Weekly Vulnerabilities Reports > March 6 to 12, 2023
Overview
486 new vulnerabilities reported during this period, including 83 critical vulnerabilities and 140 high severity vulnerabilities. This weekly summary report vulnerabilities in 777 products from 204 vendors including Google, Qualcomm, Fortinet, Gitlab, and Rapidload. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Missing Authorization", "Improper Input Validation", and "Use After Free".
- 363 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 164 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 252 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 77 reported vulnerabilities.
- Funadmin has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
83 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-08 | CVE-2023-27482 | Home Assistant | Improper Authentication vulnerability in Home-Assistant Supervisor homeassistant is an open source home automation tool. | 10.0 |
2023-03-08 | CVE-2023-26489 | Bytecodealliance | Out-of-bounds Write vulnerability in Bytecodealliance Cranelift-Codegen and Wasmtime wasmtime is a fast and secure runtime for WebAssembly. | 9.9 |
2023-03-07 | CVE-2023-27479 | Xwiki | Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 9.9 |
2023-03-12 | CVE-2023-1357 | Simple Bakery Shop Management System Project | SQL Injection vulnerability in Simple Bakery Shop Management System Project Simple Bakery Shop Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. | 9.8 |
2023-03-12 | CVE-2023-1358 | Gadget Works Online Ordering System Project | SQL Injection vulnerability in Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. | 9.8 |
2023-03-12 | CVE-2022-48367 | Ibexa | Missing Authorization vulnerability in Ibexa products An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. | 9.8 |
2023-03-11 | CVE-2023-1351 | Computer Parts Sales AND Inventory System Project | SQL Injection vulnerability in Computer Parts Sales and Inventory System Project Computer Parts Sales and Inventory System 1.0 A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. | 9.8 |
2023-03-11 | CVE-2023-1350 | Liferea Project | OS Command Injection vulnerability in Liferea Project Liferea A vulnerability was found in liferea. | 9.8 |
2023-03-10 | CVE-2022-33256 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption due to improper validation of array index in Multi-mode call processor. | 9.8 |
2023-03-10 | CVE-2022-40515 | Qualcomm | Double Free vulnerability in Qualcomm products Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. | 9.8 |
2023-03-10 | CVE-2022-40537 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. | 9.8 |
2023-03-10 | CVE-2023-1198 | Saysis | SQL Injection vulnerability in Saysis Starcities 1.1/1.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.This issue affects Starcities: through 1.3. | 9.8 |
2023-03-10 | CVE-2023-25143 | Trendmicro | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | 9.8 |
2023-03-10 | CVE-2023-27852 | Netgear | Classic Buffer Overflow vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. | 9.8 |
2023-03-10 | CVE-2023-27853 | Netgear | Classic Buffer Overflow vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | 9.8 |
2023-03-10 | CVE-2023-26075 | Samsung | Classic Buffer Overflow vulnerability in Samsung products An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. | 9.8 |
2023-03-10 | CVE-2021-33360 | Stoqey | Unspecified vulnerability in Stoqey Gnuplot An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s). | 9.8 |
2023-03-10 | CVE-2023-1321 | Lmxcms | SQL Injection vulnerability in Lmxcms 1.41 A vulnerability has been found in lmxcms 1.41 and classified as critical. | 9.8 |
2023-03-10 | CVE-2023-1322 | Lmxcms | SQL Injection vulnerability in Lmxcms 1.41 A vulnerability was found in lmxcms 1.41 and classified as critical. | 9.8 |
2023-03-10 | CVE-2023-24774 | Funadmin | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. | 9.8 |
2023-03-10 | CVE-2023-1091 | Alpatateknoloji | SQL Injection vulnerability in Alpatateknoloji Licensed Warehousing Automation System 2023.1.01 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01. | 9.8 |
2023-03-10 | CVE-2023-1308 | Online Graduate Tracer System Project | SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0 A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. | 9.8 |
2023-03-10 | CVE-2023-1309 | Online Graduate Tracer System Project | SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0 A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. | 9.8 |
2023-03-10 | CVE-2023-1310 | Online Graduate Tracer System Project | SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. | 9.8 |
2023-03-10 | CVE-2023-1311 | Friendly Island Pizza Website AND Ordering System Project | SQL Injection vulnerability in Friendly Island Pizza Website and Ordering System Project Friendly Island Pizza Website and Ordering System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. | 9.8 |
2023-03-10 | CVE-2023-1307 | Froxlor | Authentication Bypass by Primary Weakness vulnerability in Froxlor Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | 9.8 |
2023-03-09 | CVE-2023-1300 | Covid 19 Testing Management System Project | SQL Injection vulnerability in Covid 19 Testing Management System Project Covid 19 Testing Management System 1.0 A vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0. | 9.8 |
2023-03-09 | CVE-2023-1301 | Friendly Island Pizza Website AND Ordering System Project | SQL Injection vulnerability in Friendly Island Pizza Website and Ordering System Project Friendly Island Pizza Website and Ordering System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. | 9.8 |
2023-03-09 | CVE-2023-1303 | Ucms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6 A vulnerability was found in UCMS 1.6 and classified as critical. | 9.8 |
2023-03-09 | CVE-2023-27202 | Best POS Management System Project | SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php. | 9.8 |
2023-03-09 | CVE-2023-27203 | Best POS Management System Project | SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php. | 9.8 |
2023-03-09 | CVE-2023-27204 | Best POS Management System Project | SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | 9.8 |
2023-03-09 | CVE-2023-27205 | Best POS Management System Project | SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0 Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | 9.8 |
2023-03-09 | CVE-2023-27207 | Online Pizza Ordering System Project | SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | 9.8 |
2023-03-09 | CVE-2023-27210 | Online Pizza Ordering System Project | SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. | 9.8 |
2023-03-09 | CVE-2023-27213 | Online Student Management System Project | SQL Injection vulnerability in Online Student Management System Project Online Student Management System 1.0 Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | 9.8 |
2023-03-09 | CVE-2023-27214 | Online Student Management System Project | SQL Injection vulnerability in Online Student Management System Project Online Student Management System 1.0 Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | 9.8 |
2023-03-09 | CVE-2023-1287 | 3DS | Code Injection vulnerability in 3DS Enovia Live Collaboration An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | 9.8 |
2023-03-09 | CVE-2023-1290 | Sales Tracker Management System Project | SQL Injection vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. | 9.8 |
2023-03-09 | CVE-2023-1291 | Sales Tracker Management System Project | SQL Injection vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. | 9.8 |
2023-03-09 | CVE-2023-1292 | Sales Tracker Management System Project | SQL Injection vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0 A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. | 9.8 |
2023-03-09 | CVE-2023-1294 | File Tracker Manager System Project | SQL Injection vulnerability in File Tracker Manager System Project File Tracker Management System 1.0 A vulnerability was found in SourceCodester File Tracker Manager System 1.0. | 9.8 |
2023-03-09 | CVE-2023-1251 | Akinsoft | SQL Injection vulnerability in Akinsoft Wolvox Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03. | 9.8 |
2023-03-09 | CVE-2023-26109 | Node Bluetooth Serial Port Project | Classic Buffer Overflow vulnerability in Node-Bluetooth-Serial-Port Project Node-Bluetooth-Serial-Port All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. | 9.8 |
2023-03-09 | CVE-2023-26110 | Node Bluetooth Project | Classic Buffer Overflow vulnerability in Node-Bluetooth Project Node-Bluetooth All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. | 9.8 |
2023-03-08 | CVE-2021-33352 | Wyomind | Unrestricted Upload of File with Dangerous Type vulnerability in Wyomind Help Desk An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field. | 9.8 |
2023-03-08 | CVE-2021-33353 | Wyomind | Path Traversal vulnerability in Wyomind Help Desk Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting. | 9.8 |
2023-03-08 | CVE-2023-1283 | Builder | Code Injection vulnerability in Builder Qwik Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | 9.8 |
2023-03-08 | CVE-2023-24777 | Funadmin | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. | 9.8 |
2023-03-08 | CVE-2023-22889 | Smartbear | Code Injection vulnerability in Smartbear Zephyr Enterprise SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. | 9.8 |
2023-03-08 | CVE-2023-24782 | Funadmin | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. | 9.8 |
2023-03-08 | CVE-2023-24773 | Funadmin | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. | 9.8 |
2023-03-08 | CVE-2023-26922 | Variscite | SQL Injection vulnerability in Variscite Matrix-Gui 2.0 SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint. | 9.8 |
2023-03-08 | CVE-2023-26261 | Ubikasec | Injection vulnerability in Ubikasec Waap Cloud and Waap Gateway In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. | 9.8 |
2023-03-08 | CVE-2023-25395 | Totolink | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. | 9.8 |
2023-03-08 | CVE-2023-1267 | Pttemkart | SQL Injection vulnerability in Pttemkart Pttem Kart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1. | 9.8 |
2023-03-08 | CVE-2023-1269 | Easyappointments | Use of Hard-coded Credentials vulnerability in Easyappointments Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 9.8 |
2023-03-08 | CVE-2023-23638 | Apache | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. | 9.8 |
2023-03-08 | CVE-2023-0090 | Proofpoint | Code Injection vulnerability in Proofpoint Enterprise Protection The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. | 9.8 |
2023-03-08 | CVE-2023-24780 | Funadmin | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. | 9.8 |
2023-03-07 | CVE-2023-24775 | Funadmin | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. | 9.8 |
2023-03-07 | CVE-2023-25690 | Apache | HTTP Request Smuggling vulnerability in Apache Http Server Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. | 9.8 |
2023-03-07 | CVE-2023-1253 | Health Center Patient Record Management System Project | SQL Injection vulnerability in Health Center Patient Record Management System Project Health Center Patient Record Management System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. | 9.8 |
2023-03-07 | CVE-2023-24781 | Funadmin | SQL Injection vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. | 9.8 |
2023-03-07 | CVE-2022-3760 | Miateknoloji | SQL Injection vulnerability in Miateknoloji Mia-Med Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58. | 9.8 |
2023-03-06 | CVE-2008-10004 | Email Registration Project | SQL Injection vulnerability in Email Registration Project Email Registration 5.X2.1 A vulnerability was found in Email Registration 5.x-2.1 on Drupal. | 9.8 |
2023-03-06 | CVE-2022-45141 | Samba | Inadequate Encryption Strength vulnerability in Samba Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | 9.8 |
2023-03-06 | CVE-2021-36392 | Moodle | SQL Injection vulnerability in Moodle In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | 9.8 |
2023-03-06 | CVE-2021-36393 | Moodle | SQL Injection vulnerability in Moodle In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | 9.8 |
2023-03-06 | CVE-2021-36394 | Moodle | Unspecified vulnerability in Moodle In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | 9.8 |
2023-03-06 | CVE-2023-24734 | Sigb | Use After Free vulnerability in Sigb PMB 7.4.6 An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. | 9.8 |
2023-03-06 | CVE-2023-24736 | Sigb | Unspecified vulnerability in Sigb PMB 7.4.6 PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. | 9.8 |
2023-03-06 | CVE-2023-26949 | Onekeyadmin | Unrestricted Upload of File with Dangerous Type vulnerability in Onekeyadmin 1.3.9 An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
2023-03-06 | CVE-2023-24776 | Funadmin | Unspecified vulnerability in Funadmin 3.2.0 Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. | 9.8 |
2023-03-06 | CVE-2023-0979 | Meddatapacs | SQL Injection vulnerability in Meddatapacs Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection.This issue affects MedDataPACS : before 2023-03-03. | 9.8 |
2023-03-06 | CVE-2022-4328 | Najeebmedia | Unspecified vulnerability in Najeebmedia Woocommerce Checkout Field Manager The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server | 9.8 |
2023-03-06 | CVE-2023-0839 | Inscada Project | Unspecified vulnerability in Inscada Project Inscada Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. | 9.8 |
2023-03-06 | CVE-2023-22336 | DOS Osaka | Path Traversal vulnerability in Dos-Osaka Rakuraku PC Cloud Agent and SS1 Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. | 9.8 |
2023-03-06 | CVE-2023-22344 | DOS Osaka | Use of Hard-coded Credentials vulnerability in Dos-Osaka Rakuraku PC Cloud Agent and SS1 Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. | 9.8 |
2023-03-10 | CVE-2023-27898 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances. | 9.6 |
2023-03-10 | CVE-2023-27905 | Jenkins | Cross-site Scripting vulnerability in Jenkins Update-Center2 3.13/3.14 Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. | 9.6 |
2023-03-09 | CVE-2023-26957 | Onekeyadmin | Missing Authorization vulnerability in Onekeyadmin 1.3.9 onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. | 9.1 |
2023-03-08 | CVE-2021-33351 | Wyomind | Cross-site Scripting vulnerability in Wyomind Help Desk Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field. | 9.0 |
140 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-10 | CVE-2023-23328 | Avantfax | Unrestricted Upload of File with Dangerous Type vulnerability in Avantfax 3.3.7 A File Upload vulnerability exists in AvantFAX 3.3.7. | 8.8 |
2023-03-10 | CVE-2020-5002 | IBM | Improper Input Validation vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. | 8.8 |
2023-03-10 | CVE-2022-33213 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in modem due to buffer overflow while processing a PPP packet | 8.8 |
2023-03-10 | CVE-2023-1205 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | 8.8 |
2023-03-10 | CVE-2023-27851 | Netgear | Unspecified vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | 8.8 |
2023-03-10 | CVE-2023-1313 | Agentejo | Unrestricted Upload of File with Dangerous Type vulnerability in Agentejo Cockpit Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. | 8.8 |
2023-03-09 | CVE-2023-27490 | Nextauth JS | Session Fixation vulnerability in Nextauth.Js Next-Auth NextAuth.js is an open source authentication solution for Next.js applications. | 8.8 |
2023-03-08 | CVE-2022-46394 | ARM | Use After Free vulnerability in ARM products An issue was discovered in the Arm Mali GPU Kernel Driver. | 8.8 |
2023-03-08 | CVE-2023-23760 | Github | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. | 8.8 |
2023-03-08 | CVE-2023-27486 | Xcat Project | Incorrect Authorization vulnerability in Xcat Project Xcat xCAT is a toolkit for deployment and administration of computer clusters. | 8.8 |
2023-03-08 | CVE-2023-27088 | Feiqu Opensource Project | Unspecified vulnerability in Feiqu-Opensource Project Feiqu-Opensource feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. | 8.8 |
2023-03-08 | CVE-2023-0089 | Proofpoint | Code Injection vulnerability in Proofpoint Enterprise Protection The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | 8.8 |
2023-03-07 | CVE-2023-1213 | Use After Free vulnerability in Google Chrome Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-03-07 | CVE-2023-1214 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-03-07 | CVE-2023-1215 | Type Confusion vulnerability in Google Chrome Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-03-07 | CVE-2023-1216 | Use After Free vulnerability in Google Chrome Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-03-07 | CVE-2023-1218 | Use After Free vulnerability in Google Chrome Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-03-07 | CVE-2023-1219 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-03-07 | CVE-2023-1220 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-03-07 | CVE-2023-1222 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-03-07 | CVE-2023-1227 | Use After Free vulnerability in Google Chrome Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. | 8.8 | |
2023-03-07 | CVE-2023-27475 | Goutil Project | Path Traversal vulnerability in Goutil Project Goutil Goutil is a collection of miscellaneous functionality for the go language. | 8.8 |
2023-03-07 | CVE-2022-39951 | Fortinet | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |
2023-03-07 | CVE-2015-10087 | Upthemes | Unrestricted Upload of File with Dangerous Type vulnerability in Upthemes Designfolio-Plus 1.2 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. | 8.8 |
2023-03-07 | CVE-2021-4331 | Posimyth | Unspecified vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). | 8.8 |
2023-03-07 | CVE-2020-36669 | Jetbackup | Unspecified vulnerability in Jetbackup The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. | 8.8 |
2023-03-07 | CVE-2021-4330 | Envato | Unspecified vulnerability in Envato Elements and Template KIT - Import The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. | 8.8 |
2023-03-07 | CVE-2023-23554 | Sraoss | Uncontrolled Search Path Element vulnerability in Sraoss PG IVM Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. | 8.8 |
2023-03-06 | CVE-2019-8720 | Webkitgtk Wpewebkit Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was found in WebKit. | 8.8 |
2023-03-06 | CVE-2023-24217 | Agilebio | Unspecified vulnerability in Agilebio Electronic LAB Notebook 4.234 AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. | 8.8 |
2023-03-06 | CVE-2023-0093 | Okta | Command Injection vulnerability in Okta Advanced Server Access Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. | 8.8 |
2023-03-06 | CVE-2023-24763 | Prestashop | SQL Injection vulnerability in Prestashop XEN Forum In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. | 8.8 |
2023-03-06 | CVE-2023-24789 | Jeecg | SQL Injection vulnerability in Jeecg 3.4.4 jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | 8.8 |
2023-03-06 | CVE-2022-46395 | ARM | Use After Free vulnerability in ARM products An issue was discovered in the Arm Mali GPU Kernel Driver. | 8.8 |
2023-03-06 | CVE-2022-4265 | Gopostmatic | Unspecified vulnerability in Gopostmatic Replyable The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. | 8.8 |
2023-03-06 | CVE-2023-1184 | Shopex | Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. | 8.8 |
2023-03-06 | CVE-2023-1185 | Shopex | Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. | 8.8 |
2023-03-06 | CVE-2022-4904 | C Ares Project Redhat Fedoraproject | Improper Validation of Specified Quantity in Input vulnerability in multiple products A flaw was found in the c-ares package. | 8.6 |
2023-03-07 | CVE-2022-42476 | Fortinet | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. | 8.2 |
2023-03-11 | CVE-2023-1352 | Design AND Implementation OF Covid 19 Directory ON Vaccination System Project | SQL Injection vulnerability in Design and Implementation of Covid-19 Directory on Vaccination System Project Design and Implementation of Covid-19 Directory on Vaccination System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. | 8.1 |
2023-03-11 | CVE-2023-24999 | Hashicorp | Incorrect Authorization vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. | 8.1 |
2023-03-09 | CVE-2023-1293 | Online Graduate Tracer System Project | SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0 A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. | 8.1 |
2023-03-08 | CVE-2023-22891 | Smartbear | Incorrect Authorization vulnerability in Smartbear Zephyr Enterprise There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | 8.1 |
2023-03-10 | CVE-2022-20929 | Cisco | Improper Verification of Cryptographic Signature vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. | 7.8 |
2023-03-10 | CVE-2022-25655 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload. | 7.8 |
2023-03-10 | CVE-2022-25694 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM | 7.8 |
2023-03-10 | CVE-2022-25705 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response | 7.8 |
2023-03-10 | CVE-2022-25709 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption in modem due to use of out of range pointer offset while processing qmi msg | 7.8 |
2023-03-10 | CVE-2022-33242 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. | 7.8 |
2023-03-10 | CVE-2022-33245 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in WLAN due to use after free | 7.8 |
2023-03-10 | CVE-2022-33260 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption due to stack based buffer overflow in core while sending command from USB of large size. | 7.8 |
2023-03-10 | CVE-2022-33278 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity. | 7.8 |
2023-03-10 | CVE-2022-40530 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. | 7.8 |
2023-03-10 | CVE-2022-40531 | Qualcomm | Incorrect Type Conversion or Cast vulnerability in Qualcomm products Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | 7.8 |
2023-03-10 | CVE-2022-40539 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption in Automotive Android OS due to improper validation of array index. | 7.8 |
2023-03-10 | CVE-2022-40540 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel. | 7.8 |
2023-03-10 | CVE-2023-25144 | Trendmicro | Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | 7.8 |
2023-03-10 | CVE-2023-25145 | Trendmicro | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
2023-03-10 | CVE-2023-25146 | Trendmicro | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
2023-03-10 | CVE-2023-25148 | Trendmicro | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
2023-03-10 | CVE-2023-22436 | Openatom | Use After Free vulnerability in Openatom Openharmony The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root. | 7.8 |
2023-03-10 | CVE-2023-27117 | Webassembly | Out-of-bounds Write vulnerability in Webassembly 1.0.29 WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. | 7.8 |
2023-03-09 | CVE-2023-0621 | Hornerautomation | Unspecified vulnerability in Hornerautomation Cscape Envision RV 4.60 Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. | 7.8 |
2023-03-09 | CVE-2023-0622 | Hornerautomation | Unspecified vulnerability in Hornerautomation Cscape Envision RV 4.60 Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. | 7.8 |
2023-03-09 | CVE-2023-0623 | Hornerautomation | Unspecified vulnerability in Hornerautomation Cscape Envision RV 4.60 Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. | 7.8 |
2023-03-09 | CVE-2023-27985 | GNU | OS Command Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. | 7.8 |
2023-03-09 | CVE-2023-27986 | GNU | Code Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. | 7.8 |
2023-03-08 | CVE-2023-0030 | Linux | Use After Free vulnerability in Linux Kernel A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. | 7.8 |
2023-03-08 | CVE-2023-1277 | Ubuntukylin | OS Command Injection vulnerability in Ubuntukylin Kylin-System-Updater 1.4.20Kord A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. | 7.8 |
2023-03-07 | CVE-2023-1003 | Typora | Code Injection vulnerability in Typora A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. | 7.8 |
2023-03-07 | CVE-2022-39953 | Fortinet | Improper Privilege Management vulnerability in Fortinet Fortinac A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. | 7.8 |
2023-03-06 | CVE-2022-3424 | Linux Redhat | Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. | 7.8 |
2023-03-06 | CVE-2023-25304 | Prismlauncher | Path Traversal vulnerability in Prismlauncher Prism Launcher An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file. | 7.8 |
2023-03-06 | CVE-2023-1190 | Imageinfo Project | Classic Buffer Overflow vulnerability in Imageinfo Project Imageinfo 3.0.3 A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. | 7.8 |
2023-03-06 | CVE-2023-26107 | Ebay | Code Injection vulnerability in Ebay Sketchsvg All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. | 7.8 |
2023-03-06 | CVE-2023-22419 | Jtekt | Out-of-bounds Read vulnerability in Jtekt Kostac PLC Programming Software Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. | 7.8 |
2023-03-06 | CVE-2023-22421 | Jtekt | Out-of-bounds Read vulnerability in Jtekt Kostac PLC Programming Software Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. | 7.8 |
2023-03-06 | CVE-2023-22424 | Jtekt | Use After Free vulnerability in Jtekt Kostac PLC Programming Software Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. | 7.8 |
2023-03-07 | CVE-2023-27480 | Xwiki | XXE vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 7.7 |
2023-03-06 | CVE-2022-4862 | M Files | Cross-site Scripting vulnerability in M-Files Server Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. | 7.6 |
2023-03-10 | CVE-2022-44574 | Ivanti | Improper Authentication vulnerability in Ivanti Avalanche An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | 7.5 |
2023-03-10 | CVE-2023-23911 | Rocket Chat | Inadequate Encryption Strength vulnerability in Rocket.Chat An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | 7.5 |
2023-03-10 | CVE-2023-27530 | Rack Project Debian | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | 7.5 |
2023-03-10 | CVE-2023-27532 | Veeam | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. | 7.5 |
2023-03-10 | CVE-2022-33244 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout | 7.5 |
2023-03-10 | CVE-2022-33250 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover. | 7.5 |
2023-03-10 | CVE-2022-33254 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS due to reachable assertion in Modem while processing SIB1 Message. | 7.5 |
2023-03-10 | CVE-2022-33272 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS in modem due to reachable assertion. | 7.5 |
2023-03-10 | CVE-2022-33309 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes. | 7.5 |
2023-03-10 | CVE-2022-40527 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. | 7.5 |
2023-03-10 | CVE-2022-40535 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS due to buffer over-read in WLAN while sending a packet to device. | 7.5 |
2023-03-10 | CVE-2022-43902 | IBM | Unspecified vulnerability in IBM MQ Appliance IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. | 7.5 |
2023-03-10 | CVE-2023-1246 | Saysis | Files or Directories Accessible to External Parties vulnerability in Saysis Starcities 1.1/1.3 Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3. | 7.5 |
2023-03-10 | CVE-2023-27900 | Jenkins | Allocation of Resources Without Limits or Throttling vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service. | 7.5 |
2023-03-10 | CVE-2023-27901 | Jenkins | Allocation of Resources Without Limits or Throttling vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. | 7.5 |
2023-03-10 | CVE-2023-27161 | Jellyfin | Server-Side Request Forgery (SSRF) vulnerability in Jellyfin Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. | 7.5 |
2023-03-10 | CVE-2023-26464 | Apache | Deserialization of Untrusted Data vulnerability in Apache Log4J ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. | 7.5 |
2023-03-10 | CVE-2023-22301 | Openatom | Unspecified vulnerability in Openatom Openharmony The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system. | 7.5 |
2023-03-10 | CVE-2014-125093 | Getadmiral | Unspecified vulnerability in Getadmiral AD Blocking Detector A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic. | 7.5 |
2023-03-09 | CVE-2021-34125 | Dronecode Yuneec | An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. | 7.5 |
2023-03-09 | CVE-2023-20049 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XR A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. | 7.5 |
2023-03-09 | CVE-2023-27483 | Crossplane | Resource Exhaustion vulnerability in Crossplane Crossplane-Runtime 0.16.0 crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. | 7.5 |
2023-03-09 | CVE-2023-1288 | 3DS | XXE vulnerability in 3DS Enovia Live Collaboration An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server. | 7.5 |
2023-03-09 | CVE-2023-25573 | Metersphere | Missing Authorization vulnerability in Metersphere metersphere is an open source continuous testing platform. | 7.5 |
2023-03-09 | CVE-2023-26948 | Onekeyadmin | Files or Directories Accessible to External Parties vulnerability in Onekeyadmin 1.3.9 onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. | 7.5 |
2023-03-09 | CVE-2018-25081 | Bitwarden | Unspecified vulnerability in Bitwarden Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. | 7.5 |
2023-03-09 | CVE-2023-27974 | Bitwarden | Unspecified vulnerability in Bitwarden Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. | 7.5 |
2023-03-08 | CVE-2021-33639 | Openatom | Unspecified vulnerability in Openatom Openeuler Kernel REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | 7.5 |
2023-03-08 | CVE-2023-22890 | Smartbear | Unrestricted Upload of File with Dangerous Type vulnerability in Smartbear Zephyr Enterprise SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. | 7.5 |
2023-03-08 | CVE-2023-22892 | Smartbear | Exposure of Resource to Wrong Sphere vulnerability in Smartbear Zephyr Enterprise There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. | 7.5 |
2023-03-08 | CVE-2023-24533 | Nistec Project | Incorrect Calculation vulnerability in Nistec Project Nistec 0.0.1 Multiplication of certain unreduced P-256 scalars produce incorrect results. | 7.5 |
2023-03-08 | CVE-2023-26956 | Onekeyadmin | Files or Directories Accessible to External Parties vulnerability in Onekeyadmin 1.3.9 onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code. | 7.5 |
2023-03-08 | CVE-2023-27476 | Osgeo | XXE vulnerability in Osgeo Owslib OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. | 7.5 |
2023-03-07 | CVE-2022-41333 | Fortinet | Resource Exhaustion vulnerability in Fortinet Fortirecorder Firmware An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests. | 7.5 |
2023-03-07 | CVE-2023-27522 | Apache Debian Unbit | HTTP Request Smuggling vulnerability in multiple products HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. | 7.5 |
2023-03-06 | CVE-2022-45142 | Heimdal Project | Improper Validation of Integrity Check Value vulnerability in Heimdal Project Heimdal 7.7.1/7.8.0 The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. | 7.5 |
2023-03-06 | CVE-2023-27891 | Rami | Insufficient Session Expiration vulnerability in Rami Pretix rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. | 7.5 |
2023-03-06 | CVE-2023-26601 | Zohocorp | Resource Exhaustion vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | 7.5 |
2023-03-06 | CVE-2021-36395 | Moodle | Uncontrolled Recursion vulnerability in Moodle In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | 7.5 |
2023-03-06 | CVE-2021-36396 | Moodle | Server-Side Request Forgery (SSRF) vulnerability in Moodle In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | 7.5 |
2023-03-06 | CVE-2017-20180 | Zerocoin | Insufficient Verification of Data Authenticity vulnerability in Zerocoin Libzerocoin A vulnerability classified as critical has been found in Zerocoin libzerocoin. | 7.5 |
2023-03-06 | CVE-2022-3284 | M Files | Unspecified vulnerability in M-Files Server 22.2.11051.0/22.3.11237.3/22.6.11534.4 Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. | 7.5 |
2023-03-06 | CVE-2023-26106 | DOT Lens Project | Unspecified vulnerability in Dot-Lens Project Dot-Lens All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file. | 7.5 |
2023-03-06 | CVE-2023-26111 | Nubosoftware Node Static Project Node Static Project | Path Traversal vulnerability in multiple products All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function. | 7.5 |
2023-03-06 | CVE-2023-22335 | DOS Osaka | Unspecified vulnerability in Dos-Osaka Rakuraku PC Cloud Agent and SS1 Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. | 7.5 |
2023-03-09 | CVE-2022-4331 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. | 7.3 |
2023-03-07 | CVE-2023-25611 | Fortinet | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | 7.3 |
2023-03-12 | CVE-2022-48365 | Ibexa | Improper Privilege Management vulnerability in Ibexa Digital Experience Platform and EZ Platform Kernel An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. | 7.2 |
2023-03-10 | CVE-2023-1328 | 115Cms | Unrestricted Upload of File with Dangerous Type vulnerability in 115Cms 4.2 A vulnerability was found in Guizhou 115cms 4.2. | 7.2 |
2023-03-08 | CVE-2023-1276 | Sul1Ss Shop Project | SQL Injection vulnerability in Sul1Ss Shop Project Sul1Ss Shop A vulnerability, which was classified as critical, has been found in SUL1SS_shop. | 7.2 |
2023-03-07 | CVE-2023-25223 | Crmeb | SQL Injection vulnerability in Crmeb CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. | 7.2 |
2023-03-07 | CVE-2023-25605 | Fortinet | Unspecified vulnerability in Fortinet Fortisoar 7.3.0/7.3.1 A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | 7.2 |
2023-03-07 | CVE-2023-1211 | Phpipam | SQL Injection vulnerability in PHPipam SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. | 7.2 |
2023-03-06 | CVE-2023-1191 | Xjd2020 | Path Traversal vulnerability in Xjd2020 Fastcms A vulnerability classified as problematic has been found in fastcms. | 7.2 |
2023-03-06 | CVE-2015-10091 | Bywatersolutions | SQL Injection vulnerability in Bywatersolutions Bywater-Koha-Xslt A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. | 7.2 |
2023-03-07 | CVE-2022-41328 | Fortinet | Path Traversal vulnerability in Fortinet Fortios A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. | 7.1 |
2023-03-06 | CVE-2023-1161 | Wireshark Debian | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file | 7.1 |
2023-03-10 | CVE-2022-33257 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. | 7.0 |
2023-03-10 | CVE-2023-27899 | Jenkins | Incorrect Authorization vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. | 7.0 |
2023-03-06 | CVE-2023-23939 | Microsoft | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Azure Setup Kubectl 1/2.0/2.1 Azure/setup-kubectl is a GitHub Action for installing Kubectl. | 7.0 |
258 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-10 | CVE-2023-27850 | Netgear | Unspecified vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | 6.8 |
2023-03-07 | CVE-2023-1257 | Moxa | Unspecified vulnerability in Moxa products An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. | 6.8 |
2023-03-10 | CVE-2022-47461 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephone service, there is a missing permission check. | 6.7 | |
2023-03-10 | CVE-2022-47462 | Missing Authorization vulnerability in Google Android 10.0 In telephone service, there is a missing permission check. | 6.7 | |
2023-03-10 | CVE-2023-25147 | Trendmicro | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | 6.7 |
2023-03-07 | CVE-2023-20621 | Improper Input Validation vulnerability in Google Android In tinysys, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20624 | Classic Buffer Overflow vulnerability in Google Android 12.0/13.0 In vow, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20626 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 In msdc, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20627 | Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0/13.0 In pqframework, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20628 | Unspecified vulnerability in Google Android 12.0/13.0 In thermal, there is a possible memory corruption due to an uncaught exception. | 6.7 | |
2023-03-07 | CVE-2023-20630 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In usb, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20632 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In usb, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20633 | Improper Validation of Array Index vulnerability in Google Android 11.0/12.0/13.0 In usb, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20634 | Improper Input Validation vulnerability in Google Android 11.0/12.0 In widevine, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2023-03-07 | CVE-2023-20636 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In display drm, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20637 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20638 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20639 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20640 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20641 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20642 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20643 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-07 | CVE-2023-20650 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In apu, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-03-10 | CVE-2023-1201 | Devolutions | Unspecified vulnerability in Devolutions Server Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. | 6.5 |
2023-03-10 | CVE-2023-1203 | Devolutions | Unspecified vulnerability in Devolutions Remote Desktop Manager Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule. | 6.5 |
2023-03-09 | CVE-2022-3767 | Gitlab | Unspecified vulnerability in Gitlab Dynamic Application Security Testing Analyzer Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host. | 6.5 |
2023-03-09 | CVE-2023-25814 | Metersphere | Path Traversal vulnerability in Metersphere metersphere is an open source continuous testing platform. | 6.5 |
2023-03-09 | CVE-2023-0845 | Hashicorp | NULL Pointer Dereference vulnerability in Hashicorp Consul Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. | 6.5 |
2023-03-08 | CVE-2022-4315 | Gitlab | Incorrect Authorization vulnerability in Gitlab Dynamic Application Security Testing Analyzer An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. | 6.5 |
2023-03-07 | CVE-2023-1217 | Out-of-bounds Write vulnerability in Google Chrome Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 | |
2023-03-07 | CVE-2023-1226 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.5 | |
2023-03-07 | CVE-2023-27478 | Awesome | Information Exposure vulnerability in Awesome Libmemcached libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. | 6.5 |
2023-03-07 | CVE-2022-27490 | Fortinet | Information Exposure vulnerability in Fortinet products A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | 6.5 |
2023-03-07 | CVE-2022-45861 | Fortinet | Access of Uninitialized Pointer vulnerability in Fortinet Fortios and Fortiproxy An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request. | 6.5 |
2023-03-07 | CVE-2021-4332 | Posimyth | Unspecified vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). | 6.5 |
2023-03-07 | CVE-2021-4333 | Veronalabs | Unspecified vulnerability in Veronalabs WP Statistics The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. | 6.5 |
2023-03-06 | CVE-2022-3277 | Redhat Openstack | Resource Exhaustion vulnerability in multiple products An uncontrolled resource consumption flaw was found in openstack-neutron. | 6.5 |
2023-03-06 | CVE-2022-3854 | Redhat | Unspecified vulnerability in Redhat Ceph Storage 3.0/4.0/5.0 A flaw was found in Ceph, relating to the URL processing on RGW backends. | 6.5 |
2023-03-06 | CVE-2023-26600 | Zohocorp | Unspecified vulnerability in Zohocorp products ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | 6.5 |
2023-03-06 | CVE-2023-26054 | Mobyproject | Information Exposure vulnerability in Mobyproject Buildkit BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. | 6.5 |
2023-03-07 | CVE-2023-20623 | Google Yoctoproject | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products In ion, there is a possible escalation of privilege due to improper locking. | 6.4 |
2023-03-07 | CVE-2023-20625 | Improper Synchronization vulnerability in Google Android 12.0/13.0 In adsp, there is a possible double free due to a race condition. | 6.4 | |
2023-03-07 | CVE-2023-1235 | Type Confusion vulnerability in Google Chrome Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. | 6.3 | |
2023-03-07 | CVE-2020-36670 | Basixonline | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms. | 6.3 |
2023-03-12 | CVE-2021-46875 | Ibexa | Cross-site Scripting vulnerability in Ibexa EZ Platform Kernel An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. | 6.1 |
2023-03-11 | CVE-2013-10021 | Wordpress | Cross-site Scripting vulnerability in Wordpress Debug BAR A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. | 6.1 |
2023-03-11 | CVE-2023-1353 | Design AND Implementation OF Covid 19 Directory ON Vaccination System Project | Cross-site Scripting vulnerability in Design and Implementation of Covid-19 Directory on Vaccination System Project Design and Implementation of Covid-19 Directory on Vaccination System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. | 6.1 |
2023-03-11 | CVE-2023-1354 | Design AND Implementation OF Covid 19 Directory ON Vaccination System Project | Cross-site Scripting vulnerability in Design and Implementation of Covid-19 Directory on Vaccination System Project Design and Implementation of Covid-19 Directory on Vaccination System 1.0 A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. | 6.1 |
2023-03-11 | CVE-2023-1349 | Hsycms | Cross-site Scripting vulnerability in Hsycms 3.1 A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. | 6.1 |
2023-03-10 | CVE-2021-27788 | Hcltech | Cross-site Scripting vulnerability in Hcltech Verse HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. | 6.1 |
2023-03-10 | CVE-2023-24975 | IBM | Improper Input Validation vulnerability in IBM Spectrum Symphony 7.3.0 IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
2023-03-10 | CVE-2023-0746 | Gigamon | Cross-site Scripting vulnerability in Gigamon Gigavue-Os 5.0.202 The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. | 6.1 |
2023-03-10 | CVE-2023-1320 | Enhancesoft | Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 6.1 |
2023-03-10 | CVE-2022-48111 | Siri Informatica | Cross-site Scripting vulnerability in Siri-Informatica Wi400 A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. | 6.1 |
2023-03-10 | CVE-2017-20182 | Mobilevikings | Cross-site Scripting vulnerability in Mobilevikings Django Ajax Utilities A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. | 6.1 |
2023-03-10 | CVE-2013-10020 | A Forms Project | Cross-site Scripting vulnerability in A-Forms Project A-Forms A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. | 6.1 |
2023-03-09 | CVE-2023-1302 | File Tracker Manager System Project | Cross-site Scripting vulnerability in File Tracker Manager System Project File Tracker Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. | 6.1 |
2023-03-09 | CVE-2022-3381 | Gitlab | Open Redirect vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. | 6.1 |
2023-03-09 | CVE-2023-27206 | Best POS Management System Project | Cross-site Scripting vulnerability in Best POS Management System Project Best POS Management System 1.0 A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | 6.1 |
2023-03-09 | CVE-2023-27208 | Online Pizza Ordering System Project | Cross-site Scripting vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. | 6.1 |
2023-03-09 | CVE-2023-27211 | Online Pizza Ordering System Project | Cross-site Scripting vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | 6.1 |
2023-03-09 | CVE-2023-27212 | Online Pizza Ordering System Project | Cross-site Scripting vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0 A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. | 6.1 |
2023-03-09 | CVE-2022-4317 | Gitlab | Open Redirect vulnerability in Gitlab Dynamic Application Security Testing Analyzer An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. | 6.1 |
2023-03-08 | CVE-2022-4007 | Gitlab | Cross-site Scripting vulnerability in Gitlab A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side. | 6.1 |
2023-03-08 | CVE-2023-1278 | Ibos | Cross-site Scripting vulnerability in Ibos A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. | 6.1 |
2023-03-08 | CVE-2023-1275 | Phone Shop Sales Managements System Project | Cross-site Scripting vulnerability in Phone Shop Sales Managements System Project Phone Shop Sales Managements System 1.0 A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. | 6.1 |
2023-03-08 | CVE-2023-24657 | Phpipam | Cross-site Scripting vulnerability in PHPipam 1.6 phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. | 6.1 |
2023-03-07 | CVE-2021-44196 | Ubit | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ubit Student Information Management System Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. | 6.1 |
2023-03-07 | CVE-2021-44197 | Ubit | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ubit Student Information Management System Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. | 6.1 |
2023-03-06 | CVE-2021-36713 | Sprymedia | Cross-site Scripting vulnerability in Sprymedia Datatables 1.9.2 Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. | 6.1 |
2023-03-06 | CVE-2015-10095 | WOO Popup Project | Cross-site Scripting vulnerability in Woo-Popup Project Woo-Popup A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. | 6.1 |
2023-03-06 | CVE-2023-24733 | Sigb | Cross-site Scripting vulnerability in Sigb PMB 7.4.6 PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. | 6.1 |
2023-03-06 | CVE-2023-24735 | Sigb | Open Redirect vulnerability in Sigb PMB 7.4.6 PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. | 6.1 |
2023-03-06 | CVE-2023-24737 | Sigb | Cross-site Scripting vulnerability in Sigb PMB 7.4.6 PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. | 6.1 |
2023-03-06 | CVE-2021-35377 | Vicidial | Cross-site Scripting vulnerability in Vicidial Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. | 6.1 |
2023-03-06 | CVE-2023-27472 | Quickentity Editor Project | Cross-site Scripting vulnerability in Quickentity Editor Project Quickentity Editor quickentity-editor-next is an open source, system local, video game asset editor. | 6.1 |
2023-03-06 | CVE-2015-10094 | Fastly | Cross-site Scripting vulnerability in Fastly A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. | 6.1 |
2023-03-06 | CVE-2022-2178 | Saysis | Cross-site Scripting vulnerability in Saysis Starcities Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS).This issue affects Starcities: before 1.1. | 6.1 |
2023-03-06 | CVE-2015-10092 | Qtranslate Slug Project | Cross-site Scripting vulnerability in Qtranslate Slug Project Qtranslate Slug A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on WordPress. | 6.1 |
2023-03-06 | CVE-2022-4929 | Learnetic | Cross-site Scripting vulnerability in Learnetic Icplayer A vulnerability was found in icplayer up to 0.818. | 6.1 |
2023-03-06 | CVE-2022-4928 | Learnetic | Cross-site Scripting vulnerability in Learnetic Icplayer A vulnerability was found in icplayer up to 0.819. | 6.1 |
2023-03-06 | CVE-2015-10090 | Inboundnow | Cross-site Scripting vulnerability in Inboundnow Landing-Pages A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. | 6.1 |
2023-03-06 | CVE-2023-22432 | Web2Py | Open Redirect vulnerability in Web2Py Open redirect vulnerability exists in web2py versions prior to 2.23.1. | 6.1 |
2023-03-06 | CVE-2023-0330 | Qemu Debian | Out-of-bounds Write vulnerability in multiple products A vulnerability in the lsi53c895a device affects the latest version of qemu. | 6.0 |
2023-03-12 | CVE-2016-15028 | Icepay | Improper Validation of Integrity Check Value vulnerability in Icepay Rest API 0.9 A vulnerability was found in ICEPAY REST-API-NET 0.9. | 5.9 |
2023-03-06 | CVE-2021-20251 | Samba Fedoraproject | Race Condition vulnerability in multiple products A flaw was found in samba. | 5.9 |
2023-03-11 | CVE-2023-1355 | VIM | NULL Pointer Dereference vulnerability in VIM NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. | 5.5 |
2023-03-10 | CVE-2022-22075 | Qualcomm | Unspecified vulnerability in Qualcomm products Information Disclosure in Graphics during GPU context switch. | 5.5 |
2023-03-10 | CVE-2022-37939 | HPE | Unspecified vulnerability in HPE products A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. | 5.5 |
2023-03-10 | CVE-2022-47453 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 10.0/11.0/12.0 In wcn service, there is a possible missing params check. | 5.5 | |
2023-03-10 | CVE-2022-47454 | Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing params check. | 5.5 | |
2023-03-10 | CVE-2022-47455 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing params check. | 5.5 | |
2023-03-10 | CVE-2022-47456 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing params check. | 5.5 | |
2023-03-10 | CVE-2022-47457 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing params check. | 5.5 | |
2023-03-10 | CVE-2022-47458 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 In wlan driver, there is a possible missing params check. | 5.5 | |
2023-03-10 | CVE-2022-47459 | Out-of-bounds Write vulnerability in Google Android 10.0/11.0 In wlan driver, there is a possible missing params check. | 5.5 | |
2023-03-10 | CVE-2022-47460 | Use After Free vulnerability in Google Android 10.0/11.0 In gpu device, there is a memory corruption due to a use after free. | 5.5 | |
2023-03-10 | CVE-2022-47471 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47472 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47473 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47474 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47475 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47476 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47477 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47478 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47479 | Missing Authorization vulnerability in Google Android 10.0/11.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47480 | Missing Authorization vulnerability in Google Android 10.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47481 | Missing Authorization vulnerability in Google Android 10.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47482 | Missing Authorization vulnerability in Google Android 10.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47483 | Missing Authorization vulnerability in Google Android 10.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2022-47484 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-03-10 | CVE-2023-0083 | Openatom | Type Confusion vulnerability in Openatom Openharmony The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | 5.5 |
2023-03-10 | CVE-2023-24465 | Openatom | NULL Pointer Dereference vulnerability in Openatom Openharmony Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash. | 5.5 |
2023-03-10 | CVE-2023-25947 | Openatom | NULL Pointer Dereference vulnerability in Openatom Openharmony The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package. | 5.5 |
2023-03-10 | CVE-2023-27114 | Radare | NULL Pointer Dereference vulnerability in Radare Radare2 5.8.3 radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. | 5.5 |
2023-03-10 | CVE-2023-27115 | Webassembly | Unspecified vulnerability in Webassembly 1.0.29 WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. | 5.5 |
2023-03-10 | CVE-2023-27116 | Webassembly | Unspecified vulnerability in Webassembly 1.0.29 WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. | 5.5 |
2023-03-10 | CVE-2023-27119 | Webassembly | Unspecified vulnerability in Webassembly Wabt 1.0.29 WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. | 5.5 |
2023-03-07 | CVE-2023-1264 | VIM Fedoraproject | NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | 5.5 |
2023-03-07 | CVE-2022-22297 | Fortinet | Unspecified vulnerability in Fortinet Fortirecorder Firmware and Fortiweb An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments. | 5.5 |
2023-03-07 | CVE-2017-20181 | Vocable Trainer Project | Path Traversal vulnerability in Vocable Trainer Project Vocable Trainer A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. | 5.5 |
2023-03-06 | CVE-2022-3707 | Linux Redhat | Double Free vulnerability in multiple products A double-free memory flaw was found in the Linux kernel. | 5.5 |
2023-03-06 | CVE-2023-22481 | Freshrss | Information Exposure Through Log Files vulnerability in Freshrss FreshRSS is a self-hosted RSS feed aggregator. | 5.5 |
2023-03-06 | CVE-2023-1186 | Fabulatech | NULL Pointer Dereference vulnerability in Fabulatech Webcam for Remote Desktop 2.8.42 A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. | 5.5 |
2023-03-06 | CVE-2023-1187 | Fabulatech | Improper Resource Shutdown or Release vulnerability in Fabulatech Webcam for Remote Desktop 2.8.42 A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. | 5.5 |
2023-03-06 | CVE-2023-1188 | Fabulatech | Improper Resource Shutdown or Release vulnerability in Fabulatech Webcam for Remote Desktop 2.8.42 A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. | 5.5 |
2023-03-06 | CVE-2023-1189 | Wisecleaner | Improper Resource Shutdown or Release vulnerability in Wisecleaner Wise Folder Hider 4.4.3.202 A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. | 5.5 |
2023-03-10 | CVE-2023-23326 | Avantfax | Cross-site Scripting vulnerability in Avantfax 3.3.7 A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. | 5.4 |
2023-03-10 | CVE-2023-1315 | Enhancesoft | Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 |
2023-03-10 | CVE-2023-1316 | Enhancesoft | Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 |
2023-03-10 | CVE-2023-1317 | Enhancesoft | Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 |
2023-03-10 | CVE-2023-1318 | Enhancesoft | Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 |
2023-03-09 | CVE-2022-3758 | Gitlab | Incorrect Default Permissions vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. | 5.4 |
2023-03-09 | CVE-2023-0050 | Gitlab | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. | 5.4 |
2023-03-08 | CVE-2023-24282 | Poly | Cross-site Scripting vulnerability in Poly Trio 8800 Firmware 7.2.2.1094 An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. | 5.4 |
2023-03-08 | CVE-2023-1270 | Btcpayserver | Cross-site Scripting vulnerability in Btcpayserver Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3. | 5.4 |
2023-03-08 | CVE-2023-26952 | Onekeyadmin | Cross-site Scripting vulnerability in Onekeyadmin 1.3.9 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module. | 5.4 |
2023-03-08 | CVE-2023-26950 | Onekeyadmin | Cross-site Scripting vulnerability in Onekeyadmin 1.3.9 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module. | 5.4 |
2023-03-07 | CVE-2022-40676 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortinac A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. | 5.4 |
2023-03-07 | CVE-2023-1254 | Health Center Patient Record Management System Project | Cross-site Scripting vulnerability in Health Center Patient Record Management System Project Health Center Patient Record Management System 1.0 A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. | 5.4 |
2023-03-07 | CVE-2020-36667 | Jetbackup | Unspecified vulnerability in Jetbackup The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. | 5.4 |
2023-03-07 | CVE-2023-26954 | Onekeyadmin Project | Cross-site Scripting vulnerability in Onekeyadmin Project Onekeyadmin 1.3.9 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module. | 5.4 |
2023-03-07 | CVE-2023-26955 | Onekeyadmin Project | Cross-site Scripting vulnerability in Onekeyadmin Project Onekeyadmin 1.3.9 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module. | 5.4 |
2023-03-07 | CVE-2023-1237 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 5.4 |
2023-03-07 | CVE-2023-1238 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 5.4 |
2023-03-07 | CVE-2023-1240 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 5.4 |
2023-03-07 | CVE-2023-1241 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 5.4 |
2023-03-07 | CVE-2023-1242 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 5.4 |
2023-03-07 | CVE-2023-1244 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 5.4 |
2023-03-07 | CVE-2023-1245 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 5.4 |
2023-03-06 | CVE-2021-36398 | Moodle | Cross-site Scripting vulnerability in Moodle 3.11.0 In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | 5.4 |
2023-03-06 | CVE-2021-36399 | Moodle | Cross-site Scripting vulnerability in Moodle 3.11.0 In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | 5.4 |
2023-03-06 | CVE-2022-42248 | Qlik | Cross-site Scripting vulnerability in Qlik Qlikview QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. | 5.4 |
2023-03-06 | CVE-2023-27474 | Rangerstudio | Cross-site Scripting vulnerability in Rangerstudio Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.4 |
2023-03-06 | CVE-2022-4930 | Syspass | Cross-site Scripting vulnerability in Syspass A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. | 5.4 |
2023-03-06 | CVE-2023-1200 | Ehuacui BBS Project | Cross-site Scripting vulnerability in Ehuacui-Bbs Project Ehuacui-Bbs A vulnerability was found in ehuacui bbs. | 5.4 |
2023-03-06 | CVE-2023-0063 | Synved | Unspecified vulnerability in Synved Wordpress Shortcodes The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2023-0064 | Eaglevisionit | Unspecified vulnerability in Eaglevisionit Evision Responsive Column Layout Shortcodes The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2023-0065 | I2 Pros Cons Project | Cross-site Scripting vulnerability in I2 Pros & Cons Project I2 Pros & Cons 1.3.1 The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2023-0068 | Product Gtin EAN UPC Isbn FOR Woocommerce Project | Unspecified vulnerability in Product Gtin (Ean, Upc, Isbn) for Woocommerce Project Product Gtin (Ean, Upc, Isbn) for Woocommerce The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2023-0069 | Wpaudio MP3 Player Project | Unspecified vulnerability in Wpaudio MP3 Player Project Wpaudio MP3 Player The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2023-0076 | Dfactory | Unspecified vulnerability in Dfactory Download Attachments The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2023-0078 | Resumebuilder | Unspecified vulnerability in Resumebuilder Resume Builder 3.1.1 The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users | 5.4 |
2023-03-06 | CVE-2023-0165 | Nicdark | Unspecified vulnerability in Nicdark Cost Calculator The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2023-0212 | Advanced Recent Posts Project | Unspecified vulnerability in Advanced Recent Posts Project Advanced Recent Posts 0.6.14 The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2023-0377 | Robincornett | Cross-site Scripting vulnerability in Robincornett Scriptless Social Sharing The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-06 | CVE-2015-10093 | Mark User AS Spammer Project | Cross-site Scripting vulnerability in Mark User AS Spammer Project Mark User AS Spammer 1.0.0/1.0.1 A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. | 5.4 |
2023-03-06 | CVE-2023-22856 | Blogengine | Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0 A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file. | 5.4 |
2023-03-06 | CVE-2023-22857 | Blogengine | Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0 A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. | 5.4 |
2023-03-06 | CVE-2022-44875 | Kioware | Cross-site Scripting vulnerability in Kioware KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code. | 5.4 |
2023-03-06 | CVE-2023-22438 | EC Cube | Cross-site Scripting vulnerability in Ec-Cube Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
2023-03-06 | CVE-2023-22838 | EC Cube | Cross-site Scripting vulnerability in Ec-Cube Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
2023-03-06 | CVE-2023-25077 | EC Cube | Cross-site Scripting vulnerability in Ec-Cube Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
2023-03-12 | CVE-2021-46876 | Ibexa | Unspecified vulnerability in Ibexa EZ Platform Kernel An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. | 5.3 |
2023-03-10 | CVE-2023-27904 | Jenkins | Unspecified vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. | 5.3 |
2023-03-09 | CVE-2023-1072 | Gitlab | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. | 5.3 |
2023-03-09 | CVE-2023-0223 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. | 5.3 |
2023-03-09 | CVE-2022-29056 | Fortinet | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortimail A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
2023-03-09 | CVE-2023-26208 | Fortinet | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortiauthenticator A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
2023-03-09 | CVE-2023-26209 | Fortinet | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
2023-03-08 | CVE-2023-24532 | Golang | Incorrect Calculation vulnerability in Golang GO The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). | 5.3 |
2023-03-07 | CVE-2023-1263 | Niteothemes | Information Exposure vulnerability in Niteothemes Coming Soon & Maintenance The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. | 5.3 |
2023-03-07 | CVE-2022-41329 | Fortinet | Information Exposure vulnerability in Fortinet Fortios and Fortiproxy An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests. | 5.3 |
2023-03-06 | CVE-2021-36402 | Moodle | Unspecified vulnerability in Moodle In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | 5.3 |
2023-03-06 | CVE-2021-36403 | Moodle | Unspecified vulnerability in Moodle In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | 5.3 |
2023-03-06 | CVE-2021-36397 | Moodle | Unspecified vulnerability in Moodle In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | 5.3 |
2023-03-06 | CVE-2021-36400 | Moodle | Authorization Bypass Through User-Controlled Key vulnerability in Moodle In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | 5.3 |
2023-03-06 | CVE-2023-25169 | Discourse | Unspecified vulnerability in Discourse Yearly Review 0.1 discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. | 5.3 |
2023-03-06 | CVE-2023-22858 | Blogengine | Unspecified vulnerability in Blogengine Blogengine.Net 3.3.8.0 An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. | 5.3 |
2023-03-06 | CVE-2023-26108 | Nestjs | Unspecified vulnerability in Nestjs Nest Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. | 5.3 |
2023-03-12 | CVE-2023-1360 | Employee Payslip Generator System Project | SQL Injection vulnerability in Employee Payslip Generator System Project Employee Payslip Generator System 1.2.0 A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. | 4.9 |
2023-03-10 | CVE-2023-23327 | Avantfax | Information Exposure vulnerability in Avantfax 3.3.7 An Information Disclosure vulnerability exists in AvantFAX 3.3.7. | 4.9 |
2023-03-10 | CVE-2023-27577 | Flarum | Path Traversal vulnerability in Flarum flarum is a forum software package for building communities. | 4.9 |
2023-03-09 | CVE-2023-27484 | Crossplane | Resource Exhaustion vulnerability in Crossplane crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. | 4.9 |
2023-03-07 | CVE-2023-25230 | Loonflow Project | Server-Side Request Forgery (SSRF) vulnerability in Loonflow Project Loonflow R2.0.14 A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter. | 4.9 |
2023-03-12 | CVE-2023-1359 | Gadget Works Online Ordering System Project | Cross-site Scripting vulnerability in Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0 A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. | 4.8 |
2023-03-10 | CVE-2023-1319 | Enhancesoft | Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 4.8 |
2023-03-10 | CVE-2023-27164 | Halo | Unrestricted Upload of File with Dangerous Type vulnerability in Halo An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | 4.8 |
2023-03-10 | CVE-2023-1312 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | 4.8 |
2023-03-09 | CVE-2023-1286 | Pimcore | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | 4.8 |
2023-03-07 | CVE-2023-26953 | Onekeyadmin | Cross-site Scripting vulnerability in Onekeyadmin 1.3.9 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module. | 4.8 |
2023-03-07 | CVE-2023-1239 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. | 4.8 |
2023-03-07 | CVE-2023-1243 | Answer | Cross-site Scripting vulnerability in Answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 4.8 |
2023-03-07 | CVE-2023-1212 | Phpipam | Cross-site Scripting vulnerability in PHPipam Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. | 4.8 |
2023-03-06 | CVE-2021-36401 | Moodle | Cross-site Scripting vulnerability in Moodle In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | 4.8 |
2023-03-06 | CVE-2023-1197 | Uvdesk | Cross-site Scripting vulnerability in Uvdesk Community-Skeleton Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. | 4.8 |
2023-03-09 | CVE-2023-20064 | Cisco | Missing Authorization vulnerability in Cisco IOS XR A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. | 4.6 |
2023-03-08 | CVE-2022-46752 | Dell | Unspecified vulnerability in Dell products Dell BIOS contains an Improper Authorization vulnerability. | 4.6 |
2023-03-10 | CVE-2023-0193 | Nvidia | Out-of-bounds Read vulnerability in Nvidia Cuda Toolkit NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. | 4.4 |
2023-03-10 | CVE-2023-27903 | Jenkins | Incorrect Authorization vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. | 4.4 |
2023-03-07 | CVE-2023-20635 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android In keyinstall, there is a possible information disclosure due to an integer overflow. | 4.4 | |
2023-03-07 | CVE-2023-20644 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-03-07 | CVE-2023-20645 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-03-07 | CVE-2023-20646 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-03-07 | CVE-2023-20647 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-03-07 | CVE-2023-20648 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-03-07 | CVE-2023-20649 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-03-07 | CVE-2023-20651 | Improper Input Validation vulnerability in Google Android 12.0/13.0 In apu, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-03-10 | CVE-2023-27902 | Jenkins | Unspecified vulnerability in Jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. | 4.3 |
2023-03-10 | CVE-2023-1333 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1334 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1335 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1336 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1337 | Rapidload | Missing Authorization vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1338 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1339 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1340 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1341 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1342 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1343 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1344 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1345 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. | 4.3 |
2023-03-10 | CVE-2023-1346 | Rapidload | Unspecified vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. | 4.3 |
2023-03-09 | CVE-2022-4289 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. | 4.3 |
2023-03-09 | CVE-2022-4462 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. | 4.3 |
2023-03-08 | CVE-2023-27477 | Bytecodealliance | Off-by-one Error vulnerability in Bytecodealliance Cranelift-Codegen and Wasmtime wasmtime is a fast and secure runtime for WebAssembly. | 4.3 |
2023-03-07 | CVE-2023-1221 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 4.3 | |
2023-03-07 | CVE-2023-1223 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1224 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1225 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1228 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1229 | Incorrect Default Permissions vulnerability in Google Chrome Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1230 | Unspecified vulnerability in Google Chrome Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1231 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1232 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1233 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. | 4.3 | |
2023-03-07 | CVE-2023-1234 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-1236 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. | 4.3 | |
2023-03-07 | CVE-2023-27481 | Monospace | Information Exposure vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 4.3 |
2023-03-07 | CVE-2023-27485 | THM | Incorrect Authorization vulnerability in THM Feedbacksystem thmmniii/fbs-core is an open source feedback system for students. | 4.3 |
2023-03-07 | CVE-2022-46257 | Github | Exposure of Resource to Wrong Sphere vulnerability in Github Enterprise Server An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. | 4.3 |
2023-03-07 | CVE-2022-4931 | Xibodevelopment | Unspecified vulnerability in Xibodevelopment Backupwordpress 3.12 The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. | 4.3 |
2023-03-07 | CVE-2022-4932 | Boldgrid | Unspecified vulnerability in Boldgrid Total Upkeep The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. | 4.3 |
2023-03-07 | CVE-2020-36668 | Jetbackup | Unspecified vulnerability in Jetbackup The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. | 4.3 |
2023-03-07 | CVE-2023-22847 | Sraoss | Unspecified vulnerability in Sraoss PG IVM Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. | 4.3 |
2023-03-06 | CVE-2022-48364 | Joinmastodon | Unspecified vulnerability in Joinmastodon Mastodon 3.5.0/3.5.1/3.5.2 The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | 4.3 |
2023-03-06 | CVE-2023-0328 | Wpcode | Unspecified vulnerability in Wpcode The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. | 4.3 |
2023-03-07 | CVE-2023-20620 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0/13.0 In adsp, there is a possible escalation of privilege due to a logic error. | 4.1 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-09 | CVE-2023-0483 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. | 3.8 |
2023-03-12 | CVE-2022-48366 | Ibexa | Race Condition vulnerability in Ibexa products An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. | 3.7 |
2023-03-07 | CVE-2023-23776 | Fortinet | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortianalyzer An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer | 3.1 |
2023-03-06 | CVE-2022-4134 | Openstack Redhat | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products A flaw was found in openstack-glance. | 2.8 |
2023-03-09 | CVE-2023-1084 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. | 2.7 |