Weekly Vulnerabilities Reports > April 3 to 9, 2023

Overview

323 new vulnerabilities reported during this period, including 42 critical vulnerabilities and 73 high severity vulnerabilities. This weekly summary report vulnerabilities in 341 products from 140 vendors including Cisco, Debian, Fedoraproject, Google, and Oretnom23. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Cross-Site Request Forgery (CSRF)", and "OS Command Injection".

  • 296 reported vulnerabilities are remotely exploitables.
  • 173 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 172 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 38 reported vulnerabilities.
  • Oretnom23 has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

42 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-04-04 CVE-2023-1748 Getnexx Use of Hard-coded Credentials vulnerability in Getnexx products

The listed versions of Nexx Smart Home devices use hard-coded credentials.

10.0
2023-04-09 CVE-2012-10011 Contus SQL Injection vulnerability in Contus HD FLV Player

A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress.

9.8
2023-04-09 CVE-2023-1962 Best Online News Portal Project SQL Injection vulnerability in Best Online News Portal Project Best Online News Portal 1.0

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0.

9.8
2023-04-09 CVE-2023-1963 Phpgurukul SQL Injection vulnerability in PHPgurukul Bank Locker Management System 1.0

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0.

9.8
2023-04-08 CVE-2023-1958 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0.

9.8
2023-04-08 CVE-2023-1955 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0.

9.8
2023-04-08 CVE-2013-10023 Editorial Calendar Project SQL Injection vulnerability in Editorial Calendar Project Editorial Calendar

A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress.

9.8
2023-04-08 CVE-2023-1952 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0.

9.8
2023-04-08 CVE-2023-1949 Phpgurukul SQL Injection vulnerability in PHPgurukul BP Monitoring Management System 1.0

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0.

9.8
2023-04-08 CVE-2023-1950 Phpgurukul SQL Injection vulnerability in PHPgurukul BP Monitoring Management System 1.0

A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical.

9.8
2023-04-08 CVE-2023-1951 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical.

9.8
2023-04-07 CVE-2023-1947 Taogogo Code Injection vulnerability in Taogogo Taocms 3.0.2

A vulnerability was found in taoCMS 3.0.2.

9.8
2023-04-07 CVE-2023-1941 Simple AND Beautiful Shopping Cart System Project SQL Injection vulnerability in Simple and Beautiful Shopping Cart System Project Simple and Beautiful Shopping Cart System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0.

9.8
2023-04-07 CVE-2023-1942 Oretnom23 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical.

9.8
2023-04-06 CVE-2023-28500 Adobe Deserialization of Untrusted Data vulnerability in Adobe Livecycle ES4

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL.

9.8
2023-04-06 CVE-2023-0580 ABB Insecure Storage of Sensitive Information vulnerability in ABB MY Control System 5.0/5.13

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.

9.8
2023-04-06 CVE-2023-24538 Golang Code Injection vulnerability in Golang GO

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.

9.8
2023-04-06 CVE-2023-0750 Lynx Technik Missing Encryption of Sensitive Data vulnerability in Lynx-Technik Yellobrik PEC 1864 Firmware

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface.  When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864.

9.8
2023-04-06 CVE-2023-1908 Simple Mobile Comparison Website Project SQL Injection vulnerability in Simple Mobile Comparison Website Project Simple Mobile Comparison Website 1.0

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0.

9.8
2023-04-05 CVE-2022-4939 Wclovers Unspecified vulnerability in Wclovers Wcfm Membership

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings.

9.8
2023-04-05 CVE-2023-1886 Phpmyfaq Authentication Bypass by Capture-replay vulnerability in PHPmyfaq

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

9.8
2023-04-05 CVE-2023-20073 Cisco Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device.

9.8
2023-04-05 CVE-2023-1849 Online Payroll System Project SQL Injection vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability was found in SourceCodester Online Payroll System 1.0.

9.8
2023-04-05 CVE-2023-1850 Online Payroll System Project SQL Injection vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability was found in SourceCodester Online Payroll System 1.0.

9.8
2023-04-05 CVE-2023-1854 Online Graduate Tracer System Project Insufficient Session Expiration vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0.

9.8
2023-04-05 CVE-2023-1856 AIR Cargo Management System Project SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0

A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical.

9.8
2023-04-05 CVE-2023-1845 Online Payroll System Project SQL Injection vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0.

9.8
2023-04-05 CVE-2023-1846 Online Payroll System Project SQL Injection vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical.

9.8
2023-04-05 CVE-2023-1847 Online Payroll System Project SQL Injection vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical.

9.8
2023-04-05 CVE-2023-1848 Online Payroll System Project SQL Injection vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability was found in SourceCodester Online Payroll System 1.0.

9.8
2023-04-04 CVE-2023-27488 Envoyproxy Unspecified vulnerability in Envoyproxy Envoy

Envoy is an open source edge and service proxy designed for cloud-native applications.

9.8
2023-04-04 CVE-2023-28613 Samsung Integer Overflow or Wraparound vulnerability in Samsung products

An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300.

9.8
2023-04-04 CVE-2020-29312 Zend Deserialization of Untrusted Data vulnerability in Zend Framework

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function.

9.8
2023-04-04 CVE-2023-26750 Yiiframework SQL Injection vulnerability in Yiiframework YII

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.

9.8
2023-04-04 CVE-2023-1827 Centralized Covid Vaccination Records System Project SQL Injection vulnerability in Centralized Covid Vaccination Records System Project Centralized Covid Vaccination Records System 1.0

A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical.

9.8
2023-04-04 CVE-2023-1671 Sophos Command Injection vulnerability in Sophos web Appliance

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

9.8
2023-04-04 CVE-2023-1826 Oretnom23 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0.

9.8
2023-04-03 CVE-2022-43939 Hitachi Unspecified vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. 

9.8
2023-04-03 CVE-2023-1765 Akbim SQL Injection vulnerability in Akbim Panon

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2.

9.8
2023-04-03 CVE-2023-26119 Htmlunit Unspecified vulnerability in Htmlunit

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.

9.8
2023-04-09 CVE-2023-1964 Phpgurukul SQL Injection vulnerability in PHPgurukul Bank Locker Management System 1.0

A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0.

9.1
2023-04-07 CVE-2023-1940 Simple AND Beautiful Shopping Cart System Project SQL Injection vulnerability in Simple and Beautiful Shopping Cart System Project Simple and Beautiful Shopping Cart System 1.0

A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0.

9.1

73 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-04-09 CVE-2012-10010 Bestwebsoft Cross-Site Request Forgery (CSRF) vulnerability in Bestwebsoft Contact Form 3.21

A vulnerability was found in BestWebSoft Contact Form 3.21.

8.8
2023-04-08 CVE-2013-10025 Exit Strategy Project Cross-Site Request Forgery (CSRF) vulnerability in Exit Strategy Project Exit Strategy 1.55

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic.

8.8
2023-04-08 CVE-2023-1960 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical.

8.8
2023-04-08 CVE-2023-1957 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0.

8.8
2023-04-08 CVE-2023-1959 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical.

8.8
2023-04-08 CVE-2023-1953 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0.

8.8
2023-04-08 CVE-2023-1954 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0.

8.8
2023-04-08 CVE-2023-1956 Oretnom23 Path Traversal vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0.

8.8
2023-04-06 CVE-2023-29008 Svelte Cross-Site Request Forgery (CSRF) vulnerability in Svelte Sveltekit 1.15.0/1.15.1

The SvelteKit framework offers developers an option to create simple REST APIs.

8.8
2023-04-06 CVE-2022-46793 Adtribes Cross-Site Request Forgery (CSRF) vulnerability in Adtribes Product Feed PRO for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.

8.8
2023-04-06 CVE-2023-23801 Hasthemes Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Really Simple Google TAG Manager

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions.

8.8
2023-04-06 CVE-2023-29421 Bzip3 Project Out-of-bounds Write vulnerability in Bzip3 Project Bzip3

An issue was discovered in libbzip3.a in bzip3 before 1.2.3.

8.8
2023-04-05 CVE-2022-4941 Wclovers Unspecified vulnerability in Wclovers Wcfm Membership

The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions.

8.8
2023-04-05 CVE-2023-20102 Cisco Deserialization of Untrusted Data vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system.

8.8
2023-04-05 CVE-2023-1522 Genetec SQL Injection vulnerability in Genetec Security Center 5.11.2

SQL Injection in the Hardware Inventory report of Security Center 5.11.2.

8.8
2023-04-05 CVE-2022-4935 Wclovers Missing Authorization vulnerability in Wclovers Wcfm Marketplace

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions.

8.8
2023-04-05 CVE-2022-4936 Wclovers Unspecified vulnerability in Wclovers Wcfm Marketplace

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions.

8.8
2023-04-05 CVE-2022-4937 Wclovers Missing Authorization vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible

The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions.

8.8
2023-04-05 CVE-2022-4938 Wclovers Unspecified vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible

The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions.

8.8
2023-04-04 CVE-2023-29003 Svelte Cross-Site Request Forgery (CSRF) vulnerability in Svelte Sveltekit 1.15.0

SvelteKit is a web development framework.

8.8
2023-04-04 CVE-2023-1810 Google
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-04-04 CVE-2023-1811 Google
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-04-04 CVE-2023-1812 Google
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8
2023-04-04 CVE-2023-1815 Google
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-04-04 CVE-2023-1818 Google
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-04-04 CVE-2023-1820 Google
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-04-04 CVE-2020-21514 Fluentd Unspecified vulnerability in Fluentd and Fluentd-Ui

An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.

8.8
2023-04-04 CVE-2022-41633 Peepso Cross-Site Request Forgery (CSRF) vulnerability in Peepso

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.

8.8
2023-04-03 CVE-2022-43938 Hitachi Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 

8.8
2023-04-03 CVE-2022-43940 Hitachi Incorrect Authorization vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 

8.8
2023-04-03 CVE-2022-43773 Hitachi Incorrect Permission Assignment for Critical Resource vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. 

8.8
2023-04-03 CVE-2023-0820 Bestwebsoft Unspecified vulnerability in Bestwebsoft User Role

The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.

8.8
2023-04-04 CVE-2023-28840 Mobyproject Failing Open vulnerability in Mobyproject Moby

Moby is an open source container framework developed by Docker Inc.

8.7
2023-04-07 CVE-2022-33959 IBM Unspecified vulnerability in IBM Sterling Order Management 10

IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users.

8.1
2023-04-07 CVE-2023-28051 Dell Unspecified vulnerability in Dell Power Manager 3.10/3.3

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability.

7.8
2023-04-06 CVE-2023-0652 Cloudflare Link Following vulnerability in Cloudflare Warp

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.

7.8
2023-04-06 CVE-2023-25542 Dell Incorrect Default Permissions vulnerability in Dell Trusted Device Agent

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability.

7.8
2023-04-05 CVE-2023-20122 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine 3.2

Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.

7.8
2023-04-05 CVE-2023-1412 Cloudflare Link Following vulnerability in Cloudflare Warp

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer.

7.8
2023-04-04 CVE-2023-29323 Openbsd
Opensmtpd
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
7.8
2023-04-04 CVE-2023-26775 Monitorr Unrestricted Upload of File with Dangerous Type vulnerability in Monitorr 1.7.6M

File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.

7.8
2023-04-04 CVE-2023-25941 Dell Incorrect Default Permissions vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability.

7.8
2023-04-04 CVE-2023-25940 Dell Link Following vulnerability in Dell EMC Powerscale Onefs 9.5.0.0

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info.

7.8
2023-04-03 CVE-2023-1579 GNU Out-of-bounds Write vulnerability in GNU Binutils 2.39

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

7.8
2023-04-03 CVE-2023-0975 Trellix Improper Preservation of Permissions vulnerability in Trellix Agent 5.7.7/5.7.8

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed.

7.8
2023-04-09 CVE-2023-27727 F5 Out-of-bounds Read vulnerability in F5 NJS 0.7.10

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.

7.5
2023-04-09 CVE-2023-27728 F5 Out-of-bounds Read vulnerability in F5 NJS 0.7.10

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.

7.5
2023-04-09 CVE-2023-27729 F5 Unspecified vulnerability in F5 NJS 0.7.10

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.

7.5
2023-04-09 CVE-2023-27730 F5 Out-of-bounds Read vulnerability in F5 NJS 0.7.10

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.

7.5
2023-04-08 CVE-2013-10024 Exit Strategy Project Information Exposure vulnerability in Exit Strategy Project Exit Strategy 1.55

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic.

7.5
2023-04-07 CVE-2023-28707 Apache Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Drill

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.

7.5
2023-04-07 CVE-2023-28710 Apache Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Spark

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.

7.5
2023-04-07 CVE-2022-34333 IBM Weak Password Requirements vulnerability in IBM Sterling Order Management 10

IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

7.5
2023-04-06 CVE-2023-24537 Golang Integer Overflow or Wraparound vulnerability in Golang GO

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

7.5
2023-04-06 CVE-2023-24534 Golang Resource Exhaustion vulnerability in Golang GO

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service.

7.5
2023-04-06 CVE-2023-24536 Golang Allocation of Resources Without Limits or Throttling vulnerability in Golang GO

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts.

7.5
2023-04-06 CVE-2023-1802 Docker Cleartext Transmission of Sensitive Information vulnerability in Docker Desktop 4.17.0/4.17.1

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information.

7.5
2023-04-05 CVE-2023-20051 Cisco Unspecified vulnerability in Cisco Packet Data Network Gateway 21.26.0/21.27.0

A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection.

7.5
2023-04-05 CVE-2023-1858 Earnings AND Expense Tracker APP Project Unspecified vulnerability in Earnings and Expense Tracker APP Project Earnings and Expense Tracker APP 1.0

A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0.

7.5
2023-04-04 CVE-2023-27496 Envoyproxy Unspecified vulnerability in Envoyproxy Envoy

Envoy is an open source edge and service proxy designed for cloud-native applications.

7.5
2023-04-03 CVE-2023-29218 Twitter Unspecified vulnerability in Twitter Recommendation Algorithm 20230331

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023.

7.5
2023-04-03 CVE-2022-36440 Frrouting
Fedoraproject
Debian
Reachable Assertion vulnerability in multiple products

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function.

7.5
2023-04-03 CVE-2023-28625 Openidc Unspecified vulnerability in Openidc MOD Auth Openidc

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality.

7.5
2023-04-05 CVE-2023-20103 Cisco Improper Input Validation vulnerability in Cisco Secure Network Analytics 2.1.1/7.4.1

A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device.

7.2
2023-04-05 CVE-2023-20117 Cisco OS Command Injection vulnerability in Cisco Rv320 Firmware and Rv325 Firmware

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.

7.2
2023-04-05 CVE-2023-20124 Cisco Command Injection vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.

7.2
2023-04-05 CVE-2023-20128 Cisco OS Command Injection vulnerability in Cisco Rv320 Firmware and Rv325 Firmware

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.

7.2
2023-04-03 CVE-2022-43769 Hitachi Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 

7.2
2023-04-03 CVE-2023-1124 Wpeasycart Unspecified vulnerability in Wpeasycart WP Easycart

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.

7.2
2023-04-07 CVE-2023-27876 IBM XXE vulnerability in IBM Tririga Application Platform 4.0

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.

7.1
2023-04-06 CVE-2023-28046 Dell Least Privilege Violation vulnerability in Dell Display Manager 2.0.0/2.1.0

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.

7.1
2023-04-05 CVE-2023-1838 Linux
Netapp
Use After Free vulnerability in multiple products

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget.

7.1
2023-04-04 CVE-2023-1750 Getnexx Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products

The listed versions of Nexx Smart Home devices lack proper access control when executing actions.

7.1

206 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-04-04 CVE-2023-28841 Mobyproject Failing Open vulnerability in Mobyproject Moby

Moby is an open source container framework developed by Docker Inc.

6.8
2023-04-04 CVE-2023-28842 Mobyproject Failing Open vulnerability in Mobyproject Moby

Moby) is an open source container framework developed by Docker Inc.

6.8
2023-04-05 CVE-2023-20121 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine and Prime Infrastructure

Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.

6.7
2023-04-05 CVE-2023-20153 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine 3.2

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.

6.7
2023-04-05 CVE-2023-20152 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine 3.2

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.

6.7
2023-04-05 CVE-2023-20022 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine 3.2

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.

6.7
2023-04-05 CVE-2023-20023 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine 3.2

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.

6.7
2023-04-05 CVE-2023-20021 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine 3.2

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.

6.7
2023-04-07 CVE-2023-1801 Tcpdump Out-of-bounds Write vulnerability in Tcpdump 4.99.3

The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.

6.5
2023-04-07 CVE-2023-1909 Phpgurukul SQL Injection vulnerability in PHPgurukul BP Monitoring Management System 1.0

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0.

6.5
2023-04-07 CVE-2022-43928 IBM Unspecified vulnerability in IBM DB2 Mirror for I 7.4/7.5

The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing.

6.5
2023-04-06 CVE-2023-29415 Bzip3 Project
Debian
An issue was discovered in libbzip3.a in bzip3 before 1.3.0.
6.5
2023-04-06 CVE-2023-29416 Bzip3 Project Out-of-bounds Write vulnerability in Bzip3 Project Bzip3

An issue was discovered in libbzip3.a in bzip3 before 1.3.0.

6.5
2023-04-06 CVE-2023-29417 Bzip3 Project Out-of-bounds Read vulnerability in Bzip3 Project Bzip3 1.2.2

An issue was discovered in libbzip3.a in bzip3 1.2.2.

6.5
2023-04-06 CVE-2023-29418 Bzip3 Project Out-of-bounds Read vulnerability in Bzip3 Project Bzip3

An issue was discovered in libbzip3.a in bzip3 before 1.2.3.

6.5
2023-04-06 CVE-2023-29419 Bzip3 Project Out-of-bounds Read vulnerability in Bzip3 Project Bzip3

An issue was discovered in libbzip3.a in bzip3 before 1.2.3.

6.5
2023-04-06 CVE-2023-29420 Bzip3 Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bzip3 Project Bzip3

An issue was discovered in libbzip3.a in bzip3 before 1.2.3.

6.5
2023-04-05 CVE-2022-4940 Wclovers Unspecified vulnerability in Wclovers Wcfm Membership

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions.

6.5
2023-04-05 CVE-2023-20127 Cisco Unspecified vulnerability in Cisco Prime Infrastructure

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

6.5
2023-04-05 CVE-2023-20129 Cisco Path Traversal vulnerability in Cisco Prime Infrastructure

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

6.5
2023-04-05 CVE-2023-20130 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

6.5
2023-04-05 CVE-2023-20134 Cisco Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Webex Meetings

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings.

6.5
2023-04-05 CVE-2023-1865 Plugin Unspecified vulnerability in Plugin Yourchannel

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3.

6.5
2023-04-05 CVE-2023-0382 M Files Resource Exhaustion vulnerability in M-Files Server

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

6.5
2023-04-04 CVE-2023-1813 Google
Fedoraproject
Debian
Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page.
6.5
2023-04-04 CVE-2023-1814 Google
Fedoraproject
Debian
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page.
6.5
2023-04-04 CVE-2023-1816 Google
Fedoraproject
Debian
Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page.
6.5
2023-04-04 CVE-2023-1817 Google
Fedoraproject
Debian
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
6.5
2023-04-04 CVE-2023-1819 Google
Fedoraproject
Debian
Out-of-bounds Read vulnerability in multiple products

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5
2023-04-04 CVE-2023-1821 Google
Fedoraproject
Debian
Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5
2023-04-04 CVE-2023-1822 Google
Fedoraproject
Debian
Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
6.5
2023-04-04 CVE-2023-1823 Google
Fedoraproject
Debian
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
6.5
2023-04-04 CVE-2023-28853 Joinmastodon LDAP Injection vulnerability in Joinmastodon Mastodon

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication.

6.5
2023-04-04 CVE-2023-27492 Envoyproxy Allocation of Resources Without Limits or Throttling vulnerability in Envoyproxy Envoy

Envoy is an open source edge and service proxy designed for cloud-native applications.

6.5
2023-04-04 CVE-2023-1749 Getnexx Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products

The listed versions of Nexx Smart Home devices lack proper access control when executing actions.

6.5
2023-04-04 CVE-2023-25942 Dell Improper Control of a Resource Through its Lifetime vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability.

6.5
2023-04-03 CVE-2023-0614 Samba Cleartext Storage of Sensitive Information vulnerability in Samba

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

6.5
2023-04-03 CVE-2022-43771 Hitachi Path Traversal vulnerability in Hitachi Vantara Pentaho Business Analytics Server

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.

6.5
2023-04-03 CVE-2022-43772 Hitachi Information Exposure Through Log Files vulnerability in Hitachi Vantara Pentaho Business Analytics Server

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 

6.5
2023-04-03 CVE-2022-43941 Hitachi XXE vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 

6.5
2023-04-03 CVE-2023-0977 Trellix Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.

6.5
2023-04-03 CVE-2023-1330 Inisev Unspecified vulnerability in Inisev Redirection

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.

6.5
2023-04-04 CVE-2023-28999 Nextcloud Missing Encryption of Sensitive Data vulnerability in Nextcloud Desktop

Nextcloud is an open-source productivity platform.

6.4
2023-04-05 CVE-2023-1855 Linux
Debian
Use After Free vulnerability in multiple products

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon).

6.3
2023-04-03 CVE-2023-1611 Fedoraproject
Linux
Use After Free vulnerability in multiple products

A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea

6.3
2023-04-03 CVE-2022-3960 Hitachi Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 

6.3
2023-04-09 CVE-2014-125095 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Contact Form 1.3.4

A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic.

6.1
2023-04-08 CVE-2023-1961 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0.

6.1
2023-04-08 CVE-2015-10098 Wpmudev Cross-site Scripting vulnerability in Wpmudev Broken Link Checker

A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress.

6.1
2023-04-08 CVE-2023-1948 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul BP Monitoring Management System 1.0

A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0.

6.1
2023-04-07 CVE-2023-1946 Survey Application System Project Cross-site Scripting vulnerability in Survey Application System Project Survey Application System 1.0

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic.

6.1
2023-04-07 CVE-2023-28781 Cimatti Cross-site Scripting vulnerability in Cimatti Wordpress Contact Forms

Unauth.

6.1
2023-04-07 CVE-2023-28789 Cimatti Cross-site Scripting vulnerability in Cimatti Wordpress Contact Forms

Unauth.

6.1
2023-04-07 CVE-2023-28792 I13Websolution Cross-site Scripting vulnerability in I13Websolution Continuous Image Carosel With Lightbox

Unauth.

6.1
2023-04-07 CVE-2023-29171 Magic Post Thumbnail Cross-site Scripting vulnerability in Magic-Post-Thumbnail Magic Post Thumbnail

Unauth.

6.1
2023-04-07 CVE-2023-29172 WP Property Hive Cross-site Scripting vulnerability in Wp-Property-Hive Propertyhive

Unauth.

6.1
2023-04-07 CVE-2023-29388 Implecode Cross-site Scripting vulnerability in Implecode Product Catalog Simple

Unauth.

6.1
2023-04-07 CVE-2023-25711 Wpglobus Cross-site Scripting vulnerability in Wpglobus Translate Options

Unauth.

6.1
2023-04-07 CVE-2023-25713 Fullworksplugins Cross-site Scripting vulnerability in Fullworksplugins Quick Paypal Payments

Unauth.

6.1
2023-04-07 CVE-2023-25020 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter

Unauth.

6.1
2023-04-07 CVE-2023-25041 Cththemes Cross-site Scripting vulnerability in Cththemes Monolit

Unauth.

6.1
2023-04-07 CVE-2023-28993 Albo Pretorio ON Line Project Cross-site Scripting vulnerability in Albo Pretorio on Line Project Albo Pretorio on Line

Unauth.  Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions.

6.1
2023-04-07 CVE-2023-29236 Cththemes Cross-site Scripting vulnerability in Cththemes Outdoor

Unauth.

6.1
2023-04-06 CVE-2014-125094 Phpminiadmin Project Cross-site Scripting vulnerability in PHPminiadmin Project PHPminiadmin 1.7.110429/1.7.111025/1.8.120510

A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510.

6.1
2023-04-06 CVE-2023-1912 Limit Login Attempts Project Unspecified vulnerability in Limit Login Attempts Project Limit Login Attempts

The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping.

6.1
2023-04-06 CVE-2023-22985 Simple Guestbook Management System Project Cross-site Scripting vulnerability in Simple Guestbook Management System Project Simple Guestbook Management System 1.0

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments.

6.1
2023-04-06 CVE-2023-23979 Fullworksplugins Cross-site Scripting vulnerability in Fullworksplugins Quick Event Manager

Unauth.

6.1
2023-04-05 CVE-2023-20137 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20138 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20139 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20140 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20141 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20142 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20143 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20144 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20145 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20146 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20147 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20148 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20149 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20150 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2023-20151 Cisco Cross-site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

6.1
2023-04-05 CVE-2013-10022 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Contact Form 3.51

A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress.

6.1
2023-04-05 CVE-2023-1860 Keysight Cross-site Scripting vulnerability in Keysight Hawkeye 3.3.16.28

A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28.

6.1
2023-04-05 CVE-2023-1851 Online Payroll System Project Cross-site Scripting vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0.

6.1
2023-04-05 CVE-2023-1852 Online Payroll System Project Cross-site Scripting vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0.

6.1
2023-04-05 CVE-2023-1853 Online Payroll System Project Cross-site Scripting vulnerability in Online Payroll System Project Online Payroll System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0.

6.1
2023-04-05 CVE-2023-1857 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic.

6.1
2023-04-04 CVE-2023-26776 Monitorr Cross-site Scripting vulnerability in Monitorr 1.7.6M

Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.

6.1
2023-04-04 CVE-2023-28998 Nextcloud Missing Required Cryptographic Step vulnerability in Nextcloud Desktop

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server.

6.1
2023-04-03 CVE-2022-4771 Hitachi Cross-site Scripting vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 

6.1
2023-04-03 CVE-2023-1377 Solidres Unspecified vulnerability in Solidres

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-04-03 CVE-2023-1766 Akbim Cross-site Scripting vulnerability in Akbim Panon

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2.

6.1
2023-04-03 CVE-2022-27665 Progress Cross-site Scripting vulnerability in Progress WS FTP Server 8.6.0

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0.

6.1
2023-04-05 CVE-2023-20030 Cisco XXE vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself.

6.0
2023-04-03 CVE-2023-0922 Samba Cleartext Transmission of Sensitive Information vulnerability in Samba

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.

5.9
2023-04-03 CVE-2023-26112 Configobj Project Unspecified vulnerability in Configobj Project Configobj

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

5.9
2023-04-07 CVE-2022-43309 Supermicro Incorrect Permission Assignment for Critical Resource vulnerability in Supermicro products

Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.

5.5
2023-04-07 CVE-2020-11935 Canonical
Debian
It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method.
5.5
2023-04-07 CVE-2022-43914 IBM Cross-site Scripting vulnerability in IBM Tririga Application Platform

IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting.

5.4
2023-04-07 CVE-2023-27620 Robogallery Cross-site Scripting vulnerability in Robogallery Robo Gallery

Auth.

5.4
2023-04-07 CVE-2023-1726 Prolizyazilim Cross-site Scripting vulnerability in Prolizyazilim Student Affairs Information System

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01.

5.4
2023-04-07 CVE-2023-23885 Fullworksplugins Cross-site Scripting vulnerability in Fullworksplugins Quick Contact Form

Auth.

5.4
2023-04-07 CVE-2023-25061 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter

Auth.

5.4
2023-04-06 CVE-2023-23891 Oceanwp Cross-site Scripting vulnerability in Oceanwp Ocean Extra

Auth.

5.4
2023-04-06 CVE-2023-24374 Material Design Icons FOR Page Builders Project Cross-site Scripting vulnerability in Material Design Icons for Page Builders Project Material Design Icons for Page Builders

Auth.

5.4
2023-04-06 CVE-2023-24378 Codeat Cross-site Scripting vulnerability in Codeat Glossary

Auth.

5.4
2023-04-06 CVE-2023-23898 Creativethemes Cross-site Scripting vulnerability in Creativethemes Blocksy Companion

Auth.

5.4
2023-04-06 CVE-2023-24411 Bnecreative Cross-site Scripting vulnerability in Bnecreative BNE Testimonials

Auth.

5.4
2023-04-06 CVE-2023-24003 Timersys Cross-site Scripting vulnerability in Timersys WP Popups

Auth.

5.4
2023-04-06 CVE-2023-23815 Multi Column TAG MAP Project Cross-site Scripting vulnerability in Multi-Column TAG MAP Project Multi-Column TAG MAP

Auth.

5.4
2023-04-05 CVE-2023-20096 Cisco Cross-site Scripting vulnerability in Cisco Unified Contact Center Express

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack.

5.4
2023-04-05 CVE-2023-20131 Cisco Cross-site Scripting vulnerability in Cisco Prime Infrastructure

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

5.4
2023-04-05 CVE-2023-20132 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings.

5.4
2023-04-05 CVE-2023-1885 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

5.4
2023-04-05 CVE-2023-1756 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

5.4
2023-04-05 CVE-2023-26536 Followmedarling Cross-site Scripting vulnerability in Followmedarling Spotify-Play-Button-For-Wordpress

Auth.

5.4
2023-04-05 CVE-2023-28069 Dell Open Redirect vulnerability in Dell Streaming Data Platform

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability.

5.4
2023-04-04 CVE-2023-23977 Heateor Cross-site Scripting vulnerability in Heateor Social Comments

Auth.

5.4
2023-04-04 CVE-2023-23685 Radiustheme Cross-site Scripting vulnerability in Radiustheme Portfolio

Auth.

5.4
2023-04-04 CVE-2023-23686 Simple Staff List Project Cross-site Scripting vulnerability in Simple Staff List Project Simple Staff List

Auth.

5.4
2023-04-04 CVE-2023-23878 Flippercode Cross-site Scripting vulnerability in Flippercode WP Google MAP

Auth.

5.4
2023-04-03 CVE-2023-24724 SAS Cross-site Scripting vulnerability in SAS web Administration Interface 9.4

A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields.

5.4
2023-04-03 CVE-2023-0399 Image Over Image FOR Wpbakery Page Builder Project Unspecified vulnerability in Image Over Image for Wpbakery Page Builder Project Image Over Image for Wpbakery Page Builder

The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-04-05 CVE-2023-0842 Xml2Js Project Unspecified vulnerability in Xml2Js Project Xml2Js 0.4.23

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object.

5.3
2023-04-05 CVE-2023-1868 Plugin Unspecified vulnerability in Plugin Yourchannel

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3.

5.3
2023-04-04 CVE-2023-1751 Getnexx Unspecified vulnerability in Getnexx products

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate.

5.3
2023-04-03 CVE-2023-26916 Cesnet
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.

5.3
2023-04-07 CVE-2023-27801 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm.

4.9
2023-04-07 CVE-2023-27802 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm.

4.9
2023-04-07 CVE-2023-27803 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm.

4.9
2023-04-07 CVE-2023-27804 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm.

4.9
2023-04-07 CVE-2023-27805 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm.

4.9
2023-04-07 CVE-2023-27806 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm.

4.9
2023-04-07 CVE-2023-27807 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm.

4.9
2023-04-07 CVE-2023-27808 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.

4.9
2023-04-07 CVE-2023-27810 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm.

4.9
2023-04-03 CVE-2023-28837 Torchbox Allocation of Resources Without Limits or Throttling vulnerability in Torchbox Wagtail

Wagtail is an open source content management system built on Django.

4.9
2023-04-07 CVE-2023-29170 Piwebsolution Cross-site Scripting vulnerability in Piwebsolution Product Enquiry for Woocommerce 2.2.7

Auth.

4.8
2023-04-07 CVE-2023-23799 Easy Panorama Project Cross-site Scripting vulnerability in Easy Panorama Project Easy Panorama

Auth.

4.8
2023-04-07 CVE-2023-25442 Zeno Font Resizer Project Cross-site Scripting vulnerability in Zeno Font Resizer Project Zeno Font Resizer

Auth.

4.8
2023-04-07 CVE-2023-25464 Streamweasels Cross-site Scripting vulnerability in Streamweasels Twitch Player 2.0.9/2.1.0

Auth.

4.8
2023-04-07 CVE-2023-25702 Fullworksplugins Cross-site Scripting vulnerability in Fullworksplugins Quick Paypal Payments

Auth.

4.8
2023-04-07 CVE-2023-25705 Goprayer Cross-site Scripting vulnerability in Goprayer WP Prayer

Auth.

4.8
2023-04-07 CVE-2023-25712 WP Buddy Cross-site Scripting vulnerability in Wp-Buddy Google Analytics Opt-Out

Auth.

4.8
2023-04-07 CVE-2023-29094 Piwebsolution Cross-site Scripting vulnerability in Piwebsolution Product Page Shipping Calculator for Woocommerce

Auth.

4.8
2023-04-07 CVE-2023-23994 Auto Hide Admin BAR Project Cross-site Scripting vulnerability in Auto Hide Admin BAR Project Auto Hide Admin BAR

Auth.

4.8
2023-04-07 CVE-2023-25031 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter

Auth.

4.8
2023-04-07 CVE-2023-25049 Implecode Cross-site Scripting vulnerability in Implecode Ecommerce Product Catalog

Auth.

4.8
2023-04-07 CVE-2023-25716 Announce From THE Dashboard Project Cross-site Scripting vulnerability in Announce From the Dashboard Project Announce From the Dashboard

Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.

4.8
2023-04-07 CVE-2023-25022 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Watu Quiz

Auth.

4.8
2023-04-07 CVE-2023-25023 Saleswonder Cross-site Scripting vulnerability in Saleswonder Webinar Ignition

Auth.

4.8
2023-04-07 CVE-2023-25024 Icegram Cross-site Scripting vulnerability in Icegram Collect

Auth.

4.8
2023-04-07 CVE-2023-25027 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Chained Quiz

Auth.

4.8
2023-04-07 CVE-2023-24398 Snapcreek Cross-site Scripting vulnerability in Snapcreek EZP Coming Soon Page 1.0.7.3

Auth.

4.8
2023-04-07 CVE-2023-25046 Podlove Cross-site Scripting vulnerability in Podlove Podcast Publisher

Auth.

4.8
2023-04-07 CVE-2023-24402 Wpbookingsystem Cross-site Scripting vulnerability in Wpbookingsystem WP Booking System

Auth.

4.8
2023-04-07 CVE-2023-25059 Avalex Cross-site Scripting vulnerability in Avalex

Auth.

4.8
2023-04-06 CVE-2023-1913 Webfactoryltd Unspecified vulnerability in Webfactoryltd Maps Widget for Google Maps

The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping.

4.8
2023-04-06 CVE-2023-24396 Vikwp Cross-site Scripting vulnerability in Vikwp Vikbooking Hotel Booking Engine & PMS

Auth.

4.8
2023-04-06 CVE-2023-25062 Pinpoint Cross-site Scripting vulnerability in Pinpoint Booking System

Auth.

4.8
2023-04-06 CVE-2023-24383 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS

Auth.

4.8
2023-04-06 CVE-2023-24387 Wpdevart Cross-site Scripting vulnerability in Wpdevart Organization Chart

Auth.

4.8
2023-04-06 CVE-2023-24403 Wpforthewin Cross-site Scripting vulnerability in Wpforthewin Bbpress Voting

Auth.

4.8
2023-04-06 CVE-2023-24002 Wpdevart Cross-site Scripting vulnerability in Wpdevart Youtube Embed, Playlist and Popup

Auth.

4.8
2023-04-06 CVE-2023-24004 Wpdevart Cross-site Scripting vulnerability in Wpdevart Download Image and Video Lightbox, Image Popup

Auth.

4.8
2023-04-06 CVE-2023-23980 Mailoptin Cross-site Scripting vulnerability in Mailoptin

Auth.

4.8
2023-04-06 CVE-2023-23996 Properfraction Cross-site Scripting vulnerability in Properfraction Profilepress

Auth.

4.8
2023-04-06 CVE-2023-23998 E4Jconnect Cross-site Scripting vulnerability in E4Jconnect Vikrentcar

Auth.

4.8
2023-04-06 CVE-2023-24001 Modal Dialog Project Cross-site Scripting vulnerability in Modal Dialog Project Modal Dialog

Auth.

4.8
2023-04-06 CVE-2023-24006 Linksoftwarellc Cross-site Scripting vulnerability in Linksoftwarellc WP Terms Popup

Auth.

4.8
2023-04-06 CVE-2023-23971 Codepeople Cross-site Scripting vulnerability in Codepeople WP Time Slots Booking Form

Auth.

4.8
2023-04-06 CVE-2023-23972 Wpdevart Cross-site Scripting vulnerability in Wpdevart Social Like BOX and Page

Auth.

4.8
2023-04-06 CVE-2023-23987 Wpeverest Cross-site Scripting vulnerability in Wpeverest User Registration

Auth.

4.8
2023-04-06 CVE-2023-23981 Quantumcloud Cross-site Scripting vulnerability in Quantumcloud Conversational Forms for Chatbot

Auth.

4.8
2023-04-06 CVE-2023-23982 Wpfrom Email Project Cross-site Scripting vulnerability in Wpfrom Email Project Wpfrom Email

Auth.

4.8
2023-04-05 CVE-2023-1869 Plugin Cross-site Scripting vulnerability in Plugin Yourchannel

The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping.

4.8
2023-04-04 CVE-2023-1840 Followmedarling Unspecified vulnerability in Followmedarling Spotify-Play-Button-For-Wordpress

The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping.

4.8
2023-04-04 CVE-2023-23870 Wpdevart Cross-site Scripting vulnerability in Wpdevart Responsive Vertical Icon Menu

Auth.

4.8
2023-04-04 CVE-2023-23821 Interactive Polish MAP Project Cross-site Scripting vulnerability in Interactive Polish MAP Project Interactive Polish MAP

Auth.

4.8
2023-04-03 CVE-2023-26529 Dupeoff Project Cross-site Scripting vulnerability in Dupeoff Project Dupeoff

Auth.

4.8
2023-04-05 CVE-2023-1582 Linux Race Condition vulnerability in Linux Kernel

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel.

4.7
2023-04-05 CVE-2023-20123 Cisco Authentication Bypass by Capture-replay vulnerability in Cisco DUO and DUO Authentication for Windows Logon and RDP

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device.

4.6
2023-04-07 CVE-2023-1937 MY Blog Project Cross-Site Request Forgery (CSRF) vulnerability in My-Blog Project My-Blog

A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog.

4.3
2023-04-06 CVE-2023-1927 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1928 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1929 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1930 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1931 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1918 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1919 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1920 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1921 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1922 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1923 Wpfastestcache Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1924 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1925 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-06 CVE-2023-1926 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2.

4.3
2023-04-05 CVE-2023-1866 Plugin Unspecified vulnerability in Plugin Yourchannel

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.

4.3
2023-04-05 CVE-2023-1867 Plugin Unspecified vulnerability in Plugin Yourchannel

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.

4.3
2023-04-05 CVE-2023-1870 Plugin Unspecified vulnerability in Plugin Yourchannel

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.

4.3
2023-04-05 CVE-2023-1871 Plugin Unspecified vulnerability in Plugin Yourchannel

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.

4.3
2023-04-04 CVE-2023-1752 Getnexx Improper Authentication vulnerability in Getnexx products

The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.

4.3
2023-04-03 CVE-2023-0225 Samba Incorrect Permission Assignment for Critical Resource vulnerability in Samba

A flaw was found in Samba.

4.3
2023-04-03 CVE-2022-4769 Hitachi Information Exposure Through an Error Message vulnerability in Hitachi Vantara Pentaho Business Analytics Server

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 

4.3
2023-04-03 CVE-2022-4770 Hitachi Information Exposure Through an Error Message vulnerability in Hitachi Vantara Pentaho Business Analytics Server

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-04-06 CVE-2022-46781 ARM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ARM products

An issue was discovered in the Arm Mali GPU Kernel Driver.

3.3
2023-04-06 CVE-2023-26083 ARM Memory Leak vulnerability in ARM products

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

3.3