Weekly Vulnerabilities Reports > February 20 to 26, 2023
Overview
333 new vulnerabilities reported during this period, including 83 critical vulnerabilities and 103 high severity vulnerabilities. This weekly summary report vulnerabilities in 328 products from 226 vendors including Google, Apache, Linux, Checkmk, and Zoneminder. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Cross-Site Request Forgery (CSRF)", and "Use After Free".
- 290 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 149 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 207 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Apache has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
83 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-02-26 | CVE-2023-26602 | Asus | Command Injection vulnerability in Asus Asmb8-Ikvm Firmware 1.14.51 ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | 9.8 |
2023-02-26 | CVE-2023-1037 | Dental Clinic Appointment Reservation System Project | SQL Injection vulnerability in Dental Clinic Appointment Reservation System Project Dental Clinic Appointment Reservation System 1.0 A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. | 9.8 |
2023-02-26 | CVE-2023-1038 | Online Reviewer Management System Project | SQL Injection vulnerability in Online Reviewer Management System Project Online Reviewer Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. | 9.8 |
2023-02-26 | CVE-2023-1040 | Online Graduate Tracer System Project | SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. | 9.8 |
2023-02-25 | CVE-2023-26550 | BMC | SQL Injection vulnerability in BMC Control-M A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. | 9.8 |
2023-02-25 | CVE-2022-2024 | Gogs | OS Command Injection vulnerability in Gogs OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | 9.8 |
2023-02-25 | CVE-2023-26035 | Zoneminder | Missing Authorization vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 9.8 |
2023-02-25 | CVE-2023-26036 | Zoneminder | Untrusted Search Path vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 9.8 |
2023-02-25 | CVE-2023-26037 | Zoneminder | SQL Injection vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 9.8 |
2023-02-24 | CVE-2022-23535 | Litedb | Deserialization of Untrusted Data vulnerability in Litedb LiteDB is a small, fast and lightweight .NET NoSQL embedded database. | 9.8 |
2023-02-24 | CVE-2023-24189 | Bstek | XXE vulnerability in Bstek Urule 2.1.7 An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile. | 9.8 |
2023-02-24 | CVE-2021-33224 | Umbraco | Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco Forms 8.7.0 File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | 9.8 |
2023-02-24 | CVE-2021-35370 | Txjia | Unspecified vulnerability in Txjia Imcat 5.4 An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function. | 9.8 |
2023-02-24 | CVE-2021-4105 | BG TEK | Unspecified vulnerability in Bg-Tek products Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | 9.8 |
2023-02-24 | CVE-2023-25691 | Apache | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Google Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | 9.8 |
2023-02-24 | CVE-2023-25693 | Apache | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Sqoop Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. | 9.8 |
2023-02-24 | CVE-2023-25696 | Apache | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | 9.8 |
2023-02-23 | CVE-2023-24212 | Tenda | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. | 9.8 |
2023-02-23 | CVE-2022-36231 | Newspaperclub | Unspecified vulnerability in Newspaperclub PDF Info 0.5.3 pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3. | 9.8 |
2023-02-23 | CVE-2023-0754 | Rockwellautomation PTC GE | Integer Overflow or Wraparound vulnerability in multiple products The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
2023-02-23 | CVE-2023-0755 | PTC Rockwellautomation GE | Improper Validation of Array Index vulnerability in multiple products The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
2023-02-23 | CVE-2023-24205 | Clash Project | Incorrect Permission Assignment for Critical Resource vulnerability in Clash Project Clash 0.20.12 Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | 9.8 |
2023-02-23 | CVE-2023-25823 | Gradio Project | Use of Hard-coded Credentials vulnerability in Gradio Project Gradio Gradio is an open-source Python library to build machine learning and data science demos and web applications. | 9.8 |
2023-02-23 | CVE-2023-26326 | Themekraft | Deserialization of Untrusted Data vulnerability in Themekraft Buddyforms The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. | 9.8 |
2023-02-23 | CVE-2022-48342 | Jetbrains | Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | 9.8 |
2023-02-23 | CVE-2023-0986 | Sales Tracker Management System Project | SQL Injection vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. | 9.8 |
2023-02-23 | CVE-2023-24104 | UI | Unspecified vulnerability in UI Unifi Dream Machine PRO Firmware 7.2.95 Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. | 9.8 |
2023-02-23 | CVE-2022-2504 | SDD Baro Project | SQL Injection vulnerability in Sdd-Baro Project Sdd-Baro Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection.This issue affects SDD-Baro: before 2.8.432. | 9.8 |
2023-02-23 | CVE-2023-0980 | Yoga Class Registration System Project | SQL Injection vulnerability in Yoga Class Registration System Project Yoga Class Registration System 1.0 A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. | 9.8 |
2023-02-23 | CVE-2023-0981 | Yoga Class Registration System Project | SQL Injection vulnerability in Yoga Class Registration System Project Yoga Class Registration System 1.0 A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. | 9.8 |
2023-02-23 | CVE-2023-0982 | Yoga Class Registration System Project | SQL Injection vulnerability in Yoga Class Registration System Project Yoga Class Registration System 1.0 A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. | 9.8 |
2023-02-23 | CVE-2023-0939 | Online Services Project | SQL Injection vulnerability in Online Services Project Online Services Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.This issue affects Online Services Software: before 1.17. | 9.8 |
2023-02-22 | CVE-2022-48149 | Online Student Admission System Project | SQL Injection vulnerability in Online Student Admission System Project Online Student Admission System 1.0 Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 9.8 |
2023-02-22 | CVE-2022-39983 | Instantdeveloper | Unrestricted Upload of File with Dangerous Type vulnerability in Instantdeveloper RD3 22.0.8500 File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code. | 9.8 |
2023-02-22 | CVE-2022-45599 | Aztech | Insufficiently Protected Credentials vulnerability in Aztech Wmb250Ac Firmware 0162020 Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | 9.8 |
2023-02-22 | CVE-2023-24114 | Typecho | Unspecified vulnerability in Typecho typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. | 9.8 |
2023-02-22 | CVE-2023-24093 | H3C | Improper Authentication vulnerability in H3C A210-G Firmware A210Gv100R005 An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a password. | 9.8 |
2023-02-22 | CVE-2023-24812 | Misskey | SQL Injection vulnerability in Misskey Misskey is an open source, decentralized social media platform. | 9.8 |
2023-02-22 | CVE-2023-0961 | Music Gallery Site Project | SQL Injection vulnerability in Music Gallery Site Project Music Gallery Site 1.0 A vulnerability was found in SourceCodester Music Gallery Site 1.0. | 9.8 |
2023-02-22 | CVE-2023-0963 | Music Gallery Site Project | Improper Access Control vulnerability in Music Gallery Site Project Music Gallery Site 1.0 A vulnerability was found in SourceCodester Music Gallery Site 1.0. | 9.8 |
2023-02-22 | CVE-2023-25813 | Sequelizejs | SQL Injection vulnerability in Sequelizejs Sequelize Sequelize is a Node.js ORM tool. | 9.8 |
2023-02-22 | CVE-2023-0960 | Seacms | Deserialization of Untrusted Data vulnerability in Seacms 11.6 A vulnerability was found in SeaCMS 11.6 and classified as problematic. | 9.8 |
2023-02-22 | CVE-2022-41217 | Hybridsoftware | Unrestricted Upload of File with Dangerous Type vulnerability in Hybridsoftware Cloudflow 2.0.0/2.3.1 Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | 9.8 |
2023-02-22 | CVE-2023-24107 | Hour OF Code Python 2015 Project | Unspecified vulnerability in Hour of Code Python 2015 Project Hour of Code Python 2015 20151211 hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). | 9.8 |
2023-02-22 | CVE-2023-24108 | Zetacomponenets | Unspecified vulnerability in Zetacomponenets Mvctools 20080923 MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). | 9.8 |
2023-02-22 | CVE-2023-0947 | Flatpress | Path Traversal vulnerability in Flatpress Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | 9.8 |
2023-02-21 | CVE-2023-24080 | Chamberlain | Improper Restriction of Excessive Authentication Attempts vulnerability in Chamberlain MYQ 5.222.0.32277 A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | 9.8 |
2023-02-21 | CVE-2023-24320 | Axcora | Unspecified vulnerability in Axcora An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. | 9.8 |
2023-02-21 | CVE-2023-25157 | Osgeo | SQL Injection vulnerability in Osgeo Geoserver GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. | 9.8 |
2023-02-21 | CVE-2017-20179 | Instedd | Unspecified vulnerability in Instedd Pollit 2.3.1 A vulnerability was found in InSTEDD Pollit 2.3.1. | 9.8 |
2023-02-21 | CVE-2022-46637 | Prolink2U | Use of Hard-coded Credentials vulnerability in Prolink2U Prs1841 Firmware UV2 Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | 9.8 |
2023-02-21 | CVE-2023-0946 | Best POS Management System Project | SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0 A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. | 9.8 |
2023-02-21 | CVE-2023-25158 | Geotools | SQL Injection vulnerability in Geotools GeoTools is an open source Java library that provides tools for geospatial data. | 9.8 |
2023-02-21 | CVE-2023-25657 | Networktocode | Unspecified vulnerability in Networktocode Nautobot Nautobot is a Network Source of Truth and Network Automation Platform. | 9.8 |
2023-02-21 | CVE-2023-22920 | Zyxel | Unspecified vulnerability in Zyxel Lte3202-M437 Firmware and Lte3316-M604 Firmware A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. | 9.8 |
2023-02-21 | CVE-2015-10083 | Harrys | Improper Authentication vulnerability in Harrys Dynosaur-Rails A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. | 9.8 |
2023-02-21 | CVE-2015-10084 | Irontec | SQL Injection vulnerability in Irontec Klear-Library A vulnerability was found in irontec klear-library chloe and classified as critical. | 9.8 |
2023-02-21 | CVE-2023-24184 | Totolink | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | 9.8 |
2023-02-21 | CVE-2022-45564 | Znfit | SQL Injection vulnerability in Znfit Home Improvement ERP Management System 42 SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet. | 9.8 |
2023-02-21 | CVE-2022-45677 | Tuition Management System Project | SQL Injection vulnerability in Tuition Management System Project Tuition Management System SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php. | 9.8 |
2023-02-21 | CVE-2023-0935 | Dolphinphp Project | OS Command Injection vulnerability in Dolphinphp Project Dolphinphp A vulnerability was found in DolphinPHP up to 1.5.1. | 9.8 |
2023-02-21 | CVE-2023-0938 | Music Gallery Site Project | SQL Injection vulnerability in Music Gallery Site Project Music Gallery Site 1.0 A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. | 9.8 |
2023-02-21 | CVE-2023-0232 | Hasthemes | Unspecified vulnerability in Hasthemes Shoplentor The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. | 9.8 |
2023-02-21 | CVE-2015-10082 | Libimobiledevice | XXE vulnerability in Libimobiledevice Libplist 1.12 A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. | 9.8 |
2023-02-21 | CVE-2023-26234 | JD GUI Project | Deserialization of Untrusted Data vulnerability in Jd-Gui Project Jd-Gui 1.6.6 JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. | 9.8 |
2023-02-20 | CVE-2022-48337 | GNU Debian | OS Command Injection vulnerability in multiple products GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. | 9.8 |
2023-02-20 | CVE-2023-23452 | Sick | Missing Authentication for Critical Function vulnerability in Sick Fx0-Gpnt00000 Firmware and Fx0-Gpnt00010 Firmware Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | 9.8 |
2023-02-20 | CVE-2023-23453 | Sick | Missing Authentication for Critical Function vulnerability in Sick Fx0-Gent00000 Firmware and Fx0-Gent00010 Firmware Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | 9.8 |
2023-02-20 | CVE-2022-48317 | Checkmk | Insufficient Session Expiration vulnerability in Checkmk 2.0.0/2.1.0 Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI. | 9.8 |
2023-02-20 | CVE-2023-25613 | Apache | Injection vulnerability in Apache Identity Backend An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | 9.8 |
2023-02-20 | CVE-2023-25805 | Versionn Project | Command Injection vulnerability in Versionn Project Versionn versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. | 9.8 |
2023-02-20 | CVE-2012-10008 | Oneapp Project | SQL Injection vulnerability in Oneapp Project Oneapp A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. | 9.8 |
2023-02-20 | CVE-2013-10019 | Oclc | SQL Injection vulnerability in Oclc Oaicat A vulnerability was found in OCLC-Research OAICat 1.5.61. | 9.8 |
2023-02-20 | CVE-2023-26092 | Puzzle | Expression Language Injection vulnerability in Puzzle Liima Liima before 1.17.28 allows server-side template injection. | 9.8 |
2023-02-20 | CVE-2023-26093 | Puzzle | SQL Injection vulnerability in Puzzle Liima Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. | 9.8 |
2023-02-20 | CVE-2022-48328 | Misp | Improper Handling of Exceptional Conditions vulnerability in Misp app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | 9.8 |
2023-02-20 | CVE-2022-48329 | Misp | Improper Handling of Exceptional Conditions vulnerability in Misp MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | 9.8 |
2023-02-24 | CVE-2021-33387 | 1234N | Cross-site Scripting vulnerability in 1234N Minicms 1.10 Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request. | 9.6 |
2023-02-20 | CVE-2021-32853 | Erxes | Cross-site Scripting vulnerability in Erxes Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. | 9.6 |
2023-02-25 | CVE-2023-26033 | Gentoo | SQL Injection vulnerability in Gentoo Soko Gentoo soko is the code that powers packages.gentoo.org. | 9.1 |
2023-02-24 | CVE-2023-26468 | Cerebrate Project | Unspecified vulnerability in Cerebrate-Project Cerebrate 1.12 Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. | 9.1 |
2023-02-23 | CVE-2023-23914 | Haxx Netapp Splunk | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. | 9.1 |
2023-02-20 | CVE-2021-32852 | Count | Cross-site Scripting vulnerability in Count Countly Server Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. | 9.0 |
103 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-02-26 | CVE-2023-1044 | Muyucms | Path Traversal vulnerability in Muyucms 2.2 A vulnerability was found in MuYuCMS 2.2. | 8.8 |
2023-02-26 | CVE-2023-1046 | Muyucms | Server-Side Request Forgery (SSRF) vulnerability in Muyucms 2.2 A vulnerability classified as critical has been found in MuYuCMS 2.2. | 8.8 |
2023-02-26 | CVE-2023-1039 | Class AND Exam Timetabling System Project | SQL Injection vulnerability in Class and Exam Timetabling System Project Class and Exam Timetabling System 1.0 A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0. | 8.8 |
2023-02-25 | CVE-2022-48362 | Zohocorp | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. | 8.8 |
2023-02-25 | CVE-2023-1035 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. | 8.8 |
2023-02-25 | CVE-2023-1034 | Salesagility | Path Traversal: '..filename' vulnerability in Salesagility Suitecrm Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | 8.8 |
2023-02-25 | CVE-2023-26039 | Zoneminder | OS Command Injection vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 8.8 |
2023-02-25 | CVE-2023-1033 | Froxlor | Cross-Site Request Forgery (CSRF) vulnerability in Froxlor Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11. | 8.8 |
2023-02-25 | CVE-2023-26034 | Zoneminder | SQL Injection vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 8.8 |
2023-02-24 | CVE-2021-34167 | Taogogo | Cross-Site Request Forgery (CSRF) vulnerability in Taogogo Taocms 3.0.2 Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | 8.8 |
2023-02-24 | CVE-2023-0997 | Moosikay E Commerce System Project | SQL Injection vulnerability in Moosikay E-Commerce System Project Moosikay E-Commerce System 1.0 A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. | 8.8 |
2023-02-24 | CVE-2023-0999 | Sales Tracker Management System Project | Cross-Site Request Forgery (CSRF) vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0 A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. | 8.8 |
2023-02-24 | CVE-2022-1607 | ABB | Cross-Site Request Forgery (CSRF) vulnerability in ABB Infinity DC Power Plant and Ne843 S Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. | 8.8 |
2023-02-23 | CVE-2023-23294 | Korenix | Command Injection vulnerability in Korenix products Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. | 8.8 |
2023-02-23 | CVE-2023-23295 | Korenix | Command Injection vulnerability in Korenix products Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. | 8.8 |
2023-02-23 | CVE-2023-20011 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
2023-02-23 | CVE-2023-23917 | Rocket Chat | Unspecified vulnerability in Rocket.Chat A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. | 8.8 |
2023-02-23 | CVE-2023-26325 | Wpdeveloper | SQL Injection vulnerability in Wpdeveloper Reviewx The 'rx_export_review' action in the ReviewX WordPress Plugin version < 1.6.4, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters. | 8.8 |
2023-02-23 | CVE-2023-0988 | Online Pizza Ordering System Project | Cross-Site Request Forgery (CSRF) vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. | 8.8 |
2023-02-23 | CVE-2023-24415 | Quantumcloud | Cross-Site Request Forgery (CSRF) vulnerability in Quantumcloud Chatbot Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. | 8.8 |
2023-02-23 | CVE-2023-23659 | Mainwp | Cross-Site Request Forgery (CSRF) vulnerability in Mainwp Motomo Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions. | 8.8 |
2023-02-23 | CVE-2023-24384 | Wpdevart | Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Organization Chart Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. | 8.8 |
2023-02-23 | CVE-2022-48341 | Thingsboard | Unspecified vulnerability in Thingsboard 3.4.1 ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. | 8.8 |
2023-02-22 | CVE-2022-45600 | Aztech | Command Injection vulnerability in Aztech Wmb250Ac Firmware 0162020 Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | 8.8 |
2023-02-22 | CVE-2023-22973 | Open EMR | Path Traversal vulnerability in Open-Emr Openemr A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | 8.8 |
2023-02-22 | CVE-2023-0927 | Use After Free vulnerability in Google Chrome Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-02-22 | CVE-2023-0928 | Use After Free vulnerability in Google Chrome Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-02-22 | CVE-2023-0929 | Use After Free vulnerability in Google Chrome Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-02-22 | CVE-2023-0930 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-02-22 | CVE-2023-0931 | Use After Free vulnerability in Google Chrome Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-02-22 | CVE-2023-0932 | Use After Free vulnerability in Google Chrome Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-02-22 | CVE-2023-0933 | Integer Overflow or Wraparound vulnerability in Google Chrome Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 | |
2023-02-22 | CVE-2023-0941 | Use After Free vulnerability in Google Chrome Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-02-22 | CVE-2023-0966 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. | 8.8 |
2023-02-22 | CVE-2023-0962 | Music Gallery Site Project | SQL Injection vulnerability in Music Gallery Site Project Music Gallery Site 1.0 A vulnerability was found in SourceCodester Music Gallery Site 1.0. | 8.8 |
2023-02-22 | CVE-2022-43873 | IBM | Unspecified vulnerability in IBM Spectrum Virtualize An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. | 8.8 |
2023-02-22 | CVE-2023-26314 | Mono Project Debian | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | 8.8 |
2023-02-22 | CVE-2023-20855 | Vmware | XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. | 8.8 |
2023-02-21 | CVE-2023-25812 | Minio | Unspecified vulnerability in Minio Minio is a Multi-Cloud Object Storage framework. | 8.8 |
2023-02-21 | CVE-2023-0943 | Best POS Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Best POS Management System Project Best POS Management System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. | 8.8 |
2023-02-20 | CVE-2015-10081 | Submitbymailplugin Project | Cross-Site Request Forgery (CSRF) vulnerability in Submitbymailplugin Project Submitbymailplugin 1.0B2.9 A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. | 8.8 |
2023-02-20 | CVE-2022-46836 | Checkmk | Code Injection vulnerability in Checkmk 2.0.0/2.1.0 PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | 8.8 |
2023-02-24 | CVE-2023-26102 | Rangy Project | Unspecified vulnerability in Rangy Project Rangy All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype | 8.2 |
2023-02-26 | CVE-2023-1045 | Muyucms | Path Traversal vulnerability in Muyucms 2.2 A vulnerability was found in MuYuCMS 2.2. | 8.1 |
2023-02-25 | CVE-2023-26032 | Zoneminder | SQL Injection vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 8.1 |
2023-02-23 | CVE-2023-24317 | Judging Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Judging Management System Project Judging Management System 1.0 Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | 8.1 |
2023-02-23 | CVE-2023-26462 | Thingsboard | Use of Hard-coded Credentials vulnerability in Thingsboard 3.4.1 ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. | 8.1 |
2023-02-22 | CVE-2023-0964 | Sales Tracker Management System Project | SQL Injection vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. | 8.1 |
2023-02-26 | CVE-2023-26605 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. | 7.8 |
2023-02-26 | CVE-2023-26606 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. | 7.8 |
2023-02-26 | CVE-2023-1047 | Techpowerup | Improper Initialization vulnerability in Techpowerup Realtemp 3.7.0.0 A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. | 7.8 |
2023-02-26 | CVE-2023-1048 | Techpowerup | Improper Initialization vulnerability in Techpowerup Dram Calculator for Ryzen 1.7.3 A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. | 7.8 |
2023-02-25 | CVE-2023-26544 | Linux | Use After Free vulnerability in Linux Kernel In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. | 7.8 |
2023-02-24 | CVE-2023-1007 | Filseclab | Improper Access Control vulnerability in Filseclab Twister Antivirus 8.17 A vulnerability was found in Twister Antivirus 8.17. | 7.8 |
2023-02-24 | CVE-2023-1005 | Markdown Electron Project | Code Injection vulnerability in Markdown-Electron Project Markdown-Electron A vulnerability was found in JP1016 Markdown-Electron and classified as critical. | 7.8 |
2023-02-24 | CVE-2023-1004 | Marktext | Code Injection vulnerability in Marktext A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. | 7.8 |
2023-02-24 | CVE-2023-0996 | Struktur | Classic Buffer Overflow vulnerability in Struktur Libheif 1.14.2 There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. | 7.8 |
2023-02-23 | CVE-2023-20050 | Cisco | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. | 7.8 |
2023-02-22 | CVE-2023-0104 | Weintek | Path Traversal vulnerability in Weintek Easybuilder PRO The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. | 7.8 |
2023-02-21 | CVE-2023-24575 | Dell | Unspecified vulnerability in Dell Multifunction Printer E525W Driver and Software Suite Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system | 7.8 |
2023-02-21 | CVE-2023-26242 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. | 7.8 |
2023-02-20 | CVE-2022-48339 | GNU | Improper Encoding or Escaping of Output vulnerability in GNU Emacs An issue was discovered in GNU Emacs through 28.2. | 7.8 |
2023-02-20 | CVE-2022-47909 | Checkmk | Unspecified vulnerability in Checkmk 2.0.0/2.1.0 Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | 7.8 |
2023-02-20 | CVE-2016-15026 | DD Plist Project | XXE vulnerability in Dd-Plist Project Dd-Plist A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. | 7.8 |
2023-02-26 | CVE-2022-48363 | Linuxfoundation | Reachable Assertion vulnerability in Linuxfoundation Automotive Grade Linux In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. | 7.5 |
2023-02-25 | CVE-2023-26103 | Deno | Unspecified vulnerability in Deno Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. | 7.5 |
2023-02-25 | CVE-2023-26104 | Lite WEB Server Project | Resource Exhaustion vulnerability in Lite-Web-Server Project Lite-Web-Server All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. | 7.5 |
2023-02-25 | CVE-2023-25821 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud is an Open Source private cloud software. | 7.5 |
2023-02-24 | CVE-2021-34249 | Online Book Store Project | SQL Injection vulnerability in Online Book Store Project Online Book Store 1.0 SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL. | 7.5 |
2023-02-24 | CVE-2022-44310 | Ecdh Project | Exposure of Resource to Wrong Sphere vulnerability in Ecdh Project Ecdh 0.0.0/0.1.0/0.1.1 In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. | 7.5 |
2023-02-24 | CVE-2023-25692 | Apache | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Google Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | 7.5 |
2023-02-24 | CVE-2023-25956 | Apache | Information Exposure Through an Error Message vulnerability in Apache Apache-Airflow-Providers-Amazon Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. | 7.5 |
2023-02-24 | CVE-2023-0994 | Rosariosis | Information Exposure vulnerability in Rosariosis Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | 7.5 |
2023-02-23 | CVE-2023-25824 | MOD Gnutls Project | Infinite Loop vulnerability in MOD Gnutls Project MOD Gnutls 0.10.0/0.9.0/0.9.1 Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. | 7.5 |
2023-02-23 | CVE-2022-4492 | Redhat | Unspecified vulnerability in Redhat products The undertow client is not checking the server identity presented by the server certificate in https connections. | 7.5 |
2023-02-23 | CVE-2023-23918 | Nodejs | Incorrect Authorization vulnerability in Nodejs Node.Js A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). | 7.5 |
2023-02-23 | CVE-2023-23919 | Nodejs | Unspecified vulnerability in Nodejs Node.Js A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. | 7.5 |
2023-02-22 | CVE-2023-22974 | Open EMR | Files or Directories Accessible to External Parties vulnerability in Open-Emr Openemr A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | 7.5 |
2023-02-22 | CVE-2023-25579 | Nextcloud | Path Traversal vulnerability in Nextcloud Server Nextcloud server is a self hosted home cloud product. | 7.5 |
2023-02-22 | CVE-2023-23040 | TP Link | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Tp-Link Tl-Wr940N Firmware 63.19.1 TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. | 7.5 |
2023-02-22 | CVE-2023-23063 | Cellinx | Path Traversal vulnerability in Cellinx NVT web Server 1.0.6.002B Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. | 7.5 |
2023-02-22 | CVE-2022-2883 | Octopus | Unrestricted Upload of File with Dangerous Type vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 7.5 |
2023-02-21 | CVE-2015-10085 | Gopistolet Project | Unspecified vulnerability in Gopistolet Project Gopistolet A vulnerability was found in GoPistolet. | 7.5 |
2023-02-21 | CVE-2017-20178 | Codiad | Unspecified vulnerability in Codiad 2.8.0 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. | 7.5 |
2023-02-21 | CVE-2022-31394 | Hyper | Allocation of Resources Without Limits or Throttling vulnerability in Hyper Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. | 7.5 |
2023-02-21 | CVE-2022-3353 | Hitachienergy | Improper Resource Shutdown or Release vulnerability in Hitachienergy products A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:* | 7.5 |
2023-02-21 | CVE-2022-48340 | Gluster | Use After Free vulnerability in Gluster Glusterfs 11.0 In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free. | 7.5 |
2023-02-21 | CVE-2023-26249 | NIC | Allocation of Resources Without Limits or Throttling vulnerability in NIC Knot Resolver Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. | 7.5 |
2023-02-21 | CVE-2023-26253 | Gluster | Out-of-bounds Read vulnerability in Gluster Glusterfs 11.0 In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. | 7.5 |
2023-02-20 | CVE-2022-44216 | SIR | Missing Authentication for Critical Function vulnerability in SIR Gnuboard 5.5.4/5.5.5 Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. | 7.5 |
2023-02-20 | CVE-2019-25104 | Rtcwcoop | Improper Resource Shutdown or Release vulnerability in Rtcwcoop 1.0.2 A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. | 7.5 |
2023-02-20 | CVE-2021-32848 | Octobox Project | Unspecified vulnerability in Octobox Project Octobox Octobox is software for managing GitHub notifications. | 7.5 |
2023-02-20 | CVE-2022-46303 | Checkmk | OS Command Injection vulnerability in Checkmk 2.0.0/2.1.0 Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions. | 7.5 |
2023-02-20 | CVE-2023-24998 | Apache Debian | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | 7.5 |
2023-02-20 | CVE-2023-25570 | Apolloconfig | Missing Authentication for Critical Function vulnerability in Apolloconfig Apollo Apollo is a configuration management system. | 7.5 |
2023-02-20 | CVE-2023-25656 | Notaryproject | Allocation of Resources Without Limits or Throttling vulnerability in Notaryproject Notation-Go 0.7.0/0.8.0/0.9.0 notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. | 7.5 |
2023-02-20 | CVE-2023-26081 | Gnome Fedoraproject | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | 7.5 |
2023-02-21 | CVE-2023-26266 | AFL Project | Unspecified vulnerability in Afl++ Project Afl++ 4.05C In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. | 7.3 |
2023-02-20 | CVE-2022-48338 | GNU | Command Injection vulnerability in GNU Emacs An issue was discovered in GNU Emacs through 28.2. | 7.3 |
2023-02-24 | CVE-2021-35290 | Balero CMS Project | Unrestricted Upload of File with Dangerous Type vulnerability in Balero CMS Project Balero CMS 0.8.3 File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. | 7.2 |
2023-02-22 | CVE-2023-20858 | Vmware | Injection vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. | 7.2 |
2023-02-21 | CVE-2022-48282 | Mongodb | Deserialization of Untrusted Data vulnerability in Mongodb C# Driver Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. | 7.2 |
2023-02-26 | CVE-2023-26607 | Linux Netapp | Out-of-bounds Read vulnerability in multiple products In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. | 7.1 |
144 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-02-23 | CVE-2023-20015 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. | 6.7 |
2023-02-26 | CVE-2021-3329 | Zephyrproject | Improper Initialization vulnerability in Zephyrproject Zephyr 2.4.0 Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | 6.5 |
2023-02-25 | CVE-2023-26038 | Zoneminder | Untrusted Search Path vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 6.5 |
2023-02-25 | CVE-2023-25816 | Nextcloud | Resource Exhaustion vulnerability in Nextcloud Server 25.0.0/25.0.2 Nextcloud is an Open Source private cloud software. | 6.5 |
2023-02-24 | CVE-2021-35369 | Txjia | Unspecified vulnerability in Txjia Imcat 5.2/5.3 Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function. | 6.5 |
2023-02-24 | CVE-2023-1002 | Muyucms | Path Traversal vulnerability in Muyucms 2.2 A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. | 6.5 |
2023-02-23 | CVE-2023-23296 | Korenix | Resource Exhaustion vulnerability in Korenix products Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. | 6.5 |
2023-02-23 | CVE-2023-20016 | Cisco | Use of Insufficiently Random Values vulnerability in Cisco products A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. | 6.5 |
2023-02-23 | CVE-2023-20089 | Cisco | Memory Leak vulnerability in Cisco Nx-Os A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. | 6.5 |
2023-02-23 | CVE-2023-23915 | Haxx Netapp Splunk | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. | 6.5 |
2023-02-23 | CVE-2023-23916 | Haxx Fedoraproject Debian Netapp Splunk | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. | 6.5 |
2023-02-23 | CVE-2023-0815 | Opennms | Information Exposure Through Log Files vulnerability in Opennms Horizon Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. | 6.5 |
2023-02-23 | CVE-2023-25621 | Apache | Unspecified vulnerability in Apache Sling I18N Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. | 6.5 |
2023-02-22 | CVE-2022-43870 | IBM | Information Exposure Through Log Files vulnerability in IBM Spectrum Virtualize 8.3.0.0/8.4.0.0/8.5.0.0 IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. | 6.5 |
2023-02-22 | CVE-2022-41216 | Hybridsoftware | Path Traversal vulnerability in Hybridsoftware Cloudflow 2.0.0/2.3.1 Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system. | 6.5 |
2023-02-21 | CVE-2023-23009 | Libreswan Debian | Resource Exhaustion vulnerability in multiple products Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. | 6.5 |
2023-02-21 | CVE-2023-0936 | TP Link | Improper Resource Shutdown or Release vulnerability in Tp-Link Archer C50 V2160801 A vulnerability was found in TP-Link Archer C50 V2_160801. | 6.5 |
2023-02-21 | CVE-2023-26267 | PHP Saml SP Project | XXE vulnerability in PHP-Saml-Sp Project PHP-Saml-Sp php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. | 6.5 |
2023-02-20 | CVE-2021-32847 | Mobyproject | Out-of-bounds Read vulnerability in Mobyproject Hyperkit HyperKit is a toolkit for embedding hypervisor capabilities in an application. | 6.5 |
2023-02-26 | CVE-2023-1042 | Online PET Shop WE APP Project | Cross-site Scripting vulnerability in Online PET Shop WE APP Project Online PET Shop WE APP 1.0 A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. | 6.1 |
2023-02-26 | CVE-2023-1036 | Dental Clinic Appointment Reservation System Project | Cross-site Scripting vulnerability in Dental Clinic Appointment Reservation System Project Dental Clinic Appointment Reservation System 1.0 A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. | 6.1 |
2023-02-26 | CVE-2023-1041 | Simple Responsive Tourism Website Project | Cross-site Scripting vulnerability in Simple Responsive Tourism Website Project Simple Responsive Tourism Website 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. | 6.1 |
2023-02-26 | CVE-2019-25105 | DRO PM Project | Cross-site Scripting vulnerability in Dro.Pm Project Dro.Pm A vulnerability, which was classified as problematic, was found in dro.pm. | 6.1 |
2023-02-26 | CVE-2023-26091 | Frappant | Cross-site Scripting vulnerability in Frappant Forms Export The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails. | 6.1 |
2023-02-25 | CVE-2023-25825 | Zoneminder | Cross-site Scripting vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 6.1 |
2023-02-24 | CVE-2023-1030 | Online Boat Reservation System Project | Cross-site Scripting vulnerability in Online Boat Reservation System Project Online Boat Reservation System 1.0 A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. | 6.1 |
2023-02-24 | CVE-2022-48345 | Paypal | Cross-site Scripting vulnerability in Paypal Braintree/Sanitize-Url sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. | 6.1 |
2023-02-23 | CVE-2022-46784 | Squaredup | Open Redirect vulnerability in Squaredup Dashboard Server SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. | 6.1 |
2023-02-23 | CVE-2022-46785 | Squaredup | Cross-site Scripting vulnerability in Squaredup Dashboard Server SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2). | 6.1 |
2023-02-23 | CVE-2023-0044 | Quarkus Redhat | Cross-site Scripting vulnerability in multiple products If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. | 6.1 |
2023-02-23 | CVE-2022-48343 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. | 6.1 |
2023-02-23 | CVE-2022-48344 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. | 6.1 |
2023-02-23 | CVE-2023-0867 | Opennms | Cross-site Scripting vulnerability in Opennms Horizon Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. | 6.1 |
2023-02-23 | CVE-2023-0868 | Opennms | Cross-site Scripting vulnerability in Opennms Horizon Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. | 6.1 |
2023-02-23 | CVE-2023-0869 | Opennms | Cross-site Scripting vulnerability in Opennms Horizon Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. | 6.1 |
2023-02-22 | CVE-2022-29273 | Netgate | Cross-site Scripting vulnerability in Netgate Pfsense pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | 6.1 |
2023-02-22 | CVE-2023-24810 | Misskey | Cross-site Scripting vulnerability in Misskey Misskey is an open source, decentralized social media platform. | 6.1 |
2023-02-22 | CVE-2023-24811 | Misskey | Cross-site Scripting vulnerability in Misskey Misskey is an open source, decentralized social media platform. | 6.1 |
2023-02-22 | CVE-2023-0846 | Opennms | Cross-site Scripting vulnerability in Opennms Horizon Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. | 6.1 |
2023-02-22 | CVE-2023-25154 | Misskey | Cross-site Scripting vulnerability in Misskey Misskey is an open source, decentralized social media platform. | 6.1 |
2023-02-22 | CVE-2021-4325 | Nhncloud | Cross-site Scripting vulnerability in Nhncloud Toast UI Chart 4.1.4 A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. | 6.1 |
2023-02-22 | CVE-2022-38779 | Elastic | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
2023-02-21 | CVE-2023-0942 | Artisanworkshop | Unspecified vulnerability in Artisanworkshop Japanized for Woocommerce The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. | 6.1 |
2023-02-21 | CVE-2023-22984 | Axis | Cross-site Scripting vulnerability in Axis 207W Firmware A Vulnerability was discovered in Axis 207W network camera. | 6.1 |
2023-02-21 | CVE-2021-32854 | Textangular | Cross-site Scripting vulnerability in Textangular textAngular is a text editor for Angular.js. | 6.1 |
2023-02-21 | CVE-2021-32855 | B3Log | Cross-site Scripting vulnerability in B3Log Vditor Vditor is a browser-side Markdown editor. | 6.1 |
2023-02-21 | CVE-2021-32856 | Microweber | Cross-site Scripting vulnerability in Microweber Microweber is a drag and drop website builder and content management system. | 6.1 |
2023-02-21 | CVE-2021-32857 | Agentejo | Cross-site Scripting vulnerability in Agentejo Cockpit Cockpit is a content management system that allows addition of content management functionality to any site. | 6.1 |
2023-02-21 | CVE-2021-32858 | Esdoc | Cross-site Scripting vulnerability in Esdoc Esdoc-Publish-Html-Plugin esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. | 6.1 |
2023-02-21 | CVE-2021-32859 | Baremetrics | Cross-site Scripting vulnerability in Baremetrics Date Range Picker The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. | 6.1 |
2023-02-21 | CVE-2021-32860 | Izimodal Project | Cross-site Scripting vulnerability in Izimodal Project Izimodal iziModal is a modal plugin with jQuery. | 6.1 |
2023-02-21 | CVE-2022-4897 | Ithemes | Unspecified vulnerability in Ithemes Backupbuddy 8.5.8.0/8.7.4.1/8.7.5.0 The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting | 6.1 |
2023-02-21 | CVE-2023-0428 | Kibokolabs | Cross-site Scripting vulnerability in Kibokolabs Watu Quiz The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
2023-02-21 | CVE-2023-0442 | Loan Comparison Project | Unspecified vulnerability in Loan Comparison Project Loan Comparison The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL. | 6.1 |
2023-02-21 | CVE-2014-125089 | Cention Chatserver Project | Cross-site Scripting vulnerability in Cention-Chatserver Project Cention-Chatserver 3.8.0 A vulnerability was found in cention-chatserver 3.8.0-rc1. | 6.1 |
2023-02-21 | CVE-2023-26235 | JD GUI Project | Cross-site Scripting vulnerability in Jd-Gui Project Jd-Gui 1.6.6 JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java. | 6.1 |
2023-02-20 | CVE-2021-32850 | Jquery Minicolors Project | Cross-site Scripting vulnerability in Jquery-Minicolors Project Jquery-Minicolors jQuery MiniColors is a color picker built on jQuery. | 6.1 |
2023-02-20 | CVE-2021-32851 | Mind Elixir Project | Cross-site Scripting vulnerability in Mind-Elixir Project Mind-Elixir Mind-elixir is a free, open source mind map core. | 6.1 |
2023-02-20 | CVE-2022-3901 | Visioglobe | Unspecified vulnerability in Visioglobe Visioweb 1.10.6 Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system. | 6.1 |
2023-02-20 | CVE-2016-15027 | Metaphorcreations | Cross-site Scripting vulnerability in Metaphorcreations Post Duplicator 2.18 A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. | 6.1 |
2023-02-20 | CVE-2015-10080 | Nrel | Cross-site Scripting vulnerability in Nrel API Umbrella 0.7.1 A vulnerability was found in NREL api-umbrella-web 0.7.1. | 6.1 |
2023-02-20 | CVE-2016-15025 | Generator Hottowel Project | Cross-site Scripting vulnerability in Generator-Hottowel Project Generator-Hottowel 0.0.11 A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. | 6.1 |
2023-02-20 | CVE-2014-125088 | QT Users | Cross-site Scripting vulnerability in Qt-Users Silk 0.0.1 A vulnerability was found in qt-users-jp silk 0.0.1. | 6.1 |
2023-02-22 | CVE-2023-23039 | Linux | Race Condition vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 6.2.0-rc2. | 5.7 |
2023-02-20 | CVE-2023-25569 | Apolloconfig | Cross-Site Request Forgery (CSRF) vulnerability in Apolloconfig Apollo Apollo is a configuration management system. | 5.7 |
2023-02-24 | CVE-2023-23205 | MZ Automation | Memory Leak vulnerability in Mz-Automation Lib60870 2.3.2 An issue was discovered in lib60870 v2.3.2. | 5.5 |
2023-02-24 | CVE-2022-43923 | IBM | Information Exposure Through Log Files vulnerability in IBM Maximo Application Suite 8.8.0/8.9.0 IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. | 5.5 |
2023-02-24 | CVE-2023-1008 | Filseclab | Improper Resource Shutdown or Release vulnerability in Filseclab Twister Antivirus 8.17 A vulnerability was found in Twister Antivirus 8.17. | 5.5 |
2023-02-24 | CVE-2023-1009 | Draytek | Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. | 5.5 |
2023-02-24 | CVE-2023-1010 | Vox2Png Project | Heap-based Buffer Overflow vulnerability in Vox2Png Project Vox2Png 1.0 A vulnerability classified as critical was found in vox2png 1.0. | 5.5 |
2023-02-24 | CVE-2022-46440 | Swftools | Unspecified vulnerability in Swftools 0.9.2 ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c. | 5.5 |
2023-02-23 | CVE-2023-0597 | Linux | Memory Leak vulnerability in Linux Kernel 6.2 A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. | 5.5 |
2023-02-23 | CVE-2023-26303 | Executablebooks | Unspecified vulnerability in Executablebooks Markdown-It-Py Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | 5.5 |
2023-02-22 | CVE-2023-26302 | Executablebooks | Unspecified vulnerability in Executablebooks Markdown-It-Py Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | 5.5 |
2023-02-22 | CVE-2021-33367 | Freeimage Project | Out-of-bounds Read vulnerability in Freeimage Project Freeimage 3.18.0 Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file. | 5.5 |
2023-02-20 | CVE-2022-48319 | Checkmk | Information Exposure Through Log Files vulnerability in Checkmk 2.0.0/2.1.0 Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file. | 5.5 |
2023-02-24 | CVE-2023-0586 | Aioseo | Unspecified vulnerability in Aioseo ALL in ONE SEO The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. | 5.4 |
2023-02-24 | CVE-2023-1006 | Medical Certificate Generator APP Project | Cross-site Scripting vulnerability in Medical Certificate Generator APP Project Medical Certificate Generator APP 1.0 A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. | 5.4 |
2023-02-24 | CVE-2023-22425 | SS Proj | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
2023-02-24 | CVE-2023-0995 | Business Management System Project | Cross-site Scripting vulnerability in Business Management System Project Business Management System Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1. | 5.4 |
2023-02-23 | CVE-2022-46786 | Squaredup | Cross-site Scripting vulnerability in Squaredup Dashboard Server SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2). | 5.4 |
2023-02-23 | CVE-2023-0987 | Online Pizza Ordering System Project | Cross-site Scripting vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. | 5.4 |
2023-02-22 | CVE-2023-22972 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. | 5.4 |
2023-02-22 | CVE-2022-41565 | Tibco | Cross-site Scripting vulnerability in Tibco products The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. | 5.4 |
2023-02-22 | CVE-2022-41566 | Tibco | Cross-site Scripting vulnerability in Tibco EBX Add-Ons The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. | 5.4 |
2023-02-22 | CVE-2022-41567 | Tibco | Cross-site Scripting vulnerability in Tibco Businessconnect The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. | 5.4 |
2023-02-22 | CVE-2022-43578 | IBM | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. | 5.4 |
2023-02-22 | CVE-2023-26214 | Tibco | Cross-site Scripting vulnerability in Tibco Businessconnect The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. | 5.4 |
2023-02-21 | CVE-2023-24081 | GO Redrock | Cross-site Scripting vulnerability in Go-Redrock Tutortrac Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page. | 5.4 |
2023-02-21 | CVE-2023-0945 | Best POS Management System Project | Cross-site Scripting vulnerability in Best POS Management System Project Best POS Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. | 5.4 |
2023-02-21 | CVE-2023-25810 | Uptime Kuma Project | Cross-site Scripting vulnerability in Uptime-Kuma Project Uptime-Kuma Uptime Kuma is a self-hosted monitoring tool. | 5.4 |
2023-02-21 | CVE-2023-25811 | Uptime Kuma Project | Cross-site Scripting vulnerability in Uptime-Kuma Project Uptime-Kuma Uptime Kuma is a self-hosted monitoring tool. | 5.4 |
2023-02-21 | CVE-2023-0934 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5. | 5.4 |
2023-02-21 | CVE-2023-25928 | IBM | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
2023-02-21 | CVE-2020-36656 | Brainstormforce | Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. | 5.4 |
2023-02-21 | CVE-2022-4622 | Wpbrigade | Unspecified vulnerability in Wpbrigade Login Logout Menu The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4666 | Terakoya | Unspecified vulnerability in Terakoya Markup (Json-Ld) Structured in Schema.Org The Markup (JSON-LD) structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2022-4669 | Livecomposerplugin | Unspecified vulnerability in Livecomposerplugin Page Builder: Live Composer The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2022-4714 | Wppool | Unspecified vulnerability in Wppool WP Dark Mode The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack | 5.4 |
2023-02-21 | CVE-2022-4750 | WP Responsive Testimonials Slider AND Widget Project | Unspecified vulnerability in WP Responsive Testimonials Slider and Widget Project WP Responsive Testimonials Slider and Widget The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4752 | Opening Hours Project | Unspecified vulnerability in Opening Hours Project Opening Hours The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4754 | Easy Social BOX Project | Unspecified vulnerability in Easy Social BOX Project Easy Social BOX 4.1.2 The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4761 | Post Views Count Project | Unspecified vulnerability in Post Views Count Project Post Views Count The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4764 | Simple File Downloader Project | Unspecified vulnerability in Simple File Downloader Project Simple File Downloader The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4777 | Bootstrap Shortcodes Project | Unspecified vulnerability in Bootstrap Shortcodes Project Bootstrap Shortcodes The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4784 | Presscustomizr | Cross-site Scripting vulnerability in Presscustomizr Hueman Addons The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4785 | Video Sidebar Widgets Project | Unspecified vulnerability in Video Sidebar Widgets Project Video Sidebar Widgets The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4786 | Video JS Project | Unspecified vulnerability in Video.Js Project Video.Js The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2022-4791 | Essentialplugin | Unspecified vulnerability in Essentialplugin Product Slider and Carousel With Category With Woocommerce The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 5.4 |
2023-02-21 | CVE-2023-0059 | Kainelabs | Unspecified vulnerability in Kainelabs Youzify The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0067 | Timed Content Project | Cross-site Scripting vulnerability in Timed Content Project Timed Content The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0231 | Hasthemes | Unspecified vulnerability in Hasthemes Shoplentor The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0271 | WP Font Awesome Project | Unspecified vulnerability in WP Font Awesome Project WP Font Awesome The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0285 | Devowl | Unspecified vulnerability in Devowl Real Media Library The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0366 | Quick Plugins | Unspecified vulnerability in Quick-Plugins Loan Comparison The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2023-0371 | Embedsocial | Unspecified vulnerability in Embedsocial The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2023-0372 | Embedsocial | Unspecified vulnerability in Embedsocial Embedstories The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2023-0375 | Bootstrapped | Unspecified vulnerability in Bootstrapped Easy Affiliate Links The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0378 | Greenshiftwp | Unspecified vulnerability in Greenshiftwp Greenshift - Animation and Page Builder Blocks The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0380 | Sandhillsdev | Unspecified vulnerability in Sandhillsdev Easy Digital Downloads The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0419 | SMG Webdesign | Unspecified vulnerability in Smg-Webdesign Shortcode for Font Awesome The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0492 | Gsplugins | Unspecified vulnerability in Gsplugins GS products Slider The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-21 | CVE-2023-0540 | Gsplugins | Unspecified vulnerability in Gsplugins GS Filterable Portfolio The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0541 | Gsplugins | Unspecified vulnerability in Gsplugins GS Books Showcase The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-21 | CVE-2023-0559 | Gsplugins | Unspecified vulnerability in Gsplugins GS Portfolio for Envato The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-24 | CVE-2023-0595 | Schneider Electric | Improper Encoding or Escaping of Output vulnerability in Schneider-Electric products A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). | 5.3 |
2023-02-24 | CVE-2023-0998 | Alphaware Simple E Commerce System Project | Improper Access Control vulnerability in Alphaware Simple E-Commerce System Project Alphaware Simple E-Commerce System 1.0 A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. | 5.3 |
2023-02-21 | CVE-2023-26265 | Borg Project | Path Traversal vulnerability in Borg Project Borg The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. | 5.3 |
2023-02-20 | CVE-2022-48318 | Checkmk | Missing Authorization vulnerability in Checkmk 2.0.0/2.1.0 No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation. | 5.3 |
2023-02-24 | CVE-2022-4203 | Openssl | Out-of-bounds Read vulnerability in Openssl A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. | 4.9 |
2023-02-24 | CVE-2023-0585 | Aioseo | Unspecified vulnerability in Aioseo ALL in ONE SEO The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. | 4.8 |
2023-02-24 | CVE-2023-22427 | SS Proj | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. | 4.8 |
2023-02-22 | CVE-2023-0949 | Modoboa | Cross-site Scripting vulnerability in Modoboa 2.0.4 Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5. | 4.8 |
2023-02-21 | CVE-2023-0429 | Kibokolabs | Unspecified vulnerability in Kibokolabs Watu Quiz The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-02-25 | CVE-2023-26545 | Linux Netapp | Double Free vulnerability in multiple products In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | 4.7 |
2023-02-23 | CVE-2023-20012 | Cisco | Improper Authentication vulnerability in Cisco products A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. | 4.6 |
2023-02-26 | CVE-2023-1043 | Muyucms | Path Traversal vulnerability in Muyucms 2.2 A vulnerability was found in MuYuCMS 2.2. | 4.3 |
2023-02-24 | CVE-2023-1029 | Joomunited | Cross-Site Request Forgery (CSRF) vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. | 4.3 |
2023-02-23 | CVE-2023-22476 | Mantisbt | Unspecified vulnerability in Mantisbt Mantis Bug Tracker (MantisBT) is an open source issue tracker. | 4.3 |
2023-02-21 | CVE-2022-4385 | Intuitive Custom Post Order Project | Unspecified vulnerability in Intuitive Custom Post Order Project Intuitive Custom Post Order The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order | 4.3 |
2023-02-21 | CVE-2022-4386 | Intuitive Custom Post Order Project | Unspecified vulnerability in Intuitive Custom Post Order Project Intuitive Custom Post Order The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack | 4.3 |
2023-02-21 | CVE-2023-0453 | Apusthemes | Unspecified vulnerability in Apusthemes WP Private Messaging The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. | 4.3 |
2023-02-20 | CVE-2022-48320 | Checkmk | Cross-Site Request Forgery (CSRF) vulnerability in Checkmk 2.0.0/2.1.0 Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages. | 4.3 |
2023-02-23 | CVE-2023-23920 | Nodejs Debian | Untrusted Search Path vulnerability in multiple products An untrusted search path vulnerability exists in Node.js. | 4.2 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-02-24 | CVE-2023-0481 | Quarkus | Exposure of Resource to Wrong Sphere vulnerability in Quarkus In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | 3.3 |
2023-02-23 | CVE-2022-3219 | Gnupg | Out-of-bounds Write vulnerability in Gnupg GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. | 3.3 |
2023-02-20 | CVE-2022-48321 | Checkmk | Server-Side Request Forgery (SSRF) vulnerability in Checkmk 2.1.0 Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | 3.3 |