Weekly Vulnerabilities Reports > February 27 to March 5, 2023
Overview
491 new vulnerabilities reported during this period, including 72 critical vulnerabilities and 165 high severity vulnerabilities. This weekly summary report vulnerabilities in 638 products from 202 vendors including Apple, Arubanetworks, Heimgardtechnologies, Google, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Command Injection", and "Cross-Site Request Forgery (CSRF)".
- 378 reported vulnerabilities are remotely exploitables.
- 171 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 263 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 55 reported vulnerabilities.
- Arubanetworks has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
72 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-02 | CVE-2023-26055 | Xwiki | Unspecified vulnerability in Xwiki Commons XWiki Commons are technical libraries common to several other top level XWiki projects. | 9.9 |
2023-03-05 | CVE-2021-4329 | Json Logic JS Project | Command Injection vulnerability in Json-Logic-Js Project Json-Logic-Js 2.0.0 A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. | 9.8 |
2023-03-05 | CVE-2008-10003 | Flashgames Project | SQL Injection vulnerability in Flashgames Project Flashgames 1.1.0 A vulnerability was found in iGamingModules flashgames 1.1.0. | 9.8 |
2023-03-04 | CVE-2014-125091 | Codepeople | SQL Injection vulnerability in Codepeople Polls CP 1.0.1 A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. | 9.8 |
2023-03-03 | CVE-2023-26779 | YF Exam Project | Deserialization of Untrusted Data vulnerability in Yf-Exam Project Yf-Exam 1.8.0 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). | 9.8 |
2023-03-03 | CVE-2022-46973 | Anji Plus | Server-Side Request Forgery (SSRF) vulnerability in Anji-Plus Aj-Report 0.9.8.6 Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. | 9.8 |
2023-03-03 | CVE-2023-27574 | Shadowsocks | Unspecified vulnerability in Shadowsocks Shadowsocksx-Ng 1.10.0 ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. | 9.8 |
2023-03-03 | CVE-2023-24641 | Judging Management System Project | SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0 Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. | 9.8 |
2023-03-03 | CVE-2023-24642 | Judging Management System Project | SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0 Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. | 9.8 |
2023-03-03 | CVE-2023-24643 | Judging Management System Project | SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0 Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. | 9.8 |
2023-03-03 | CVE-2023-20078 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. | 9.8 |
2023-03-03 | CVE-2022-45551 | ZBT | Missing Authentication for Critical Function vulnerability in ZBT We1626 Firmware 21.06.18 An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. | 9.8 |
2023-03-03 | CVE-2022-45553 | ZBT | Unspecified vulnerability in ZBT We1626 Firmware 21.06.18 An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. | 9.8 |
2023-03-02 | CVE-2022-46501 | Accruent | SQL Injection vulnerability in Accruent Maintenance Connection 2021/2022.2 Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. | 9.8 |
2023-03-02 | CVE-2021-4328 | Lionfish CMS Project | SQL Injection vulnerability in Lionfish CMS Project Lionfish CMS A vulnerability has been found in ???CMS and classified as critical. | 9.8 |
2023-03-02 | CVE-2023-26477 | Xwiki | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 9.8 |
2023-03-02 | CVE-2023-26780 | YF Exam Project | SQL Injection vulnerability in Yf-Exam Project Yf-Exam 1.8.0 CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. | 9.8 |
2023-03-02 | CVE-2021-3854 | Glox | SQL Injection vulnerability in Glox Useroam Hotspot Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15. | 9.8 |
2023-03-02 | CVE-2023-1151 | Electronic Medical Records System Project | SQL Injection vulnerability in Electronic Medical Records System Project Electronic Medical Records System 1.0 A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. | 9.8 |
2023-03-02 | CVE-2023-26053 | Gradle | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 9.8 |
2023-03-01 | CVE-2023-1097 | Baicells | Command Injection vulnerability in Baicells Eg7035-M11 Firmware Bceodu1.0.8 Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. | 9.8 |
2023-03-01 | CVE-2023-1130 | Computer Parts Sales AND Inventory System Project | SQL Injection vulnerability in Computer Parts Sales and Inventory System Project Computer Parts Sales and Inventory System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. | 9.8 |
2023-03-01 | CVE-2023-23315 | Stripe | SQL Injection vulnerability in Stripe Payment PRO The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. | 9.8 |
2023-03-01 | CVE-2023-1064 | Uzaybaskul | SQL Injection vulnerability in Uzaybaskul Weighbridge Automation Software Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.This issue affects Weighbridge Automation Software: before 1.1. | 9.8 |
2023-03-01 | CVE-2023-1114 | Eskom | Missing Authorization vulnerability in Eskom E-Belediye 1.0.0.95 Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100. | 9.8 |
2023-03-01 | CVE-2021-4327 | Serenityos | Integer Overflow or Wraparound vulnerability in Serenityos 20191230 A vulnerability was found in SerenityOS. | 9.8 |
2023-03-01 | CVE-2023-1112 | Codedropz | Path Traversal vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 5.0.6.1 A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. | 9.8 |
2023-03-01 | CVE-2022-37936 | HPE | Deserialization of Untrusted Data vulnerability in HPE Serviceguard for Linux Unauthenticated Java deserialization vulnerability in Serviceguard Manager | 9.8 |
2023-03-01 | CVE-2022-37937 | HPE | Out-of-bounds Write vulnerability in HPE Serviceguard for Linux Pre-auth memory corruption in HPE Serviceguard | 9.8 |
2023-03-01 | CVE-2022-37938 | HPE | Server-Side Request Forgery (SSRF) vulnerability in HPE Serviceguard for Linux Unauthenticated server side request forgery in HPE Serviceguard Manager | 9.8 |
2023-03-01 | CVE-2023-20032 | Cisco Clamav Stormshield | Out-of-bounds Write vulnerability in multiple products On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. | 9.8 |
2023-03-01 | CVE-2023-22747 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). | 9.8 |
2023-03-01 | CVE-2023-22748 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). | 9.8 |
2023-03-01 | CVE-2023-22749 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). | 9.8 |
2023-03-01 | CVE-2023-22750 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). | 9.8 |
2023-03-01 | CVE-2023-22751 | Arubanetworks | Out-of-bounds Write vulnerability in Arubanetworks Arubaos and Sd-Wan There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). | 9.8 |
2023-03-01 | CVE-2023-22752 | Arubanetworks | Out-of-bounds Write vulnerability in Arubanetworks Arubaos and Sd-Wan There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). | 9.8 |
2023-03-01 | CVE-2023-22753 | Arubanetworks | Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. | 9.8 |
2023-03-01 | CVE-2023-22754 | Arubanetworks | Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. | 9.8 |
2023-03-01 | CVE-2023-22755 | Arubanetworks | Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. | 9.8 |
2023-03-01 | CVE-2023-22756 | Arubanetworks | Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. | 9.8 |
2023-03-01 | CVE-2023-22757 | Arubanetworks | Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. | 9.8 |
2023-02-28 | CVE-2023-1099 | Online Student Management System Project | SQL Injection vulnerability in Online Student Management System Project Online Student Management System 1.0 A vulnerability was found in SourceCodester Online Student Management System 1.0. | 9.8 |
2023-02-28 | CVE-2023-1100 | Online Catering Reservation System Project | SQL Injection vulnerability in Online Catering Reservation System Project Online Catering Reservation System 1.0 A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. | 9.8 |
2023-02-28 | CVE-2023-27372 | Spip Debian | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. | 9.8 |
2023-02-28 | CVE-2023-0339 | Forgerock | Path Traversal vulnerability in Forgerock web Policy Agents 5.10/5.10.1 Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1 | 9.8 |
2023-02-28 | CVE-2023-0511 | Forgerock | Path Traversal vulnerability in Forgerock Java Policy Agents 5.10.1 Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1 | 9.8 |
2023-02-28 | CVE-2023-20946 | Unspecified vulnerability in Google Android In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. | 9.8 | |
2023-02-28 | CVE-2015-10086 | Server PHP Project | SQL Injection vulnerability in Server-PHP Project Server-PHP A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. | 9.8 |
2023-02-27 | CVE-2023-24258 | Spip | SQL Injection vulnerability in Spip SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. | 9.8 |
2023-02-27 | CVE-2022-26760 | Apple | Out-of-bounds Write vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved state management. | 9.8 |
2023-02-27 | CVE-2022-46723 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 9.8 |
2023-02-27 | CVE-2023-23513 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 9.8 |
2023-02-27 | CVE-2023-24253 | Domoticalabs | SQL Injection vulnerability in Domoticalabs Ikon Server Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. | 9.8 |
2023-02-27 | CVE-2022-48255 | Huawei | Command Injection vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325 There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. | 9.8 |
2023-02-27 | CVE-2022-48259 | Huawei | Command Injection vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325 There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. | 9.8 |
2023-02-27 | CVE-2022-48283 | Huawei | Improper Privilege Management vulnerability in Huawei Hilink AI Life 12.0.2.305 A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. | 9.8 |
2023-02-27 | CVE-2022-48284 | Huawei | Improper Privilege Management vulnerability in Huawei Hilink AI Life 12.0.2.305 A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. | 9.8 |
2023-02-27 | CVE-2023-23155 | Phpgurukul | SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0 Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | 9.8 |
2023-02-27 | CVE-2023-23156 | Phpgurukul | SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0 Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | 9.8 |
2023-02-27 | CVE-2023-25231 | Tenda | Out-of-bounds Write vulnerability in Tenda W30E Firmware V1.0.1.25(633) Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | 9.8 |
2023-02-27 | CVE-2023-25233 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac500 Firmware 2.0.1.9(1307) Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | 9.8 |
2023-02-27 | CVE-2023-25234 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac500 Firmware 2.0.1.9(1307) Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface. | 9.8 |
2023-02-27 | CVE-2022-45138 | Wago | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. | 9.8 |
2023-02-27 | CVE-2022-45140 | Wago | Missing Authentication for Critical Function vulnerability in Wago products The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | 9.8 |
2023-02-27 | CVE-2023-23080 | Tenda | Command Injection vulnerability in Tenda products Certain Tenda products are vulnerable to command injection. | 9.8 |
2023-02-27 | CVE-2023-24206 | Davinci Project | SQL Injection vulnerability in Davinci Project Davinci 0.3.0 Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | 9.8 |
2023-02-27 | CVE-2023-1053 | Music Gallery Site Project | SQL Injection vulnerability in Music Gallery Site Project Music Gallery Site 1.0 A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. | 9.8 |
2023-02-27 | CVE-2023-1054 | Music Gallery Site Project | SQL Injection vulnerability in Music Gallery Site Project Music Gallery Site 1.0 A vulnerability was found in SourceCodester Music Gallery Site 1.0. | 9.8 |
2023-03-03 | CVE-2023-0957 | Gitpod | Origin Validation Error vulnerability in Gitpod An issue was discovered in Gitpod versions prior to release-2022.11.2.16. | 9.6 |
2023-03-03 | CVE-2023-27290 | IBM | Missing Authentication for Critical Function vulnerability in IBM Observability With Instana Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. | 9.1 |
2023-02-27 | CVE-2022-34909 | Aremis | SQL Injection vulnerability in Aremis 4 Nomads An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. | 9.1 |
165 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-04 | CVE-2023-23929 | Vantage6 | Insufficient Session Expiration vulnerability in Vantage6 vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. | 8.8 |
2023-03-04 | CVE-2023-26490 | Mailcow | OS Command Injection vulnerability in Mailcow Mailcow: Dockerized mailcow is a dockerized email package, with multiple containers linked in one bridged network. | 8.8 |
2023-03-03 | CVE-2023-1162 | Draytek | Command Injection vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. | 8.8 |
2023-03-02 | CVE-2023-1101 | Sonicwall | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | 8.8 |
2023-03-02 | CVE-2023-22381 | Github | Code Injection vulnerability in Github Enterprise Server A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. | 8.8 |
2023-03-02 | CVE-2023-26471 | Xwiki | Unspecified vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.8 |
2023-03-02 | CVE-2023-26472 | Xwiki | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.8 |
2023-03-02 | CVE-2023-26474 | Xwiki | Unspecified vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.8 |
2023-03-02 | CVE-2023-26475 | Xwiki | Improper Privilege Management vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.8 |
2023-03-02 | CVE-2023-25361 | Webkitgtk | Use After Free vulnerability in Webkitgtk A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 |
2023-03-02 | CVE-2023-25362 | Webkitgtk | Use After Free vulnerability in Webkitgtk A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 |
2023-03-02 | CVE-2023-25363 | Webkitgtk | Use After Free vulnerability in Webkitgtk A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 |
2023-03-02 | CVE-2023-25358 | Webkitgtk Fedoraproject | Use After Free vulnerability in multiple products A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 |
2023-03-02 | CVE-2023-25360 | Webkitgtk | Use After Free vulnerability in Webkitgtk A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 |
2023-03-02 | CVE-2023-0228 | ABB | Improper Authentication vulnerability in ABB Symphony Plus S+ Operations 2.1/2.2/3.3 Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. | 8.8 |
2023-03-01 | CVE-2022-3294 | Kubernetes | Unspecified vulnerability in Kubernetes Users may have access to secure endpoints in the control plane network. | 8.8 |
2023-03-01 | CVE-2022-45608 | Thingsboard | Unspecified vulnerability in Thingsboard 3.4.1 An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. | 8.8 |
2023-03-01 | CVE-2023-25222 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5 A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c. | 8.8 |
2023-03-01 | CVE-2022-45068 | Mercadopago | Cross-Site Request Forgery (CSRF) vulnerability in Mercadopago Mercado Pago Payments for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | 8.8 |
2023-03-01 | CVE-2021-3855 | Liman | Command Injection vulnerability in Liman Port MYS 1.7.0 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462. | 8.8 |
2023-03-01 | CVE-2023-0951 | Devolutions | Unspecified vulnerability in Devolutions Server Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. | 8.8 |
2023-03-01 | CVE-2023-0953 | Devolutions | SQL Injection vulnerability in Devolutions Server Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. | 8.8 |
2023-02-28 | CVE-2023-25266 | Docmosis | Unspecified vulnerability in Docmosis Tornado An issue was discovered in Docmosis Tornado prior to version 2.9.5. | 8.8 |
2023-02-28 | CVE-2022-43459 | Captainform | Cross-Site Request Forgery (CSRF) vulnerability in Captainform Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions. | 8.8 |
2023-02-28 | CVE-2023-24419 | Strategy11 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Formidable Form Builder Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. | 8.8 |
2023-02-27 | CVE-2022-42826 | Apple Webkitgtk | Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. | 8.8 |
2023-02-27 | CVE-2023-23496 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 8.8 |
2023-02-27 | CVE-2023-23517 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 8.8 |
2023-02-27 | CVE-2023-23518 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 8.8 |
2023-02-27 | CVE-2023-23529 | Apple | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |
2023-02-27 | CVE-2023-0381 | TRI | Unspecified vulnerability in TRI Gigpress The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks | 8.8 |
2023-02-27 | CVE-2023-24364 | Simple Customer Relationship Management System Project | SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0 Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel. | 8.8 |
2023-02-27 | CVE-2023-24652 | Simple Customer Relationship Management System Project | SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0 Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function. | 8.8 |
2023-02-27 | CVE-2023-24653 | Simple Customer Relationship Management System Project | SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0 Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function. | 8.8 |
2023-02-27 | CVE-2023-24654 | Simple Customer Relationship Management System Project | SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0 Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function. | 8.8 |
2023-02-27 | CVE-2023-24656 | Simple Customer Relationship Management System Project | SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0 Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function. | 8.8 |
2023-02-27 | CVE-2023-26759 | Smeup | OS Command Injection vulnerability in Smeup ERP Tokyov6R1M220406 Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | 8.8 |
2023-02-27 | CVE-2023-26762 | Smeup | Unrestricted Upload of File with Dangerous Type vulnerability in Smeup ERP Tokyov6R1M220406 Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | 8.8 |
2023-02-27 | CVE-2023-1056 | Doctors Appointment System Project | SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0 A vulnerability was found in SourceCodester Doctors Appointment System 1.0. | 8.8 |
2023-02-27 | CVE-2023-1057 | Doctors Appointment System Project | SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0 A vulnerability was found in SourceCodester Doctors Appointment System 1.0. | 8.8 |
2023-02-27 | CVE-2023-1058 | Doctors Appointment System Project | SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0 A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. | 8.8 |
2023-02-27 | CVE-2023-1059 | Doctors Appointment System Project | SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0 A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. | 8.8 |
2023-02-27 | CVE-2023-1061 | Doctors Appointment System Project | SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. | 8.8 |
2023-02-27 | CVE-2023-1062 | Doctors Appointment System Project | SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. | 8.8 |
2023-02-27 | CVE-2023-1063 | Doctors Appointment System Project | SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0 A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. | 8.8 |
2023-02-27 | CVE-2023-23530 | Apple | Unspecified vulnerability in Apple Ipados and Iphone OS The issue was addressed with improved memory handling. | 8.6 |
2023-02-27 | CVE-2023-23531 | Apple | Unspecified vulnerability in Apple Ipados and Iphone OS The issue was addressed with improved memory handling. | 8.6 |
2023-03-05 | CVE-2015-10088 | Ayttm Project | Use of Externally-Controlled Format String vulnerability in Ayttm Project Ayttm A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. | 8.1 |
2023-03-02 | CVE-2023-26478 | Xwiki | Unspecified vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 8.1 |
2023-03-01 | CVE-2023-1105 | Flatpress | External Control of File Name or Path vulnerability in Flatpress External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. | 8.1 |
2023-03-01 | CVE-2023-0847 | Dash7 Alliance | Out-of-bounds Write vulnerability in Dash7-Alliance Dash7 Alliance Protcol The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. | 8.1 |
2023-02-28 | CVE-2022-4895 | Hitachi | Improper Certificate Validation vulnerability in Hitachi products Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00. | 8.1 |
2023-03-05 | CVE-2023-27635 | Debian | Injection vulnerability in Debian Debmany 0.88.1 debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. | 7.8 |
2023-03-03 | CVE-2023-27566 | Live2D | Out-of-bounds Write vulnerability in Live2D Cubism Editor 4.2.03 Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file. | 7.8 |
2023-03-03 | CVE-2023-26604 | Systemd Project | Unspecified vulnerability in Systemd Project Systemd systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. | 7.8 |
2023-03-03 | CVE-2022-45988 | Starsoftcomm | Improper Privilege Management vulnerability in Starsoftcomm Coocare starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. | 7.8 |
2023-03-03 | CVE-2022-47664 | Struktur | Classic Buffer Overflow vulnerability in Struktur Libde265 1.0.9 Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse | 7.8 |
2023-03-03 | CVE-2022-47665 | Struktur | Out-of-bounds Write vulnerability in Struktur Libde265 1.0.9 Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) | 7.8 |
2023-03-03 | CVE-2023-1164 | Kylinos | Incorrect Authorization vulnerability in Kylinos Kylin OS A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. | 7.8 |
2023-03-02 | CVE-2023-1118 | Linux | Use After Free vulnerability in Linux Kernel A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. | 7.8 |
2023-03-01 | CVE-2023-1127 | VIM Fedoraproject | Divide By Zero vulnerability in multiple products Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | 7.8 |
2023-03-01 | CVE-2023-23000 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. | 7.8 |
2023-03-01 | CVE-2023-25221 | Struktur Debian | Out-of-bounds Write vulnerability in multiple products Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. | 7.8 |
2023-03-01 | CVE-2021-4326 | Linuxfoundation | Unspecified vulnerability in Linuxfoundation Zowe 1.16.0/2.0.0 A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. | 7.8 |
2023-03-01 | CVE-2022-27677 | AMD | Improper Privilege Management vulnerability in AMD Ryzen Master 2.2.0.1543 Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user. | 7.8 |
2023-02-28 | CVE-2023-1017 | Trustedcomputinggroup Microsoft | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. | 7.8 |
2023-02-28 | CVE-2023-20933 | Use After Free vulnerability in Google Android In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. | 7.8 | |
2023-02-28 | CVE-2023-20934 | Unspecified vulnerability in Google Android 12.0/12.1/13.0 In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. | 7.8 | |
2023-02-28 | CVE-2023-20937 | Use After Free vulnerability in Google Android In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. | 7.8 | |
2023-02-28 | CVE-2023-20938 | Use After Free vulnerability in Google Android In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. | 7.8 | |
2023-02-28 | CVE-2023-20939 | Improper Locking vulnerability in Google Android 12.0/12.1/13.0 In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. | 7.8 | |
2023-02-28 | CVE-2023-20940 | Improper Verification of Cryptographic Signature vulnerability in Google Android 13.0 In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. | 7.8 | |
2023-02-28 | CVE-2023-20943 | Path Traversal vulnerability in Google Android In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. | 7.8 | |
2023-02-28 | CVE-2023-20944 | Deserialization of Untrusted Data vulnerability in Google Android In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. | 7.8 | |
2023-02-28 | CVE-2023-20945 | Out-of-bounds Write vulnerability in Google Android 10.0 In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2023-02-28 | CVE-2023-0461 | Linux | Use After Free vulnerability in Linux Kernel There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. | 7.8 |
2023-02-28 | CVE-2023-22995 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. | 7.8 |
2023-02-27 | CVE-2022-32900 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 7.8 |
2023-02-27 | CVE-2022-32949 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved checks. | 7.8 |
2023-02-27 | CVE-2022-42797 | Apple | Injection vulnerability in Apple Xcode An injection issue was addressed with improved input validation. | 7.8 |
2023-02-27 | CVE-2022-42833 | Apple | Out-of-bounds Read vulnerability in Apple Macos An out-of-bounds read was addressed with improved input validation. | 7.8 |
2023-02-27 | CVE-2022-46712 | Apple | Use After Free vulnerability in Apple Macos A use after free issue was addressed with improved memory management. | 7.8 |
2023-02-27 | CVE-2023-23497 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 7.8 |
2023-02-27 | CVE-2023-23504 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 7.8 |
2023-02-27 | CVE-2023-23507 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved bounds checks. | 7.8 |
2023-02-27 | CVE-2023-23514 | Apple | Use After Free vulnerability in Apple Ipados, Iphone OS and Macos A use after free issue was addressed with improved memory management. | 7.8 |
2023-02-27 | CVE-2022-45697 | Razer | Link Following vulnerability in Razer Central Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | 7.8 |
2023-03-03 | CVE-2023-25402 | YF Exam Project | Unrestricted Upload of File with Dangerous Type vulnerability in Yf-Exam Project Yf-Exam 1.8.0 CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. | 7.5 |
2023-03-03 | CVE-2023-25403 | YF Exam Project | Authorization Bypass Through User-Controlled Key vulnerability in Yf-Exam Project Yf-Exam 1.8.0 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. | 7.5 |
2023-03-03 | CVE-2023-26492 | Monospace | Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 7.5 |
2023-03-03 | CVE-2023-27567 | Openbsd | Unspecified vulnerability in Openbsd 7.2 In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | 7.5 |
2023-03-03 | CVE-2023-20079 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. | 7.5 |
2023-03-03 | CVE-2023-20088 | Cisco | Unspecified vulnerability in Cisco Finesse A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. | 7.5 |
2023-03-03 | CVE-2022-45552 | ZBT | Unspecified vulnerability in ZBT We1626 Firmware 21.06.18 An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | 7.5 |
2023-03-03 | CVE-2023-27560 | Phpseclib | Infinite Loop vulnerability in PHPseclib Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. | 7.5 |
2023-03-03 | CVE-2023-0457 | Mitsubishielectric | Insufficiently Protected Credentials vulnerability in Mitsubishielectric products Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. | 7.5 |
2023-03-02 | CVE-2023-0656 | Sonicwall | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | 7.5 |
2023-03-02 | CVE-2023-26470 | Xwiki | Out-of-bounds Write vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 7.5 |
2023-03-02 | CVE-2023-26476 | Xwiki | Improper Restriction of Excessive Authentication Attempts vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 7.5 |
2023-03-02 | CVE-2022-38734 | Netapp | Unspecified vulnerability in Netapp Storagegrid StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. | 7.5 |
2023-03-02 | CVE-2023-0053 | Sauter Controls | Cleartext Transmission of Sensitive Information vulnerability in Sauter-Controls products SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. | 7.5 |
2023-03-01 | CVE-2020-5001 | IBM | Path Traversal vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. | 7.5 |
2023-03-01 | CVE-2020-5026 | IBM | Information Exposure Through an Error Message vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
2023-03-01 | CVE-2023-20014 | Cisco | Resource Exhaustion vulnerability in Cisco Nexus Dashboard A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. | 7.5 |
2023-03-01 | CVE-2023-26281 | IBM | Improper Input Validation vulnerability in IBM Http Server 8.5.0.0 IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. | 7.5 |
2023-02-28 | CVE-2022-47075 | Smartofficepayroll | Unspecified vulnerability in Smartofficepayroll Smartoffice An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx. | 7.5 |
2023-02-28 | CVE-2022-47076 | Smartofficepayroll | Unspecified vulnerability in Smartofficepayroll Smartoffice An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx. | 7.5 |
2023-02-28 | CVE-2022-41722 | Golang | Path Traversal vulnerability in Golang GO A path traversal vulnerability exists in filepath.Clean on Windows. | 7.5 |
2023-02-28 | CVE-2022-41723 | Golang | Unspecified vulnerability in Golang GO A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | 7.5 |
2023-02-28 | CVE-2022-41724 | Golang | Resource Exhaustion vulnerability in Golang GO Large handshake records may cause panics in crypto/tls. | 7.5 |
2023-02-28 | CVE-2022-41725 | Golang | Allocation of Resources Without Limits or Throttling vulnerability in Golang GO A denial of service is possible from excessive resource consumption in net/http and mime/multipart. | 7.5 |
2023-02-28 | CVE-2023-20948 | Out-of-bounds Read vulnerability in Google Android 12.0/12.1/13.0 In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. | 7.5 | |
2023-02-28 | CVE-2023-23689 | Dell | Resource Exhaustion vulnerability in Dell products Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. | 7.5 |
2023-02-28 | CVE-2023-25264 | Docmosis | Improper Authentication vulnerability in Docmosis Tornado An issue was discovered in Docmosis Tornado prior to version 2.9.5. | 7.5 |
2023-02-28 | CVE-2023-25265 | Docmosis | Path Traversal vulnerability in Docmosis Tornado Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. | 7.5 |
2023-02-28 | CVE-2023-26255 | Stagil | Path Traversal vulnerability in Stagil Navigation An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. | 7.5 |
2023-02-28 | CVE-2023-26256 | Stagil | Path Traversal vulnerability in Stagil Navigation An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. | 7.5 |
2023-02-28 | CVE-2023-26105 | Utilities Project | Unspecified vulnerability in Utilities Project Utilities All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function. | 7.5 |
2023-02-27 | CVE-2022-32830 | Apple | Out-of-bounds Read vulnerability in Apple Iphone OS An out-of-bounds read issue was addressed with improved bounds checking. | 7.5 |
2023-02-27 | CVE-2022-32836 | Apple | Unspecified vulnerability in Apple Music 3.9.10 This issue was addressed with improved state management. | 7.5 |
2023-02-27 | CVE-2022-32846 | Apple | Unspecified vulnerability in Apple Music 3.9.10 A logic issue was addressed with improved state management. | 7.5 |
2023-02-27 | CVE-2023-23519 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 7.5 |
2023-02-27 | CVE-2023-23524 | Apple | Resource Exhaustion vulnerability in Apple products A denial-of-service issue was addressed with improved input validation. | 7.5 |
2023-02-27 | CVE-2022-48230 | Huawei | Interpretation Conflict vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325 There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. | 7.5 |
2023-02-27 | CVE-2022-48260 | Huawei | Classic Buffer Overflow vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325 There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. | 7.5 |
2023-02-27 | CVE-2022-48261 | Huawei | Interpretation Conflict vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325 There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. | 7.5 |
2023-02-27 | CVE-2022-4550 | User Activity Project | Authentication Bypass by Spoofing vulnerability in User Activity Project User Activity The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | 7.5 |
2023-02-27 | CVE-2023-0331 | Correos | Unspecified vulnerability in Correos Oficial The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. | 7.5 |
2023-02-27 | CVE-2023-25235 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac500 Firmware 2.0.1.9(1307) Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid. | 7.5 |
2023-02-27 | CVE-2023-26758 | Smeup | Path Traversal vulnerability in Smeup ERP Tokyov6R1M220406 Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | 7.5 |
2023-02-27 | CVE-2023-26760 | Smeup | Cleartext Storage of Sensitive Information vulnerability in Smeup ERP Tokyov6R1M220406 Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. | 7.5 |
2023-02-27 | CVE-2022-40237 | IBM | Improper Input Validation vulnerability in IBM MQ for HPE Nonstop 8.1.0 IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. | 7.5 |
2023-02-27 | CVE-2023-23108 | Crasm Project | NULL Pointer Dereference vulnerability in Crasm Project Crasm In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. | 7.5 |
2023-02-27 | CVE-2023-23109 | Crasm Project | Divide By Zero vulnerability in Crasm Project Crasm In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv. | 7.5 |
2023-02-27 | CVE-2022-34908 | Aremis | Improper Authentication vulnerability in Aremis 4 Nomads 1.5.0 An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. | 7.5 |
2023-02-27 | CVE-2023-26257 | Covesa | Memory Leak vulnerability in Covesa Dlt-Daemon An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. | 7.5 |
2023-03-01 | CVE-2023-0460 | Unsafe Reflection vulnerability in Google Youtube Android Player API 1.2/1.2.2 The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. | 7.3 | |
2023-03-03 | CVE-2023-26213 | Barracuda | OS Command Injection vulnerability in Barracuda products On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. | 7.2 |
2023-03-03 | CVE-2023-1165 | Crmeb | SQL Injection vulnerability in Crmeb 1.3.4 A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. | 7.2 |
2023-03-01 | CVE-2023-20009 | Cisco | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. | 7.2 |
2023-03-01 | CVE-2023-22758 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. | 7.2 |
2023-03-01 | CVE-2023-22759 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. | 7.2 |
2023-03-01 | CVE-2023-22760 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. | 7.2 |
2023-03-01 | CVE-2023-22761 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. | 7.2 |
2023-03-01 | CVE-2023-22762 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-03-01 | CVE-2023-22763 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-03-01 | CVE-2023-22764 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-03-01 | CVE-2023-22765 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-03-01 | CVE-2023-22766 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-03-01 | CVE-2023-22767 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-03-01 | CVE-2023-22768 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-03-01 | CVE-2023-22769 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-03-01 | CVE-2023-22770 | Arubanetworks | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. | 7.2 |
2023-02-28 | CVE-2023-25432 | Online Reviewer Management System Project | SQL Injection vulnerability in Online Reviewer Management System Project Online Reviewer Management System 1.0 An issue was discovered in Online Reviewer Management System v1.0. | 7.2 |
2023-02-28 | CVE-2023-27320 | Sudo Project Fedoraproject | Double Free vulnerability in multiple products Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | 7.2 |
2023-02-27 | CVE-2023-24249 | Laravel Admin | Unrestricted Upload of File with Dangerous Type vulnerability in Laravel-Admin 1.8.19 An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
2023-02-27 | CVE-2023-0278 | Wpgeodirectory | Unspecified vulnerability in Wpgeodirectory Geodirectory The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
2023-02-27 | CVE-2023-0279 | Media Library Assistant Project | Unspecified vulnerability in Media Library Assistant Project Media Library Assistant The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 |
2023-02-27 | CVE-2023-0487 | Premio | SQL Injection vulnerability in Premio MY Sticky Elements The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2023-02-27 | CVE-2023-26609 | Abus | Unspecified vulnerability in Abus Tvip 20000-21150 Firmware ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. | 7.2 |
2023-02-28 | CVE-2023-25540 | Dell | Incorrect Default Permissions vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. | 7.1 |
2023-02-28 | CVE-2020-36652 | Hitachi | Incorrect Default Permissions vulnerability in Hitachi products Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00. | 7.1 |
2023-02-28 | CVE-2022-3884 | Hitachi | Incorrect Default Permissions vulnerability in Hitachi OPS Center Analyzer 10.9.000 Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | 7.1 |
2023-02-27 | CVE-2023-1070 | Teampass | External Control of File Name or Path vulnerability in Teampass External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | 7.1 |
2023-03-03 | CVE-2023-27561 | Linuxfoundation Redhat Debian | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. | 7.0 |
243 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-01 | CVE-2023-25931 | Medtronic | Improper Authentication vulnerability in Medtronic Interstim X Clinician and Micro Clinician Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. | 6.8 |
2023-02-28 | CVE-2023-20857 | Vmware | Missing Authentication for Critical Function vulnerability in VMWare Workspace ONE Content 3.20/3.20.1/3.21 VMware Workspace ONE Content contains a passcode bypass vulnerability. | 6.8 |
2023-03-02 | CVE-2023-25536 | Dell | Exposure of Resource to Wrong Sphere vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. | 6.7 |
2023-03-01 | CVE-2023-20075 | Cisco | OS Command Injection vulnerability in Cisco Email Security Appliance Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. | 6.7 |
2023-02-28 | CVE-2022-20551 | Unspecified vulnerability in Google Android 12.0/12.1/13.0 In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. | 6.7 | |
2023-03-04 | CVE-2023-1175 | VIM | Incorrect Calculation of Buffer Size vulnerability in VIM Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | 6.6 |
2023-03-03 | CVE-2023-1170 | VIM | Heap-based Buffer Overflow vulnerability in VIM Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. | 6.6 |
2023-03-04 | CVE-2023-26481 | Goauthentik | Insufficient Verification of Data Authenticity vulnerability in Goauthentik Authentik authentik is an open-source Identity Provider. | 6.5 |
2023-03-03 | CVE-2023-26488 | Openzeppelin | Incorrect Calculation vulnerability in Openzeppelin Contracts and Contracts Upgradeable OpenZeppelin Contracts is a library for secure smart contract development. | 6.5 |
2023-03-03 | CVE-2023-20061 | Cisco | Exposure of Resource to Wrong Sphere vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 6.5 |
2023-03-03 | CVE-2023-1163 | Draytek | Path Traversal vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. | 6.5 |
2023-03-02 | CVE-2023-26473 | Xwiki | Unspecified vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 6.5 |
2023-03-02 | CVE-2023-26479 | Xwiki | Improper Handling of Exceptional Conditions vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 6.5 |
2023-03-02 | CVE-2021-45477 | Yordam | Unspecified vulnerability in Yordam Library Automation System Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | 6.5 |
2023-03-02 | CVE-2021-45478 | Yordam | Unspecified vulnerability in Yordam Library Automation System Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | 6.5 |
2023-03-02 | CVE-2023-25155 | Redis | Integer Overflow or Wraparound vulnerability in Redis Redis is an in-memory database that persists on disk. | 6.5 |
2023-03-01 | CVE-2023-22738 | Vantage6 | Improper Preservation of Permissions vulnerability in Vantage6 vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. | 6.5 |
2023-03-01 | CVE-2023-24117 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24118 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24119 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24120 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24121 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24122 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24123 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24124 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24125 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24126 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24127 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24128 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24129 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24130 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24131 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24132 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24133 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2023-24134 | Heimgardtechnologies | Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. | 6.5 |
2023-03-01 | CVE-2022-3162 | Kubernetes | Path Traversal vulnerability in Kubernetes Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. | 6.5 |
2023-03-01 | CVE-2022-39228 | Vantage6 | Information Exposure Through Discrepancy vulnerability in Vantage6 vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. | 6.5 |
2023-03-01 | CVE-2023-24567 | Dell | Exposure of Resource to Wrong Sphere vulnerability in Dell EMC Networker Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. | 6.5 |
2023-03-01 | CVE-2023-24751 | Struktur Debian | NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. | 6.5 |
2023-03-01 | CVE-2023-25544 | Dell | Exposure of Resource to Wrong Sphere vulnerability in Dell EMC Networker Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. | 6.5 |
2023-03-01 | CVE-2023-23973 | A3Rev | Cross-Site Request Forgery (CSRF) vulnerability in A3Rev Contact US Page - Contact People Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0. | 6.5 |
2023-03-01 | CVE-2023-0952 | Devolutions | Incorrect Authorization vulnerability in Devolutions Server Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. | 6.5 |
2023-03-01 | CVE-2023-22772 | Arubanetworks | Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. | 6.5 |
2023-03-01 | CVE-2023-22773 | Arubanetworks | Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. | 6.5 |
2023-03-01 | CVE-2023-22774 | Arubanetworks | Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. | 6.5 |
2023-03-01 | CVE-2023-22775 | Arubanetworks | Exposure of Resource to Wrong Sphere vulnerability in Arubanetworks Arubaos and Sd-Wan A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. | 6.5 |
2023-03-01 | CVE-2023-22777 | Arubanetworks | Exposure of Resource to Wrong Sphere vulnerability in Arubanetworks Arubaos and Sd-Wan An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. | 6.5 |
2023-03-01 | CVE-2023-24045 | Dataiku | Unrestricted Upload of File with Dangerous Type vulnerability in Dataiku Data Science Studio In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. | 6.5 |
2023-02-28 | CVE-2022-23240 | Netapp | Unspecified vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. | 6.5 |
2023-02-28 | CVE-2023-25575 | API Platform | Incorrect Authorization vulnerability in Api-Platform Core API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. | 6.5 |
2023-02-27 | CVE-2023-26043 | Geosolutionsgroup | XXE vulnerability in Geosolutionsgroup Geonode GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. | 6.5 |
2023-02-27 | CVE-2022-32784 | Apple | Unspecified vulnerability in Apple Iphone OS The issue was addressed with improved UI handling. | 6.5 |
2023-02-27 | CVE-2023-23512 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved handling of caches. | 6.5 |
2023-02-27 | CVE-2023-27263 | Mattermost | Missing Authorization vulnerability in Mattermost A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | 6.5 |
2023-02-27 | CVE-2023-27264 | Mattermost | Missing Authorization vulnerability in Mattermost A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | 6.5 |
2023-02-27 | CVE-2022-31405 | MV Idigital Clinic Enterprise Project | Cleartext Storage of Sensitive Information vulnerability in MV Idigital Clinic Enterprise Project MV Idigital Clinic Enterprise 1.0 MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | 6.5 |
2023-02-27 | CVE-2022-32844 | Apple | Race Condition vulnerability in Apple products A race condition was addressed with improved state handling. | 6.3 |
2023-03-01 | CVE-2023-0567 | PHP | Use of Password Hash With Insufficient Computational Effort vulnerability in PHP In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. | 6.2 |
2023-03-05 | CVE-2023-27641 | Lsoft | Cross-site Scripting vulnerability in Lsoft Listserv The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. | 6.1 |
2023-03-05 | CVE-2014-125092 | Maxfoundry | Cross-site Scripting vulnerability in Maxfoundry Maxbuttons A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. | 6.1 |
2023-03-05 | CVE-2022-4927 | Ualberta | Unspecified vulnerability in Ualberta Neosdiscovery 1.0.70 A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. | 6.1 |
2023-03-05 | CVE-2015-10089 | Flame JS Project | Cross-site Scripting vulnerability in Flame.Js Project Flame.Js A vulnerability classified as problematic has been found in flame.js. | 6.1 |
2023-03-05 | CVE-2023-1180 | Health Center Patient Record Management System Project | Cross-site Scripting vulnerability in Health Center Patient Record Management System Project Health Center Patient Record Management System 1.0 A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. | 6.1 |
2023-03-05 | CVE-2008-10002 | Ajaxlife Project | Cross-site Scripting vulnerability in Ajaxlife Project Ajaxlife A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. | 6.1 |
2023-03-04 | CVE-2014-125090 | Media Downloader Project | Cross-site Scripting vulnerability in Media Downloader Project Media Downloader 0.1.992 A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPress. | 6.1 |
2023-03-04 | CVE-2020-36665 | Seotool Project | Open Redirect vulnerability in Seotool Project Seotool A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. | 6.1 |
2023-03-04 | CVE-2020-36664 | Seotool Project | Open Redirect vulnerability in Seotool Project Seotool A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. | 6.1 |
2023-03-04 | CVE-2020-36663 | Seotool Project | Open Redirect vulnerability in Seotool Project Seotool A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. | 6.1 |
2023-03-04 | CVE-2023-26486 | Vega Functions Project Vega Project | Cross-site Scripting vulnerability in multiple products Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. | 6.1 |
2023-03-04 | CVE-2023-26487 | Vega Functions Project Vega Project | Cross-site Scripting vulnerability in multiple products Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as `push` call argument. | 6.1 |
2023-03-03 | CVE-2023-26047 | Kitabisa | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Kitabisa Teler-Waf teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. | 6.1 |
2023-03-03 | CVE-2023-26491 | Rsshub | Cross-site Scripting vulnerability in Rsshub 20210125/20230110 RSSHub is an open source and extensible RSS feed generator. | 6.1 |
2023-03-03 | CVE-2023-0968 | Kibokolabs | Unspecified vulnerability in Kibokolabs Watu Quiz The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. | 6.1 |
2023-03-03 | CVE-2023-23313 | Draytek | Cross-site Scripting vulnerability in Draytek products Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. | 6.1 |
2023-03-03 | CVE-2022-2837 | Coredns IO | Open Redirect vulnerability in Coredns.Io Coredns A flaw was found in coreDNS. | 6.1 |
2023-03-03 | CVE-2023-20104 | Cisco | Cross-site Scripting vulnerability in Cisco Webex Teams A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2023-03-03 | CVE-2023-0577 | Asosegitim | Cross-site Scripting vulnerability in Asosegitim Sobiad Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01. | 6.1 |
2023-03-03 | CVE-2023-0578 | Asosegitim | Cross-site Scripting vulnerability in Asosegitim Bookcites Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05. | 6.1 |
2023-03-02 | CVE-2023-0084 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
2023-03-02 | CVE-2023-1156 | Health Center Patient Record Management System Project | Cross-site Scripting vulnerability in Health Center Patient Record Management System Project Health Center Patient Record Management System 1.0 A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. | 6.1 |
2023-03-02 | CVE-2023-1106 | Flatpress | Cross-site Scripting vulnerability in Flatpress Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. | 6.1 |
2023-03-02 | CVE-2023-26046 | Kitabisa | Cross-site Scripting vulnerability in Kitabisa Teler-Waf 0.0.1/0.1.0 teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. | 6.1 |
2023-03-01 | CVE-2023-1131 | Computer Parts Sales AND Inventory System Project | Cross-site Scripting vulnerability in Computer Parts Sales and Inventory System Project Computer Parts Sales and Inventory System 1.0 A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. | 6.1 |
2023-03-01 | CVE-2022-4901 | Sophos | Cross-site Scripting vulnerability in Sophos Connect Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | 6.1 |
2023-03-01 | CVE-2023-20053 | Cisco | Cross-site Scripting vulnerability in Cisco Nexus Dashboard A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. | 6.1 |
2023-03-01 | CVE-2023-20085 | Cisco | Cross-site Scripting vulnerability in Cisco Identity Services Engine 3.2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. | 6.1 |
2023-03-01 | CVE-2022-38220 | Quest | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | 6.1 |
2023-02-28 | CVE-2023-27293 | Opencats | Cross-site Scripting vulnerability in Opencats 0.9.6 Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. | 6.1 |
2023-02-28 | CVE-2023-1080 | Gnpublisher | Unspecified vulnerability in Gnpublisher GN Publisher The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. | 6.1 |
2023-02-27 | CVE-2022-32891 | Apple | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apple products The issue was addressed with improved UI handling. | 6.1 |
2023-02-27 | CVE-2023-0043 | ADD User Project | Cross-site Scripting vulnerability in ADD User Project ADD User The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-02-27 | CVE-2023-0334 | Shortpixel | Unspecified vulnerability in Shortpixel Adaptive Images The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin | 6.1 |
2023-02-27 | CVE-2022-45137 | Wago | Cross-site Scripting vulnerability in Wago products The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. | 6.1 |
2023-02-27 | CVE-2023-26042 | Part DB Project | Cross-site Scripting vulnerability in Part-Db Project Part-Db Part-DB is an open source inventory management system for your electronic components. | 6.1 |
2023-02-27 | CVE-2021-32302 | IRZ | Cross-site Scripting vulnerability in IRZ Ruh2 Firmware Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | 6.1 |
2023-02-28 | CVE-2023-27371 | GNU | Out-of-bounds Read vulnerability in GNU Libmicrohttpd GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. | 5.9 |
2023-02-27 | CVE-2021-46841 | Apple | Unspecified vulnerability in Apple Music 3.5.0 This issue was addressed by using HTTPS when sending information over the network. | 5.9 |
2023-02-27 | CVE-2023-23520 | Apple | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple Ipados and Iphone OS A race condition was addressed with additional validation. | 5.9 |
2023-03-05 | CVE-2023-26510 | Ghost | Missing Authorization vulnerability in Ghost 5.35.0 Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. | 5.7 |
2023-03-04 | CVE-2021-36689 | Samourai Wallet Android Project | Weak Password Requirements vulnerability in Samourai-Wallet-Android Project Samourai-Wallet-Android 0.99.96I An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. | 5.5 |
2023-03-03 | CVE-2022-4645 | Libtiff | Out-of-bounds Read vulnerability in Libtiff LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2023-03-03 | CVE-2023-1160 | Agentejo | Use of Platform-Dependent Third Party Components vulnerability in Agentejo Cockpit Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. | 5.5 |
2023-03-02 | CVE-2023-1157 | ELF Parser Project | Improper Resource Shutdown or Release vulnerability in Elf-Parser Project Elf-Parser A vulnerability, which was classified as problematic, was found in finixbit elf-parser. | 5.5 |
2023-03-01 | CVE-2023-23001 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 |
2023-03-01 | CVE-2023-23002 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 |
2023-03-01 | CVE-2023-23004 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 |
2023-03-01 | CVE-2023-23005 | Linux Suse | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 |
2023-03-01 | CVE-2023-23006 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 |
2023-03-01 | CVE-2022-48310 | Sophos | Cleartext Storage of Sensitive Information vulnerability in Sophos Connect An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | 5.5 |
2023-03-01 | CVE-2022-36021 | Redis | Algorithmic Complexity vulnerability in Redis Redis is an in-memory database that persists on disk. | 5.5 |
2023-03-01 | CVE-2023-24752 | Struktur Debian | NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. | 5.5 |
2023-03-01 | CVE-2023-24754 | Struktur Debian | NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. | 5.5 |
2023-03-01 | CVE-2023-24755 | Struktur Debian | NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. | 5.5 |
2023-03-01 | CVE-2023-24756 | Struktur Debian | NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. | 5.5 |
2023-03-01 | CVE-2023-24757 | Struktur Debian | NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. | 5.5 |
2023-03-01 | CVE-2023-24758 | Struktur Debian | NULL Pointer Dereference vulnerability in multiple products libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. | 5.5 |
2023-03-01 | CVE-2022-37935 | HP | Unspecified vulnerability in HP Oneview for VMWare Vcenter HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. | 5.5 |
2023-02-28 | CVE-2023-1095 | Linux Redhat | NULL Pointer Dereference vulnerability in multiple products In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. | 5.5 |
2023-02-28 | CVE-2023-22996 | Linux | Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. | 5.5 |
2023-02-28 | CVE-2023-22997 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 |
2023-02-28 | CVE-2023-22998 | Linux | Interpretation Conflict vulnerability in Linux Kernel In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 |
2023-02-28 | CVE-2023-22999 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 |
2023-02-28 | CVE-2022-41727 | Golang Fedoraproject | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. | 5.5 |
2023-02-28 | CVE-2023-1018 | Trustedcomputinggroup Microsoft | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. | 5.5 |
2023-02-28 | CVE-2022-20455 | Resource Exhaustion vulnerability in Google Android In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. | 5.5 | |
2023-02-28 | CVE-2022-20481 | Unspecified vulnerability in Google Android In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. | 5.5 | |
2023-02-28 | CVE-2021-22283 | ABB | Improper Initialization vulnerability in ABB products Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2. | 5.5 |
2023-02-27 | CVE-2023-1055 | Redhat Fedoraproject | Improper Certificate Validation vulnerability in multiple products A flaw was found in RHDS 11 and RHDS 12. | 5.5 |
2023-02-27 | CVE-2022-22582 | Apple | Link Following vulnerability in Apple mac OS X and Macos A validation issue existed in the handling of symlinks. | 5.5 |
2023-02-27 | CVE-2022-22668 | Apple | Unspecified vulnerability in Apple Iphone OS A logic issue was addressed with improved restrictions. | 5.5 |
2023-02-27 | CVE-2022-32824 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 5.5 |
2023-02-27 | CVE-2022-32855 | Apple | Unspecified vulnerability in Apple Iphone OS A logic issue was addressed with improved state management. | 5.5 |
2023-02-27 | CVE-2022-32896 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed by enabling hardened runtime. | 5.5 |
2023-02-27 | CVE-2022-32902 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 5.5 |
2023-02-27 | CVE-2022-46704 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 5.5 |
2023-02-27 | CVE-2023-23499 | Apple | Unspecified vulnerability in Apple products This issue was addressed by enabling hardened runtime. | 5.5 |
2023-02-27 | CVE-2023-23500 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 5.5 |
2023-02-27 | CVE-2023-23501 | Apple | Exposure of Resource to Wrong Sphere vulnerability in Apple Macos The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. | 5.5 |
2023-02-27 | CVE-2023-23502 | Apple | Unspecified vulnerability in Apple products An information disclosure issue was addressed by removing the vulnerable code. | 5.5 |
2023-02-27 | CVE-2023-23503 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved state management. | 5.5 |
2023-02-27 | CVE-2023-23506 | Apple | Unspecified vulnerability in Apple Macos A permissions issue was addressed with improved validation. | 5.5 |
2023-02-27 | CVE-2023-23508 | Apple | Unspecified vulnerability in Apple Macos The issue was addressed with improved memory handling. | 5.5 |
2023-02-27 | CVE-2023-23510 | Apple | Unspecified vulnerability in Apple Macos A permissions issue was addressed with improved validation. | 5.5 |
2023-02-27 | CVE-2023-23511 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 5.5 |
2023-02-27 | CVE-2023-23522 | Apple | Unspecified vulnerability in Apple Macos A privacy issue was addressed with improved handling of temporary files. | 5.5 |
2023-02-27 | CVE-2022-48305 | Huawei | Unspecified vulnerability in Huawei Simba-Al00 Firmware 1.1.1.274 There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. | 5.5 |
2023-02-27 | CVE-2022-34910 | Aremis | Cleartext Storage of Sensitive Information vulnerability in Aremis 4 Nomads An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. | 5.5 |
2023-03-05 | CVE-2006-10001 | Pluginmirror | Cross-site Scripting vulnerability in Pluginmirror Subscribe to Comments A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. | 5.4 |
2023-03-05 | CVE-2023-1181 | Easyimages2 0 Project | Cross-site Scripting vulnerability in Easyimages2.0 Project Easyimages2.0 Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7. | 5.4 |
2023-03-05 | CVE-2023-1179 | Computer Parts Sales AND Inventory System Project | Cross-site Scripting vulnerability in Computer Parts Sales and Inventory System Project Computer Parts Sales and Inventory System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. | 5.4 |
2023-03-03 | CVE-2023-23927 | Craftcms | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft is a platform for creating digital experiences. | 5.4 |
2023-03-03 | CVE-2023-20069 | Cisco | Cross-site Scripting vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. | 5.4 |
2023-03-02 | CVE-2022-35645 | IBM | Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. | 5.4 |
2023-03-02 | CVE-2023-26056 | Xwiki | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 5.4 |
2023-03-02 | CVE-2023-1155 | Nicdark | Unspecified vulnerability in Nicdark Cost Calculator The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. | 5.4 |
2023-03-02 | CVE-2023-26480 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 5.4 |
2023-03-02 | CVE-2021-45479 | Yordam | Cross-site Scripting vulnerability in Yordam Library Automation System Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2. | 5.4 |
2023-03-02 | CVE-2023-1149 | Btcpayserver | Improper Neutralization of Equivalent Special Elements vulnerability in Btcpayserver Btcpay Server Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. | 5.4 |
2023-03-02 | CVE-2023-1146 | Flatpress | Cross-site Scripting vulnerability in Flatpress Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 |
2023-03-02 | CVE-2023-1147 | Flatpress | Cross-site Scripting vulnerability in Flatpress Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 |
2023-03-02 | CVE-2023-1107 | Flatpress | Cross-site Scripting vulnerability in Flatpress Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 |
2023-03-02 | CVE-2023-22462 | Grafana | Cross-site Scripting vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 5.4 |
2023-03-01 | CVE-2023-0507 | Grafana | Cross-site Scripting vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 5.4 |
2023-03-01 | CVE-2023-0594 | Grafana | Cross-site Scripting vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 5.4 |
2023-03-01 | CVE-2022-46798 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Woolentor - Woocommerce Elementor Addons + Builder Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change. | 5.4 |
2023-03-01 | CVE-2022-46805 | Wptrio | Cross-Site Request Forgery (CSRF) vulnerability in Wptrio Conditional Shipping for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin rulesets. | 5.4 |
2023-03-01 | CVE-2022-45804 | Robogallery | Cross-Site Request Forgery (CSRF) vulnerability in Robogallery Robo Gallery Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate. | 5.4 |
2023-03-01 | CVE-2023-1115 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 |
2023-03-01 | CVE-2023-1116 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 |
2023-03-01 | CVE-2023-1117 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 |
2023-03-01 | CVE-2023-23974 | Fullworksplugins | Cross-Site Request Forgery (CSRF) vulnerability in Fullworksplugins Quick Event Manager Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update). | 5.4 |
2023-03-01 | CVE-2023-23984 | WOW Company | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion. | 5.4 |
2023-03-01 | CVE-2023-1104 | Flatpress | Cross-site Scripting vulnerability in Flatpress Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 |
2023-03-01 | CVE-2023-26608 | Vxcontrol | Cross-site Scripting vulnerability in Vxcontrol Soldr 1.1.0 SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor. | 5.4 |
2023-02-28 | CVE-2023-27292 | Opencats | Open Redirect vulnerability in Opencats 0.9.6 An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | 5.4 |
2023-02-28 | CVE-2023-27294 | Opencats | Cross-site Scripting vulnerability in Opencats 0.9.6 Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. | 5.4 |
2023-02-28 | CVE-2023-27295 | Opencats | Cross-Site Request Forgery (CSRF) vulnerability in Opencats 0.9.6 Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. | 5.4 |
2023-02-28 | CVE-2023-25807 | Dataease | Cross-site Scripting vulnerability in Dataease DataEase is an open source data visualization and analysis tool. | 5.4 |
2023-02-28 | CVE-2023-23983 | Wpdevart | Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Responsive Vertical Icon Menu Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. | 5.4 |
2023-02-27 | CVE-2022-4679 | Wufoo | Unspecified vulnerability in Wufoo Shortcode The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-27 | CVE-2022-4757 | List Pages Shortcode Project | Unspecified vulnerability in List Pages Shortcode Project List Pages Shortcode The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-02-27 | CVE-2022-4788 | Embed PDF Project | Unspecified vulnerability in Embed PDF Project Embed PDF The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-27 | CVE-2022-4795 | Galleries BY Angie Makes Project | Unspecified vulnerability in Galleries BY Angie Makes Project Galleries BY Angie Makes The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-02-27 | CVE-2022-4829 | Show Hide Collapse Expand Project | Unspecified vulnerability in Show-Hide / Collapse-Expand Project Show-Hide / Collapse-Expand The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-02-27 | CVE-2023-0168 | Olevmedia | Unspecified vulnerability in Olevmedia Shortcodes The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-27 | CVE-2023-0230 | Vektor INC | Unspecified vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-27 | CVE-2023-0535 | Donation Block FOR Paypal Project | Unspecified vulnerability in Donation Block for Paypal Project Donation Block for Paypal The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-27 | CVE-2023-0539 | Gsplugins | Cross-site Scripting vulnerability in Gsplugins GS Insever Portfolio The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-02-27 | CVE-2023-0552 | Genetechsolutions | Unspecified vulnerability in Genetechsolutions PIE Register The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability | 5.4 |
2023-02-27 | CVE-2023-23157 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul ART Gallery Management System 1.0 A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page. | 5.4 |
2023-02-27 | CVE-2023-23158 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul ART Gallery Management System 1.0 A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page. | 5.4 |
2023-02-27 | CVE-2023-24251 | Wangeditor | Cross-site Scripting vulnerability in Wangeditor WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js. | 5.4 |
2023-02-27 | CVE-2023-24651 | Simple Customer Relationship Management System Project | Cross-site Scripting vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0 Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. | 5.4 |
2023-02-27 | CVE-2023-22860 | IBM | Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. | 5.4 |
2023-02-27 | CVE-2023-1067 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 |
2023-03-05 | CVE-2023-0734 | Wallabag | Improper Authorization vulnerability in Wallabag Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | 5.3 |
2023-03-04 | CVE-2023-25819 | Discourse | Information Exposure vulnerability in Discourse Discourse is an open source platform for community discussion. | 5.3 |
2023-03-03 | CVE-2023-26483 | Gosaml2 Project | Unspecified vulnerability in Gosaml2 Project Gosaml2 gosaml2 is a Pure Go implementation of SAML 2.0. | 5.3 |
2023-03-02 | CVE-2023-26052 | Saleor | Information Exposure Through an Error Message vulnerability in Saleor Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. | 5.3 |
2023-03-02 | CVE-2023-0085 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. | 5.3 |
2023-03-02 | CVE-2023-25806 | Amazon | Information Exposure Through Discrepancy vulnerability in Amazon Opensearch and Opensearch Security OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. | 5.3 |
2023-03-01 | CVE-2022-20952 | Cisco | Unspecified vulnerability in Cisco Asyncos A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected. | 5.3 |
2023-03-01 | CVE-2023-20052 | Cisco Clamav Stormshield | XML Entity Expansion vulnerability in multiple products On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. | 5.3 |
2023-02-28 | CVE-2023-1065 | Snyk | Improper Authentication vulnerability in Snyk Kubernetes Monitor This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. | 5.3 |
2023-02-27 | CVE-2020-9846 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 5.3 |
2023-02-27 | CVE-2022-32906 | Apple | Unspecified vulnerability in Apple Music 3.4.0/3.5.0 This issue was addressed with using HTTPS when sending information over the network. | 5.3 |
2023-02-27 | CVE-2022-45139 | Wago | Origin Validation Error vulnerability in Wago products A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. | 5.3 |
2023-03-01 | CVE-2023-22776 | Arubanetworks | Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan An authenticated path traversal vulnerability exists in the ArubaOS command line interface. | 4.9 |
2023-03-02 | CVE-2023-1148 | Flatpress | Cross-site Scripting vulnerability in Flatpress Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 4.8 |
2023-03-01 | CVE-2023-1113 | Simple Payroll System With Dynamic TAX Bracket Project | Cross-site Scripting vulnerability in Simple Payroll System With Dynamic TAX Bracket Project Simple Payroll System With Dynamic TAX Bracket 1.0 A vulnerability was found in SourceCodester Simple Payroll System 1.0. | 4.8 |
2023-03-01 | CVE-2023-22778 | Arubanetworks | Cross-site Scripting vulnerability in Arubanetworks Arubaos and Sd-Wan A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
2023-02-28 | CVE-2022-23239 | Netapp | Cross-site Scripting vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack. | 4.8 |
2023-02-28 | CVE-2023-25431 | Online Reviewer Management System Project | Cross-site Scripting vulnerability in Online Reviewer Management System Project Online Reviewer Management System 1.0 An issue was discovered in Online Reviewer Management System v1.0. | 4.8 |
2023-02-28 | CVE-2023-1081 | Microweber | Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | 4.8 |
2023-02-27 | CVE-2023-0543 | Kibokolabs | Unspecified vulnerability in Kibokolabs Arigato Autoresponder and Newsletter The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2023-02-27 | CVE-2023-0548 | Kibokolabs | Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-03-01 | CVE-2022-27672 | AMD | Unspecified vulnerability in AMD products When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. | 4.7 |
2023-02-27 | CVE-2022-46713 | Apple | Race Condition vulnerability in Apple Macos A race condition was addressed with additional validation. | 4.7 |
2023-03-02 | CVE-2022-40633 | Rittal | Unspecified vulnerability in Rittal CMC III Firmware A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks. | 4.6 |
2023-02-27 | CVE-2022-48254 | Huawei | Unspecified vulnerability in Huawei Leia-B29 Firmware Leiab292.0.0.49(M03) There is a data processing error vulnerability in Leia-B29 2.0.0.49(M03). | 4.6 |
2023-03-03 | CVE-2022-2835 | Coredns IO | Unspecified vulnerability in Coredns.Io Coredns A flaw was found in coreDNS. | 4.4 |
2023-03-03 | CVE-2023-20062 | Cisco | Server-Side Request Forgery (SSRF) vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 4.3 |
2023-03-02 | CVE-2023-26051 | Saleor | Information Exposure Through an Error Message vulnerability in Saleor Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. | 4.3 |
2023-03-01 | CVE-2022-48309 | Sophos | Cross-Site Request Forgery (CSRF) vulnerability in Sophos Connect A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | 4.3 |
2023-03-01 | CVE-2022-46806 | Villatheme | Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Cart ALL in ONE for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification. | 4.3 |
2023-03-01 | CVE-2022-47148 | Wpovernight | Cross-Site Request Forgery (CSRF) vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss. | 4.3 |
2023-03-01 | CVE-2022-38468 | Imagely | Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration. | 4.3 |
2023-03-01 | CVE-2022-40198 | Standalonetech | Cross-Site Request Forgery (CSRF) vulnerability in Standalonetech Terawallet Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change. | 4.3 |
2023-03-01 | CVE-2022-46797 | Tatvic | Cross-Site Request Forgery (CSRF) vulnerability in Tatvic Conversios.Io Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change. | 4.3 |
2023-02-28 | CVE-2022-47179 | Ujsoftware | Cross-Site Request Forgery (CSRF) vulnerability in Ujsoftware OWM Weather Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft. | 4.3 |
2023-02-28 | CVE-2022-47612 | Xnau | Cross-Site Request Forgery (CSRF) vulnerability in Xnau Participants Database Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. | 4.3 |
2023-02-28 | CVE-2023-23865 | Checkoutplugins | Cross-Site Request Forgery (CSRF) vulnerability in Checkoutplugins Stripe Payments for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change. | 4.3 |
2023-02-28 | CVE-2023-23992 | Automatorwp | Cross-Site Request Forgery (CSRF) vulnerability in Automatorwp 1.7.6/2.5.0 Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | 4.3 |
2023-02-28 | CVE-2023-1022 | Joomunited | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. | 4.3 |
2023-02-28 | CVE-2023-1023 | Joomunited | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. | 4.3 |
2023-02-28 | CVE-2023-1024 | Joomunited | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. | 4.3 |
2023-02-28 | CVE-2023-1026 | Joomunited | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. | 4.3 |
2023-02-28 | CVE-2023-1027 | Joomunited | Missing Authorization vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. | 4.3 |
2023-02-28 | CVE-2023-1028 | Joomunited | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. | 4.3 |
2023-02-27 | CVE-2023-26041 | Nextcloud | Exposure of Resource to Wrong Sphere vulnerability in Nextcloud Talk Nextcloud Talk is a fully on-premises audio/video and chat communication service. | 4.3 |
2023-02-27 | CVE-2022-46705 | Apple | Unspecified vulnerability in Apple products A spoofing issue existed in the handling of URLs. | 4.3 |
2023-02-27 | CVE-2023-1068 | Read More Excerpt Link Project | Unspecified vulnerability in Read More Excerpt Link Project Read More Excerpt Link The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. | 4.3 |
2023-03-01 | CVE-2023-23003 | Linux | Unchecked Return Value vulnerability in Linux Kernel In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. | 4.0 |
11 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-03 | CVE-2022-41862 | Postgresql Fedoraproject Redhat | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. | 3.7 |
2023-03-02 | CVE-2023-0196 | Nvidia | NULL Pointer Dereference vulnerability in Nvidia Cuda Toolkit NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. | 3.3 |
2023-02-28 | CVE-2023-20932 | Improper Input Validation vulnerability in Google Android In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. | 3.3 | |
2023-02-27 | CVE-2022-42838 | Apple | Operation on a Resource after Expiration or Release vulnerability in Apple Macos An issue with app access to camera data was addressed with improved logic. | 3.3 |
2023-02-27 | CVE-2023-23493 | Apple | Improper Authentication vulnerability in Apple Macos A logic issue was addressed with improved state management. | 3.3 |
2023-02-27 | CVE-2023-23498 | Apple | Unspecified vulnerability in Apple Ipados, Iphone OS and Macos A logic issue was addressed with improved state management. | 3.3 |
2023-02-27 | CVE-2023-23505 | Apple | Information Exposure Through Log Files vulnerability in Apple products A privacy issue was addressed with improved private data redaction for log entries. | 3.3 |
2023-02-27 | CVE-2023-22636 | Fortinet | Unspecified vulnerability in Fortinet Fortiweb An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request. | 3.3 |
2023-02-27 | CVE-2023-27265 | Mattermost | Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | 2.7 |
2023-02-27 | CVE-2023-27266 | Mattermost | Information Exposure vulnerability in Mattermost Server Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | 2.7 |
2023-03-01 | CVE-2023-22771 | Arubanetworks | Insufficient Session Expiration vulnerability in Arubanetworks Arubaos and Sd-Wan An insufficient session expiration vulnerability exists in the ArubaOS command line interface. | 2.4 |