validation vulnerability in Palantir Sls-Logging It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 3.7 |
2023-02-19 | CVE-2023-0919 | Kavitareader | Missing Authentication for Critical Function vulnerability in Kavitareader Kavita Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | 3.5 |
2023-02-15 | CVE-2023-23847 | Jenkins | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Synopsys Coverity A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 3.5 |
2023-02-14 | CVE-2023-23934 | Palletsprojects | Improper Input Validation vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 3.5 |
2023-02-16 | CVE-2022-29054 | Fortinet | Unspecified vulnerability in Fortinet Fortios and Fortiproxy A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it. | 3.3 |
2023-02-14 | CVE-2023-24565 | Siemens | Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). | 3.3 |
2023-02-14 | CVE-2023-24566 | Siemens | Stack-based Buffer Overflow vulnerability in Siemens Solid Edge Se2023 A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). | 3.3 |
2023-02-13 | CVE-2023-23697 | Dell | Link Following vulnerability in Dell Command | Intel Vpro OUT of Band Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. | 3.3 |
2023-02-13 | CVE-2023-24572 | Dell | Link Following vulnerability in Dell Command | Integration Suite for System Center 6.2.0 Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. | 3.3 |