Weekly Vulnerabilities Reports > May 8 to 14, 2023

Overview

846 new vulnerabilities reported during this period, including 110 critical vulnerabilities and 309 high severity vulnerabilities. This weekly summary report vulnerabilities in 1673 products from 280 vendors including Intel, Google, Apple, Microsoft, and AMD. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Out-of-bounds Read", and "Classic Buffer Overflow".

  • 533 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 278 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 416 reported vulnerabilities are exploitable by an anonymous user.
  • Intel has the most reported vulnerabilities, with 94 reported vulnerabilities.
  • Oretnom23 has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

110 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-05-08 CVE-2023-2583 Jsreport Code Injection vulnerability in Jsreport

Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.

10.0
2023-05-09 CVE-2023-27407 Siemens OS Command Injection vulnerability in Siemens Scalance Lpe9403 Firmware 2.0

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1).

9.9
2023-05-14 CVE-2023-2697 Online Exam System Project SQL Injection vulnerability in Online Exam System Project Online Exam System 1.0

A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0.

9.8
2023-05-14 CVE-2023-2698 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0.

9.8
2023-05-14 CVE-2023-2699 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0.

9.8
2023-05-14 CVE-2023-2695 Online Exam System Project SQL Injection vulnerability in Online Exam System Project Online Exam System 1.0

A vulnerability was found in SourceCodester Online Exam System 1.0.

9.8
2023-05-14 CVE-2023-2696 Online Exam System Project SQL Injection vulnerability in Online Exam System Project Online Exam System 1.0

A vulnerability was found in SourceCodester Online Exam System 1.0.

9.8
2023-05-14 CVE-2023-2694 Online Exam System Project SQL Injection vulnerability in Online Exam System Project Online Exam System 1.0

A vulnerability was found in SourceCodester Online Exam System 1.0.

9.8
2023-05-14 CVE-2023-2693 Online Exam System Project SQL Injection vulnerability in Online Exam System Project Online Exam System 1.0

A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical.

9.8
2023-05-12 CVE-2023-1096 Netapp Unspecified vulnerability in Netapp Snapcenter 4.7/4.8

SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.

9.8
2023-05-12 CVE-2023-30247 Storage Unit Rental Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Storage Unit Rental Management System Project Storage Unit Rental Management System 1.0

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.

9.8
2023-05-12 CVE-2023-32306 Anuko SQL Injection vulnerability in Anuko Time Tracker

Time Tracker is an open source time tracking system.

9.8
2023-05-12 CVE-2023-31983 Edimax Command Injection vulnerability in Edimax Br-6428Ns Firmware 1.10

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.

9.8
2023-05-12 CVE-2023-27823 Optoma Improper Authentication vulnerability in Optoma 1080Pstx C02

An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.

9.8
2023-05-12 CVE-2023-2682 Catontechnology Command Injection vulnerability in Catontechnology Caton Live 20230426

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical.

9.8
2023-05-12 CVE-2023-31985 Edimax Command Injection vulnerability in Edimax Br-6428Ns Firmware 1.10

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.

9.8
2023-05-12 CVE-2023-27238 Lavalite Unspecified vulnerability in Lavalite 9.0.0

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.

9.8
2023-05-12 CVE-2023-30246 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter.

9.8
2023-05-12 CVE-2023-2672 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0.

9.8
2023-05-12 CVE-2023-2676 H3C Stack-based Buffer Overflow vulnerability in H3C Magic R160 Firmware 100R004

A vulnerability, which was classified as critical, has been found in H3C R160 V1004004.

9.8
2023-05-12 CVE-2023-2669 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability was found in SourceCodester Lost and Found Information System 1.0.

9.8
2023-05-12 CVE-2023-32243 Wpdeveloper Improper Authentication vulnerability in Wpdeveloper Essential Addons for Elementor

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.

9.8
2023-05-12 CVE-2023-2668 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical.

9.8
2023-05-12 CVE-2023-29809 Companymaps Project SQL Injection vulnerability in Companymaps Project Companymaps 8.0

SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.

9.8
2023-05-12 CVE-2023-30330 Softexpert Unspecified vulnerability in Softexpert Excellence Suite 2.0

SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.

9.8
2023-05-12 CVE-2023-30192 Prestashop SQL Injection vulnerability in Prestashop Possearchproducts 1.7

Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().

9.8
2023-05-11 CVE-2023-24540 Golang Unspecified vulnerability in Golang GO

Not all valid JavaScript whitespace characters are considered to be whitespace.

9.8
2023-05-11 CVE-2023-2659 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0.

9.8
2023-05-11 CVE-2023-2660 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical.

9.8
2023-05-11 CVE-2023-2661 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical.

9.8
2023-05-11 CVE-2022-47129 Phpok Unspecified vulnerability in PHPok 6.3

PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.

9.8
2023-05-11 CVE-2023-2658 Oretnom23 SQL Injection vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0.

9.8
2023-05-11 CVE-2023-0851 Canon Out-of-bounds Write vulnerability in Canon products

Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.

9.8
2023-05-11 CVE-2023-0852 Canon Out-of-bounds Write vulnerability in Canon products

Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.

9.8
2023-05-11 CVE-2023-0853 Canon Out-of-bounds Write vulnerability in Canon products

Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.

9.8
2023-05-11 CVE-2023-0854 Canon Out-of-bounds Write vulnerability in Canon products

Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.

9.8
2023-05-11 CVE-2023-0855 Canon Out-of-bounds Write vulnerability in Canon products

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.

9.8
2023-05-11 CVE-2023-0856 Canon Out-of-bounds Write vulnerability in Canon products

Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.

9.8
2023-05-11 CVE-2023-29863 Medisys SQL Injection vulnerability in Medisys Weblab 19.4.03

Medical Systems Co.

9.8
2023-05-11 CVE-2023-2656 Oretnom23 SQL Injection vulnerability in Oretnom23 AC Repair and Services System 1.0

A vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0.

9.8
2023-05-11 CVE-2023-31475 GL Inet Classic Buffer Overflow vulnerability in Gl-Inet products

An issue was discovered on GL.iNet devices before 3.216.

9.8
2023-05-11 CVE-2023-31498 Phpgurukul Session Fixation vulnerability in PHPgurukul Hospital Management System 4.0

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.

9.8
2023-05-11 CVE-2023-2652 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0.

9.8
2023-05-11 CVE-2023-2653 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0.

9.8
2023-05-11 CVE-2023-2648 Weaver Unrestricted Upload of File with Dangerous Type vulnerability in Weaver E-Office 9.5

A vulnerability was found in Weaver E-Office 9.5.

9.8
2023-05-11 CVE-2023-2643 File Tracker Manager System Project SQL Injection vulnerability in File Tracker Manager System Project File Tracker Manager System 1.0

A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0.

9.8
2023-05-11 CVE-2023-2645 USR Use of Hard-coded Password vulnerability in USR Usr-G806 Firmware 1.0.41

A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41.

9.8
2023-05-11 CVE-2023-2641 Online Internship Management System Project SQL Injection vulnerability in Online Internship Management System Project Online Internship Management System 1.0

A vulnerability was found in SourceCodester Online Internship Management System 1.0.

9.8
2023-05-11 CVE-2023-2642 Online Exam System Project SQL Injection vulnerability in Online Exam System Project Online Exam System 1.0

A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0.

9.8
2023-05-10 CVE-2022-29841 Westerndigital OS Command Injection vulnerability in Westerndigital MY Cloud OS

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data.

9.8
2023-05-10 CVE-2022-29842 Westerndigital Command Injection vulnerability in Westerndigital MY Cloud OS

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.

9.8
2023-05-10 CVE-2023-30194 Prestashop SQL Injection vulnerability in Prestashop Poststaticfooter

Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().

9.8
2023-05-10 CVE-2022-36937 Facebook Unspecified vulnerability in Facebook Hhvm

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension.

9.8
2023-05-10 CVE-2023-30352 Tenda Use of Hard-coded Credentials vulnerability in Tenda CP3 Firmware 11.10.00.2211041355

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.

9.8
2023-05-10 CVE-2023-30353 Tenda Command Injection vulnerability in Tenda CP3 Firmware 11.10.00.2211041355

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document.

9.8
2023-05-10 CVE-2023-30354 Tenda Cleartext Transmission of Sensitive Information vulnerability in Tenda CP3 Firmware 11.10.00.2211041355

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access.

9.8
2023-05-10 CVE-2023-31471 GL Inet Unspecified vulnerability in Gl-Inet products

An issue was discovered on GL.iNet devices before 3.216.

9.8
2023-05-10 CVE-2023-2619 Online Tours Travels Management System Project SQL Injection vulnerability in Online Tours & Travels Management System Project Online Tours & Travels Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0.

9.8
2023-05-10 CVE-2023-32569 Veritas SQL Injection vulnerability in Veritas Infoscale Operations Manager

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410.

9.8
2023-05-09 CVE-2023-28316 Rocket Chat Session Fixation vulnerability in Rocket.Chat

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA.

9.8
2023-05-09 CVE-2021-46760 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.

9.8
2023-05-09 CVE-2021-26379 AMD Unspecified vulnerability in AMD products

Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.

9.8
2023-05-09 CVE-2023-20520 AMD Out-of-bounds Write vulnerability in AMD products

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.

9.8
2023-05-09 CVE-2023-24941 Microsoft Unspecified vulnerability in Microsoft products

Windows Network File System Remote Code Execution Vulnerability

9.8
2023-05-09 CVE-2023-24943 Microsoft Unspecified vulnerability in Microsoft products

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

9.8
2023-05-09 CVE-2023-31143 Mage Missing Authentication for Critical Function vulnerability in Mage Mage-Ai

mage-ai is an open-source data pipeline tool for transforming and integrating data.

9.8
2023-05-09 CVE-2023-29460 Rockwellautomation Out-of-bounds Read vulnerability in Rockwellautomation Arena Simulation 16.00.00/16.20.00

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.

9.8
2023-05-09 CVE-2023-29461 Rockwellautomation Out-of-bounds Read vulnerability in Rockwellautomation Arena Simulation 16.00.00/16.20.00

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap.

9.8
2023-05-09 CVE-2023-2594 Food Ordering Management System Project SQL Injection vulnerability in Food Ordering Management System Project Food Ordering Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0.

9.8
2023-05-09 CVE-2023-2595 Billing Management System Project SQL Injection vulnerability in Billing Management System Project Billing Management System 1.0

A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical.

9.8
2023-05-09 CVE-2023-2596 Online Reviewer System Project SQL Injection vulnerability in Online Reviewer System Project Online Reviewer System 1.0

A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical.

9.8
2023-05-08 CVE-2023-24507 Agilepoint Unrestricted Upload of File with Dangerous Type vulnerability in Agilepoint NX 8.0

AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request.

9.8
2023-05-08 CVE-2023-31129 Contiki NG NULL Pointer Dereference vulnerability in Contiki-Ng

The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations.

9.8
2023-05-08 CVE-2023-31182 Easytor Authorization Bypass Through User-Controlled Key vulnerability in Easytor

EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.

9.8
2023-05-08 CVE-2023-23526 Apple Unspecified vulnerability in Apple Iphone OS

This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder.

9.8
2023-05-08 CVE-2023-27953 Apple Out-of-bounds Write vulnerability in Apple Macos

The issue was addressed with improved memory handling.

9.8
2023-05-08 CVE-2023-28201 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved state management.

9.8
2023-05-08 CVE-2023-22779 HP Classic Buffer Overflow vulnerability in HP Instantos

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-05-08 CVE-2023-22780 HP Classic Buffer Overflow vulnerability in HP Instantos

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-05-08 CVE-2023-22781 HP Classic Buffer Overflow vulnerability in HP Instantos

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-05-08 CVE-2023-22782 HP Classic Buffer Overflow vulnerability in HP Instantos

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-05-08 CVE-2023-22783 HP Classic Buffer Overflow vulnerability in HP Instantos

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-05-08 CVE-2023-22784 HP Classic Buffer Overflow vulnerability in HP Instantos

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-05-08 CVE-2023-22785 HP Classic Buffer Overflow vulnerability in HP Instantos

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-05-08 CVE-2023-22786 HP Classic Buffer Overflow vulnerability in HP Instantos

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211).

9.8
2023-05-08 CVE-2023-29693 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware Minigrw1A0V100R006

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.

9.8
2023-05-08 CVE-2023-29696 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware Minigrw1A0V100R006

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set.

9.8
2023-05-08 CVE-2023-30092 Online Pizza Ordering System Project SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.

9.8
2023-05-08 CVE-2020-23966 Victor CMS Project SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0

SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.

9.8
2023-05-08 CVE-2022-4118 Coinmarketstats Unspecified vulnerability in Coinmarketstats Bitcoin / Altcoin Payment Gateway for Woocommerce

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users

9.8
2023-05-08 CVE-2023-1650 Quantumcloud Deserialization of Untrusted Data vulnerability in Quantumcloud AI Chatbot

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog

9.8
2023-05-08 CVE-2023-25754 Apache Unspecified vulnerability in Apache Airflow

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

9.8
2023-05-08 CVE-2023-31039 Apache Improper Input Validation vulnerability in Apache Brpc

Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1.

9.8
2023-05-08 CVE-2023-30018 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

Judging Management System v1.0 is vulnerable to SQL Injection.

9.8
2023-05-08 CVE-2023-29944 Metersphere Unspecified vulnerability in Metersphere 1.20.20Lts79D354A6

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution.

9.8
2023-05-08 CVE-2023-30185 Crmeb Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 4.4.2/4.4.4/4.6.0

CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.

9.8
2023-05-09 CVE-2023-31126 Xwiki Cross-site Scripting vulnerability in Xwiki 14.6/14.9

`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki.

9.6
2023-05-09 CVE-2023-32113 SAP Information Exposure vulnerability in SAP GUI for Windows

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file.

9.3
2023-05-11 CVE-2023-31146 Vyperlang Out-of-bounds Write vulnerability in Vyperlang Vyper

Vyper is a Pythonic smart contract language for the Ethereum virtual machine.

9.1
2023-05-11 CVE-2023-27554 IBM XXE vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

9.1
2023-05-11 CVE-2023-1834 Rockwellautomation Unspecified vulnerability in Rockwellautomation Kinetix 5500 Firmware 7.13

Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.  This could potentially allow attackers unauthorized access to the device through the open ports.

9.1
2023-05-09 CVE-2021-46754 AMD Improper Input Validation vulnerability in AMD products

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.

9.1
2023-05-09 CVE-2021-46756 AMD Improper Input Validation vulnerability in AMD products

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.

9.1
2023-05-09 CVE-2021-46753 AMD Unspecified vulnerability in AMD products

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity.

9.1
2023-05-09 CVE-2021-46762 AMD Improper Input Validation vulnerability in AMD products

Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.

9.1
2023-05-09 CVE-2023-30744 SAP Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server for Java 7.50

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.

9.1
2023-05-08 CVE-2023-31123 Effectindex Improper Authentication vulnerability in Effectindex Tripreporter

`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports.

9.1
2023-05-08 CVE-2023-31178 Agilepoint Unspecified vulnerability in Agilepoint NX 8.0

AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.

9.1
2023-05-08 CVE-2023-27958 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

9.1
2023-05-09 CVE-2023-32071 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

9.0

309 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-05-14 CVE-2023-2689 Billing Management System Project SQL Injection vulnerability in Billing Management System Project Billing Management System 1.0

A vulnerability classified as critical was found in SourceCodester Billing Management System 1.0.

8.8
2023-05-14 CVE-2023-2690 Personnel Property Equipment System Project SQL Injection vulnerability in Personnel Property Equipment System Project Personnel Property Equipment System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Personnel Property Equipment System 1.0.

8.8
2023-05-12 CVE-2023-20877 Vmware Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations

VMware Aria Operations contains a privilege escalation vulnerability.

8.8
2023-05-12 CVE-2023-32305 Aiven Unspecified vulnerability in Aiven

aiven-extras is a PostgreSQL extension.

8.8
2023-05-12 CVE-2023-2457 Google Out-of-bounds Write vulnerability in Google Chrome

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file.

8.8
2023-05-12 CVE-2023-2458 Google Use After Free vulnerability in Google Chrome

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction.

8.8
2023-05-12 CVE-2023-32073 Wwbn Command Injection vulnerability in Wwbn Avideo

WWBN AVideo is an open source video platform.

8.8
2023-05-12 CVE-2023-29657 Extplorer Unrestricted Upload of File with Dangerous Type vulnerability in Extplorer 2.1.15

eXtplorer 2.1.15 is vulnerable to Insecure Permissions.

8.8
2023-05-12 CVE-2023-30130 Craftcms Code Injection vulnerability in Craftcms Craft CMS 3.8.1

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.

8.8
2023-05-12 CVE-2023-2677 Covid 19 Contact Tracing System Project SQL Injection vulnerability in Covid-19 Contact Tracing System Project Covid-19 Contact Tracing System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0.

8.8
2023-05-12 CVE-2023-2515 Mattermost Incorrect Authorization vulnerability in Mattermost Server

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin

8.8
2023-05-12 CVE-2023-2670 Oretnom23 Unspecified vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability was found in SourceCodester Lost and Found Information System 1.0.

8.8
2023-05-12 CVE-2023-28522 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM API Connect 10.0.0.0/10.0.1.0/10.0.1.1

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to.

8.8
2023-05-12 CVE-2020-13378 Loadbalancer OS Command Injection vulnerability in Loadbalancer Enterprise VA MAX 8.3.3

Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.

8.8
2023-05-11 CVE-2023-31528 Motorola Command Injection vulnerability in Motorola Cx2L Firmware 1.0.1

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter.

8.8
2023-05-11 CVE-2023-31529 Motorola Command Injection vulnerability in Motorola Cx2L Firmware 1.0.1

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter.

8.8
2023-05-11 CVE-2023-31530 Motorola Command Injection vulnerability in Motorola Cx2L Firmware 1.0.1

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter.

8.8
2023-05-11 CVE-2023-31531 Motorola Command Injection vulnerability in Motorola Cx2L Firmware 1.0.1

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter.

8.8
2023-05-11 CVE-2023-2444 Rockwellautomation Cross-Site Request Forgery (CSRF) vulnerability in Rockwellautomation Factorytalk Vantagepoint

A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint.

8.8
2023-05-11 CVE-2021-34076 Phpok Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 5.7.140

File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.

8.8
2023-05-11 CVE-2023-2647 Weaver Command Injection vulnerability in Weaver E-Office 9.5

A vulnerability was found in Weaver E-Office 9.5 and classified as critical.

8.8
2023-05-11 CVE-2023-2649 Tenda Command Injection vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn

A vulnerability was found in Tenda AC23 16.03.07.45_cn.

8.8
2023-05-10 CVE-2023-32080 Pterodactyl Unspecified vulnerability in Pterodactyl Wings

Wings is the server control plane for Pterodactyl Panel.

8.8
2023-05-10 CVE-2023-31148 Selinc Improper Input Validation vulnerability in Selinc products

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.

8.8
2023-05-10 CVE-2023-31149 Selinc Improper Input Validation vulnerability in Selinc products

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.

8.8
2023-05-10 CVE-2023-31152 Selinc Improper Authentication vulnerability in Selinc products

An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass.

8.8
2023-05-10 CVE-2023-31161 Selinc Improper Input Validation vulnerability in Selinc products

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 for more details.

8.8
2023-05-10 CVE-2023-31566 Podofo Project Use After Free vulnerability in Podofo Project Podofo 0.10.0

Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

8.8
2023-05-10 CVE-2023-31567 Podofo Project Out-of-bounds Write vulnerability in Podofo Project Podofo 0.10.0

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

8.8
2023-05-10 CVE-2023-31568 Podofo Project Out-of-bounds Write vulnerability in Podofo Project Podofo 0.10.0

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.

8.8
2023-05-10 CVE-2023-27563 N8N Unspecified vulnerability in N8N 0.218.0

The n8n package 0.218.0 for Node.js allows Escalation of Privileges.

8.8
2023-05-10 CVE-2023-29930 Genesys Unrestricted Upload of File with Dangerous Type vulnerability in Genesys Tftp Server

An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.

8.8
2023-05-10 CVE-2022-41979 Intel Unspecified vulnerability in Intel Data Center Manager

Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

8.8
2023-05-10 CVE-2022-43507 Intel Classic Buffer Overflow vulnerability in Intel Quickassist Technology Engine

Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access.

8.8
2023-05-10 CVE-2022-44610 Intel Improper Authentication vulnerability in Intel Data Center Manager

Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

8.8
2023-05-10 CVE-2023-27298 Intel Unquoted Search Path or Element vulnerability in Intel Wake UP Latency Tracer

Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.

8.8
2023-05-10 CVE-2022-45846 Wpmart Cross-Site Request Forgery (CSRF) vulnerability in Wpmart Interactive SVG Image MAP Builder 1.0/1.1

Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin < 5.6.9 versions.

8.8
2023-05-10 CVE-2023-27889 LQD Cross-Site Request Forgery (CSRF) vulnerability in LQD Liquid Speech Balloon 1.0.5

Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.

8.8
2023-05-09 CVE-2023-25832 Esri Cross-Site Request Forgery (CSRF) vulnerability in Esri Portal for Arcgis

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.

8.8
2023-05-09 CVE-2021-46773 AMD Improper Input Validation vulnerability in AMD products

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.

8.8
2023-05-09 CVE-2021-46769 AMD Improper Input Validation vulnerability in AMD products

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution.

8.8
2023-05-09 CVE-2023-20046 Cisco Insufficiently Protected Credentials vulnerability in Cisco Staros

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials.

8.8
2023-05-09 CVE-2023-24947 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Driver Remote Code Execution Vulnerability

8.8
2023-05-09 CVE-2020-23363 Verydows Cross-Site Request Forgery (CSRF) vulnerability in Verydows

Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.

8.8
2023-05-09 CVE-2023-32069 Xwiki Incorrect Authorization vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-05-09 CVE-2023-29462 Rockwellautomation Out-of-bounds Write vulnerability in Rockwellautomation Arena Simulation 16.00.00/16.20.01

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap.

8.8
2023-05-09 CVE-2023-31976 Libming Out-of-bounds Write vulnerability in Libming 0.4.8

libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c.

8.8
2023-05-09 CVE-2023-30898 Siemens Deserialization of Untrusted Data vulnerability in Siemens Siveillance Video

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1).

8.8
2023-05-09 CVE-2023-30899 Siemens Deserialization of Untrusted Data vulnerability in Siemens Siveillance Video

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1).

8.8
2023-05-08 CVE-2023-31127 Dmtf Improper Authentication vulnerability in Dmtf Libspdm

libspdm is a sample implementation that follows the DMTF SPDM specifications.

8.8
2023-05-08 CVE-2022-32885 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved validation.

8.8
2023-05-08 CVE-2023-1031 Monicahq Unspecified vulnerability in Monicahq Monica 4.0.0

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.

8.8
2023-05-08 CVE-2023-1094 Monicahq Unspecified vulnerability in Monicahq Monica 4.0.0

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.

8.8
2023-05-08 CVE-2023-23532 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved checks.

8.8
2023-05-08 CVE-2023-27934 Apple Improper Initialization vulnerability in Apple Macos

A memory initialization issue was addressed.

8.8
2023-05-08 CVE-2023-27935 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved bounds checks.

8.8
2023-05-08 CVE-2023-30844 Mutagen Improper Encoding or Escaping of Output vulnerability in Mutagen and Mutagen Compose

Mutagen provides real-time file synchronization and flexible network forwarding for developers.

8.8
2023-05-08 CVE-2023-22788 Arubanetworks
HP
Command Injection vulnerability in multiple products

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface.

8.8
2023-05-08 CVE-2023-22789 Arubanetworks
HP
Command Injection vulnerability in multiple products

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface.

8.8
2023-05-08 CVE-2023-22790 Arubanetworks
HP
Command Injection vulnerability in multiple products

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface.

8.8
2023-05-08 CVE-2020-18131 Clanscripts Project Cross-Site Request Forgery (CSRF) vulnerability in Clanscripts Project Clanscripts 4.0

Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.

8.8
2023-05-08 CVE-2020-22755 Mingsoft Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.0

File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail.

8.8
2023-05-08 CVE-2020-36065 Flycms Project Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0

Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.

8.8
2023-05-08 CVE-2021-28999 Cmsmadesimple SQL Injection vulnerability in Cmsmadesimple CMS Made Simple

SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.

8.8
2023-05-08 CVE-2023-0603 Sloth Logo Customizer Project Unspecified vulnerability in Sloth Logo Customizer Project Sloth Logo Customizer

The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

8.8
2023-05-08 CVE-2023-0768 Avirato Unspecified vulnerability in Avirato Hotels Online Booking Engine

The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.

8.8
2023-05-08 CVE-2023-2573 Advantech Command Injection vulnerability in Advantech products

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.

8.8
2023-05-08 CVE-2023-2574 Advantech Command Injection vulnerability in Advantech products

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.

8.8
2023-05-08 CVE-2023-2575 Advantech Out-of-bounds Write vulnerability in Advantech products

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.

8.8
2023-05-08 CVE-2023-31038 Apache SQL Injection vulnerability in Apache Log4Cxx

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1.

8.8
2023-05-10 CVE-2023-22441 Seiko SOL Missing Authentication for Critical Function vulnerability in Seiko-Sol products

Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product.

8.6
2023-05-08 CVE-2022-46720 Apple Integer Overflow or Wraparound vulnerability in Apple Ipados and Iphone OS

An integer overflow was addressed with improved input validation.

8.6
2023-05-08 CVE-2023-27944 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with a new entitlement.

8.6
2023-05-08 CVE-2023-27967 Apple Unspecified vulnerability in Apple Xcode

The issue was addressed with improved memory handling.

8.6
2023-05-12 CVE-2023-23444 Sick Missing Authentication for Critical Function vulnerability in Sick products

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.

8.2
2023-05-10 CVE-2023-1732 Cloudflare Improper Handling of Exceptional Conditions vulnerability in Cloudflare Circl

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error.

8.2
2023-05-09 CVE-2021-26365 AMD Out-of-bounds Read vulnerability in AMD products

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

8.2
2023-05-12 CVE-2020-13377 Loadbalancer Path Traversal vulnerability in Loadbalancer Enterprise VA MAX 8.3.3

The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.

8.1
2023-05-12 CVE-2023-2512 Cloudflare Integer Overflow or Wraparound vulnerability in Cloudflare Workerd

Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow.

8.1
2023-05-12 CVE-2023-29032 Apache Improper Authentication vulnerability in Apache Openmeetings

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

8.1
2023-05-10 CVE-2022-36330 Westerndigital Classic Buffer Overflow vulnerability in Westerndigital products

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.

8.1
2023-05-09 CVE-2023-24903 Microsoft Race Condition vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2023-05-09 CVE-2023-28283 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

8.1
2023-05-08 CVE-2023-2534 Otrs Incorrect Authorization vulnerability in Otrs

Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage.

8.1
2023-05-12 CVE-2023-25005 Autodesk Uncontrolled Search Path Element vulnerability in Autodesk Infraworks

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.

7.8
2023-05-12 CVE-2023-25006 Autodesk Use After Free vulnerability in Autodesk 3DS MAX USD

A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.

7.8
2023-05-12 CVE-2023-25007 Autodesk Access of Uninitialized Pointer vulnerability in Autodesk 3DS MAX USD

A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.

7.8
2023-05-12 CVE-2023-25008 Autodesk Out-of-bounds Read vulnerability in Autodesk 3DS MAX USD

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.

7.8
2023-05-12 CVE-2023-25009 Autodesk Out-of-bounds Write vulnerability in Autodesk 3DS MAX USD

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.

7.8
2023-05-12 CVE-2023-25428 Soft O Uncontrolled Search Path Element vulnerability in Soft-O Free Password Manager 1.1.20

A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.

7.8
2023-05-12 CVE-2023-29242 Intel Unspecified vulnerability in Intel products

Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-12 CVE-2023-31197 Intel Uncontrolled Search Path Element vulnerability in Intel Trace Analyzer and Collector 2017/2020

Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-11 CVE-2023-29273 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-05-11 CVE-2023-29274 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-05-11 CVE-2023-29275 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-05-11 CVE-2023-29276 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-05-11 CVE-2023-29278 Adobe Access of Uninitialized Pointer vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-05-11 CVE-2023-29280 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-05-11 CVE-2023-29281 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2023-05-11 CVE-2023-29282 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-05-11 CVE-2023-29283 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-05-11 CVE-2023-29284 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-05-11 CVE-2023-29285 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-05-11 CVE-2023-31497 Seqrite Unspecified vulnerability in Seqrite END Point Security 7.4

Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system.

7.8
2023-05-11 CVE-2023-2644 Digitalpersona Fpsensor Project Unquoted Search Path or Element vulnerability in Digitalpersona Fpsensor Project Digitalpersona Fpsensor 1.0.0.1

A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1.

7.8
2023-05-10 CVE-2023-2629 Pimcore Improper Neutralization of Formula Elements in a CSV File vulnerability in Pimcore Customer Management Framework

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.

7.8
2023-05-10 CVE-2023-31906 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0.0

Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.

7.8
2023-05-10 CVE-2023-31907 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0.0

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.

7.8
2023-05-10 CVE-2023-31908 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.

7.8
2023-05-10 CVE-2023-31910 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.

7.8
2023-05-10 CVE-2022-21804 Intel Out-of-bounds Write vulnerability in Intel Quickassist Technology 1.6/1.9.0/1.9.00008

Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-27180 Intel Uncontrolled Search Path Element vulnerability in Intel Maccpuid

Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-29508 Intel NULL Pointer Dereference vulnerability in Intel Virtual Raid on CPU

Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-29919 Intel Use After Free vulnerability in Intel Virtual Raid on CPU

Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-30338 Intel Incorrect Default Permissions vulnerability in Intel Virtual Raid on CPU

Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-32576 Intel Uncontrolled Search Path Element vulnerability in Intel Unite

Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-32578 Intel Unspecified vulnerability in Intel NUC PRO Software Suite

Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-32766 Intel Unspecified vulnerability in Intel Compute Stick Stk2Mv64Cc Firmware

Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-33894 Intel Unspecified vulnerability in Intel products

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-33963 Intel Incorrect Default Permissions vulnerability in Intel Unite

Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-34147 Intel Unspecified vulnerability in Intel products

Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-34848 Intel Unquoted Search Path or Element vulnerability in Intel NUC PRO Software Suite

Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-34855 Intel Path Traversal vulnerability in Intel NUC PRO Software Suite

Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-36339 Intel Unspecified vulnerability in Intel products

Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-36391 Intel Incorrect Default Permissions vulnerability in Intel NUC PRO Software Suite

Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-38101 Intel Unquoted Search Path or Element vulnerability in Intel Iflashv

Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-38103 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC Software Studio Service

Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access

7.8
2023-05-10 CVE-2022-38787 Intel Unspecified vulnerability in Intel products

Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-40207 Intel Unspecified vulnerability in Intel System Usage Report

Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-40210 Intel Exposure of Resource to Wrong Sphere vulnerability in Intel Data Center Manager

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-40971 Intel Incorrect Default Permissions vulnerability in Intel NUC Hdmi Firmware Update Tool 1.78.2.0.7

Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-40972 Intel Unspecified vulnerability in Intel Quickassist Technology 1.6

Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41628 Intel Uncontrolled Search Path Element vulnerability in Intel NUC P14E Laptop Element 1.0.0.156

Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41658 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Vtune Profiler

Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41687 Intel Incorrect Default Permissions vulnerability in Intel NUC P14E Laptop Element 1.0.0.156

Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41690 Intel Unspecified vulnerability in Intel Retail Edge Program

Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41693 Intel Unquoted Search Path or Element vulnerability in Intel Quartus Prime

Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41699 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Quickassist Technology 1.6

Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41769 Intel Unspecified vulnerability in Intel Connect M 1.7.4

Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41784 Intel Unspecified vulnerability in Intel ONE Boot Flash Update

Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access

7.8
2023-05-10 CVE-2022-41982 Intel Uncontrolled Search Path Element vulnerability in Intel Vtune Profiler

Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-41998 Intel Uncontrolled Search Path Element vulnerability in Intel Data Center Manager

Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-43474 Intel Unquoted Search Path or Element vulnerability in Intel DSP Builder

Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-43475 Intel Insecure Storage of Sensitive Information vulnerability in Intel Data Center Manager

Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-44619 Intel Insecure Storage of Sensitive Information vulnerability in Intel Data Center Manager

Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2022-46656 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC PRO Software Suite

Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-22297 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-22312 Intel Unspecified vulnerability in Intel products

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-22355 Intel Uncontrolled Search Path Element vulnerability in Intel products

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-22440 Intel Incorrect Default Permissions vulnerability in Intel Setup and Configuration Software

Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-22661 Intel Classic Buffer Overflow vulnerability in Intel products

Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-23569 Intel Out-of-bounds Write vulnerability in Intel Oneapi HPC Toolkit and Trace Analyzer and Collector

Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-23580 Intel Out-of-bounds Write vulnerability in Intel Oneapi HPC Toolkit and Trace Analyzer and Collector

Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-23910 Intel Out-of-bounds Write vulnerability in Intel Oneapi HPC Toolkit and Trace Analyzer and Collector

Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-27382 Intel Incorrect Default Permissions vulnerability in Intel NUC P14E Laptop Element

Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-28410 Intel Out-of-bounds Write vulnerability in Intel I915 Graphics

Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-05-10 CVE-2023-27385 Omron Out-of-bounds Write vulnerability in Omron Cx-Drive 3.00/3.01

Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions.

7.8
2023-05-09 CVE-2023-2610 VIM Integer Overflow or Wraparound vulnerability in VIM

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.

7.8
2023-05-09 CVE-2023-24902 Microsoft Unspecified vulnerability in Microsoft Windows 11 21H2 and Windows 11 22H2

Win32k Elevation of Privilege Vulnerability

7.8
2023-05-09 CVE-2023-24905 Microsoft Unspecified vulnerability in Microsoft products

Remote Desktop Client Remote Code Execution Vulnerability

7.8
2023-05-09 CVE-2023-24946 Microsoft Unspecified vulnerability in Microsoft products

Windows Backup Service Elevation of Privilege Vulnerability

7.8
2023-05-09 CVE-2023-24949 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-05-09 CVE-2023-24953 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2023-05-09 CVE-2023-29336 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2023-05-09 CVE-2023-29340 Microsoft Unspecified vulnerability in Microsoft AV1 Video Extension 1.1.32442.0

AV1 Video Extension Remote Code Execution Vulnerability

7.8
2023-05-09 CVE-2023-29341 Microsoft Unspecified vulnerability in Microsoft AV1 Video Extension 1.1.32442.0

AV1 Video Extension Remote Code Execution Vulnerability

7.8
2023-05-09 CVE-2023-29343 Microsoft Unspecified vulnerability in Microsoft Windows Sysmon

SysInternals Sysmon for Windows Elevation of Privilege Vulnerability

7.8
2023-05-09 CVE-2021-31240 Libming Memory Leak vulnerability in Libming 0.4.8

An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file.

7.8
2023-05-09 CVE-2023-31979 Catdoc Project Classic Buffer Overflow vulnerability in Catdoc Project Catdoc 0.95

Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.

7.8
2023-05-09 CVE-2023-31981 Irontec Out-of-bounds Write vulnerability in Irontec Sngrep 1.6.0

Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c.

7.8
2023-05-09 CVE-2023-31982 Irontec Out-of-bounds Write vulnerability in Irontec Sngrep 1.6.0

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c.

7.8
2023-05-09 CVE-2023-30237 Cyberghostvpn Uncontrolled Search Path Element vulnerability in Cyberghostvpn Cyberghost 6.5.0.3180

CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe.

7.8
2023-05-09 CVE-2022-44433 Google Missing Authorization vulnerability in Google Android 10.0

In phoneEx service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48243 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48244 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48245 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48246 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48247 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48248 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48249 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48250 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48368 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48369 Google Missing Authorization vulnerability in Google Android

In audio service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48383 Google Missing Authorization vulnerability in Google Android

.In srtd service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48384 Google Missing Authorization vulnerability in Google Android

In srtd service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2022-48388 Google Missing Authorization vulnerability in Google Android

In powerEx service, there is a possible missing permission check.

7.8
2023-05-09 CVE-2023-29092 Samsung Improper Handling of Exceptional Conditions vulnerability in Samsung products

An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080.

7.8
2023-05-08 CVE-2023-23525 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved checks.

7.8
2023-05-08 CVE-2023-23536 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved bounds checks.

7.8
2023-05-08 CVE-2023-23540 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

7.8
2023-05-08 CVE-2023-27936 Apple Out-of-bounds Write vulnerability in Apple Macos

An out-of-bounds write issue was addressed with improved input validation.

7.8
2023-05-08 CVE-2023-27937 Apple Integer Overflow or Wraparound vulnerability in Apple products

An integer overflow was addressed with improved input validation.

7.8
2023-05-08 CVE-2023-27938 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds read issue was addressed with improved input validation.

7.8
2023-05-08 CVE-2023-27946 Apple Out-of-bounds Read vulnerability in Apple Iphone OS and Macos

An out-of-bounds read was addressed with improved bounds checking.

7.8
2023-05-08 CVE-2023-27949 Apple Out-of-bounds Read vulnerability in Apple Iphone OS and Macos

An out-of-bounds read was addressed with improved input validation.

7.8
2023-05-08 CVE-2023-27957 Apple Classic Buffer Overflow vulnerability in Apple Macos 13.0/13.0.1/13.1

A buffer overflow issue was addressed with improved memory handling.

7.8
2023-05-08 CVE-2023-27959 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed with improved memory handling.

7.8
2023-05-08 CVE-2023-27960 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed by removing the vulnerable code.

7.8
2023-05-08 CVE-2023-27965 Apple Out-of-bounds Write vulnerability in Apple Macos and Studio Display Firmware

A memory corruption issue was addressed with improved state management.

7.8
2023-05-08 CVE-2023-27969 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

7.8
2023-05-08 CVE-2023-27970 Apple Out-of-bounds Write vulnerability in Apple Iphone OS

An out-of-bounds write issue was addressed with improved bounds checking.

7.8
2023-05-08 CVE-2023-28181 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2023-05-08 CVE-2023-32233 Linux
Redhat
Netapp
Use After Free vulnerability in multiple products

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory.

7.8
2023-05-08 CVE-2023-30840 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Fluid

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications.

7.8
2023-05-08 CVE-2021-27280 Mblog Project Unrestricted Upload of File with Dangerous Type vulnerability in Mblog Project Mblog 3.5.0

OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.

7.8
2023-05-08 CVE-2023-30257 Fiio Classic Buffer Overflow vulnerability in Fiio M6 Firmware 1.0.4

A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.

7.8
2023-05-09 CVE-2023-29104 Siemens Path Traversal vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1).

7.6
2023-05-09 CVE-2023-30740 SAP Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.

7.6
2023-05-12 CVE-2023-25927 IBM Unspecified vulnerability in IBM Security Verify Access

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system.

7.5
2023-05-12 CVE-2022-47879 Jedox Unspecified vulnerability in Jedox and Jedox Cloud

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods.

7.5
2023-05-12 CVE-2023-1934 SDG SQL Injection vulnerability in SDG Pnpscada 2.200816204020

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability.

7.5
2023-05-12 CVE-2023-31922 Quickjs Project Out-of-bounds Write vulnerability in Quickjs Project Quickjs 20220306

QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.

7.5
2023-05-12 CVE-2023-2514 Mattermost Information Exposure Through Log Files vulnerability in Mattermost

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. 

7.5
2023-05-12 CVE-2023-29790 Kodcloud Unspecified vulnerability in Kodcloud Kodbox

kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.

7.5
2023-05-12 CVE-2023-2665 Rosariosis Insecure Storage of Sensitive Information vulnerability in Rosariosis

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.

7.5
2023-05-12 CVE-2023-2666 Froxlor Allocation of Resources Without Limits or Throttling vulnerability in Froxlor

Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.

7.5
2023-05-11 CVE-2023-28356 Rocket Chat Resource Exhaustion vulnerability in Rocket.Chat

A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive.

7.5
2023-05-11 CVE-2023-32059 Vyperlang Unspecified vulnerability in Vyperlang Vyper

Vyper is a Pythonic smart contract language for the Ethereum virtual machine.

7.5
2023-05-11 CVE-2023-32058 Vyperlang Integer Overflow or Wraparound vulnerability in Vyperlang Vyper

Vyper is a Pythonic smart contract language for the Ethereum virtual machine.

7.5
2023-05-11 CVE-2023-27870 IBM Information Exposure vulnerability in IBM Spectrum Virtualize 8.5

IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress.

7.5
2023-05-11 CVE-2023-2443 Rockwellautomation Inadequate Encryption Strength vulnerability in Rockwellautomation Thinmanager

Rockwell Automation ThinManager product allows the use of medium strength ciphers.

7.5
2023-05-11 CVE-2023-0857 Canon Unspecified vulnerability in Canon products

Unintentional change of settings during initial registration of system administrators which uses control protocols.

7.5
2023-05-11 CVE-2023-30172 Lfprojects Path Traversal vulnerability in Lfprojects Mlflow

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.

7.5
2023-05-11 CVE-2023-31442 Lightbend Unspecified vulnerability in Lightbend Akka Actor and Akka Discovery

In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker.

7.5
2023-05-11 CVE-2023-31477 GL Inet Path Traversal vulnerability in Gl-Inet products

A path traversal issue was discovered on GL.iNet devices before 3.216.

7.5
2023-05-10 CVE-2021-45345 Webcamserver Project Classic Buffer Overflow vulnerability in Webcamserver Project Webcamserver

Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file.

7.5
2023-05-10 CVE-2022-36329 Westerndigital Unspecified vulnerability in Westerndigital products

An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.

7.5
2023-05-10 CVE-2022-41985 Weston Embedded Improper Authentication vulnerability in Weston-Embedded Uc-Ftps 1.98.00

An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00.

7.5
2023-05-10 CVE-2022-46377 Weston Embedded Out-of-bounds Read vulnerability in Weston-Embedded Uc-Ftps 1.98.00

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00.

7.5
2023-05-10 CVE-2022-46378 Weston Embedded Out-of-bounds Read vulnerability in Weston-Embedded Uc-Ftps 1.98.00

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00.

7.5
2023-05-10 CVE-2023-30351 Tenda Inadequate Encryption Strength vulnerability in Tenda CP3 Firmware 11.10.00.2211041355

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption.

7.5
2023-05-10 CVE-2023-30356 Tenda Improper Validation of Integrity Check Value vulnerability in Tenda CP3 Firmware 11.10.00.2211041355

Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware

7.5
2023-05-10 CVE-2023-27564 N8N Exposure of Resource to Wrong Sphere vulnerability in N8N 0.218.0

The n8n package 0.218.0 for Node.js allows Information Disclosure.

7.5
2023-05-10 CVE-2023-25568 Protocol Allocation of Resources Without Limits or Throttling vulnerability in Protocol Boxo 0.4.0/0.5.0

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations.

7.5
2023-05-10 CVE-2023-23578 Seiko SOL Unspecified vulnerability in Seiko-Sol Skybridge Mb-A200 Firmware 01.00.04

Improper access control vulnerability in SkyBridge MB-A200 firmware Ver.

7.5
2023-05-10 CVE-2023-23906 Seiko SOL Missing Authentication for Critical Function vulnerability in Seiko-Sol products

Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver.

7.5
2023-05-10 CVE-2023-25072 Seiko SOL Weak Password Requirements vulnerability in Seiko-Sol products

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver.

7.5
2023-05-10 CVE-2023-25184 Seiko SOL Weak Password Requirements vulnerability in Seiko-Sol products

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.

7.5
2023-05-10 CVE-2023-27510 Jubei Unspecified vulnerability in Jubei JB Inquiry Form

JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product.

7.5
2023-05-10 CVE-2023-27527 Touki Kyoutaku Online XXE vulnerability in Touki-Kyoutaku-Online Shinseiyo Sogo Soft

Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE).

7.5
2023-05-10 CVE-2023-2617 Opencv NULL Pointer Dereference vulnerability in Opencv

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0.

7.5
2023-05-10 CVE-2023-2618 Opencv Memory Leak vulnerability in Opencv

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0.

7.5
2023-05-09 CVE-2023-31478 GL Inet Unspecified vulnerability in Gl-Inet products

An issue was discovered on GL.iNet devices before 3.216.

7.5
2023-05-09 CVE-2023-28127 Ivanti Path Traversal vulnerability in Ivanti Avalanche

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

7.5
2023-05-09 CVE-2023-2156 Linux
Redhat
Fedoraproject
Debian
Reachable Assertion vulnerability in multiple products

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol.

7.5
2023-05-09 CVE-2023-30056 Fico Session Fixation vulnerability in Fico Origination Manager Decision 4.8.1

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.

7.5
2023-05-09 CVE-2021-46755 AMD Unspecified vulnerability in AMD products

Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.

7.5
2023-05-09 CVE-2021-46765 AMD Out-of-bounds Read vulnerability in AMD products

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.

7.5
2023-05-09 CVE-2021-46794 AMD Out-of-bounds Read vulnerability in AMD products

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

7.5
2023-05-09 CVE-2021-26406 AMD Unspecified vulnerability in AMD products

Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.

7.5
2023-05-09 CVE-2021-46749 AMD Out-of-bounds Read vulnerability in AMD products

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

7.5
2023-05-09 CVE-2021-46763 AMD Out-of-bounds Write vulnerability in AMD products

Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.

7.5
2023-05-09 CVE-2021-46764 AMD Out-of-bounds Write vulnerability in AMD products

Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.

7.5
2023-05-09 CVE-2022-23818 AMD Improper Input Validation vulnerability in AMD products

Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity.

7.5
2023-05-09 CVE-2023-20524 AMD Out-of-bounds Write vulnerability in AMD products

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.

7.5
2023-05-09 CVE-2023-24898 Microsoft Unspecified vulnerability in Microsoft Windows Server 2022 10.0.20348.1547

Windows SMB Denial of Service Vulnerability

7.5
2023-05-09 CVE-2023-24901 Microsoft Unspecified vulnerability in Microsoft products

Windows NFS Portmapper Information Disclosure Vulnerability

7.5
2023-05-09 CVE-2023-24939 Microsoft Unspecified vulnerability in Microsoft products

Server for NFS Denial of Service Vulnerability

7.5
2023-05-09 CVE-2023-24940 Microsoft Unspecified vulnerability in Microsoft products

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

7.5
2023-05-09 CVE-2023-24942 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Denial of Service Vulnerability

7.5
2023-05-09 CVE-2023-29325 Microsoft Unspecified vulnerability in Microsoft products

Windows OLE Remote Code Execution Vulnerability

7.5
2023-05-09 CVE-2023-29335 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Word Security Feature Bypass Vulnerability

7.5
2023-05-09 CVE-2023-31472 GL Inet Allocation of Resources Without Limits or Throttling vulnerability in Gl-Inet products

An issue was discovered on GL.iNet devices before 3.216.

7.5
2023-05-09 CVE-2023-31474 GL Inet Unspecified vulnerability in Gl-Inet products

An issue was discovered on GL.iNet devices before 3.216.

7.5
2023-05-09 CVE-2023-31476 GL Inet Command Injection vulnerability in Gl-Inet Gl-Mv1000 Firmware and Gl-Mv1000W Firmware

An issue was discovered on GL.iNet devices running firmware before 3.216.

7.5
2023-05-09 CVE-2023-31490 Frrouting
Debian
Fedoraproject
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.
7.5
2023-05-09 CVE-2023-31139 Dhis2 Insufficient Session Expiration vulnerability in Dhis2 Dhis 2

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture.

7.5
2023-05-09 CVE-2023-31137 Maradns
Fedoraproject
Debian
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

MaraDNS is open-source software that implements the Domain Name System (DNS).

7.5
2023-05-09 CVE-2023-29105 Siemens Missing Standardized Error Handling Mechanism vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1).

7.5
2023-05-09 CVE-2023-29106 Siemens Information Exposure vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1).

7.5
2023-05-09 CVE-2021-44283 Shieldstore Project Classic Buffer Overflow vulnerability in Shieldstore Project Shieldstore

A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted operating system.

7.5
2023-05-09 CVE-2021-31239 Sqlite Out-of-bounds Read vulnerability in Sqlite 3.35.4

An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

7.5
2023-05-09 CVE-2023-32111 SAP Out-of-bounds Write vulnerability in SAP Powerdesigner Proxy 16.7

In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption.

7.5
2023-05-08 CVE-2023-24505 Milesight Unspecified vulnerability in Milesight Ncr/Camera Firmware 71.8.0.6R5

Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request.

7.5
2023-05-08 CVE-2023-24506 Milesight Insufficiently Protected Credentials vulnerability in Milesight Ncr/Camera Firmware 71.8.0.6R5

Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.

7.5
2023-05-08 CVE-2023-31133 Ghost Unspecified vulnerability in Ghost

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members.

7.5
2023-05-08 CVE-2023-31179 Agilepoint Path Traversal vulnerability in Agilepoint NX 8.0

AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.

7.5
2023-05-08 CVE-2023-31181 Wjjsoft Path Traversal vulnerability in Wjjsoft Innokb 2.2.1

WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal

7.5
2023-05-08 CVE-2023-27963 Apple Unspecified vulnerability in Apple products

The issue was addressed with additional permissions checks.

7.5
2023-05-08 CVE-2023-30855 Pimcore Path Traversal vulnerability in Pimcore

Pimcore is an open source data and experience management platform.

7.5
2023-05-08 CVE-2023-30837 Vyperlang Uncontrolled Memory Allocation vulnerability in Vyperlang Vyper

Vyper is a pythonic smart contract language for the EVM.

7.5
2023-05-08 CVE-2023-30551 Linuxfoundation Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Rekor

Rekor is an open source software supply chain transparency log.

7.5
2023-05-08 CVE-2023-22787 Arubanetworks
HP
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10.
7.5
2023-05-09 CVE-2021-26356 AMD Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.

7.4
2023-05-09 CVE-2023-24948 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Driver Elevation of Privilege Vulnerability

7.4
2023-05-11 CVE-2023-24539 Golang Injection vulnerability in Golang GO

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.

7.3
2023-05-11 CVE-2023-29400 Golang Injection vulnerability in Golang GO

Templates containing actions in unquoted HTML attributes (e.g.

7.3
2023-05-10 CVE-2022-21162 Intel Uncontrolled Search Path Element vulnerability in Intel NUC Hdmi Firmware Update Tool 1.78.2.0.7

Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-05-10 CVE-2023-27386 Intel Unquoted Search Path or Element vulnerability in Intel Pathfinder for Risc-V

Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-05-12 CVE-2023-20878 Vmware Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations

VMware Aria Operations contains a deserialization vulnerability.

7.2
2023-05-12 CVE-2023-29246 Apache Improper Input Validation vulnerability in Apache Openmeetings

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

7.2
2023-05-11 CVE-2023-31502 Apsystems Insufficient Verification of Data Authenticity vulnerability in Apsystems Alternergy Power Control Software C1.2.5

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php.

7.2
2023-05-10 CVE-2023-32568 Veritas OS Command Injection vulnerability in Veritas Infoscale Operations Manager

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410.

7.2
2023-05-09 CVE-2023-28128 Ivanti Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.

7.2
2023-05-09 CVE-2023-24955 Microsoft Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2
2023-05-09 CVE-2023-28832 Siemens Command Injection vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1).

7.2
2023-05-09 CVE-2023-28762 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction.

7.2
2023-05-08 CVE-2021-28998 Cmsmadesimple Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.

7.2
2023-05-08 CVE-2023-1347 Fastlinemedia Unspecified vulnerability in Fastlinemedia Customizer Export/Import

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

7.2
2023-05-08 CVE-2023-1408 Video List Manager Project Unspecified vulnerability in Video List Manager Project Video List Manager

The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-05-08 CVE-2023-2114 Basixonline Unspecified vulnerability in Basixonline Nex-Forms

The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.

7.2
2023-05-11 CVE-2023-29030 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable.

7.1
2023-05-11 CVE-2023-29031 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable.

7.1
2023-05-10 CVE-2023-22442 Intel Out-of-bounds Write vulnerability in Intel products

Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

7.1
2023-05-09 CVE-2021-26397 AMD Unspecified vulnerability in AMD products

Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability.

7.1
2023-05-09 CVE-2023-24904 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008 R2

Windows Installer Elevation of Privilege Vulnerability

7.1
2023-05-09 CVE-2020-23362 Yershop Project Improper Privilege Management vulnerability in Yershop Project Yershop

Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.

7.1
2023-05-08 CVE-2023-27968 Apple Classic Buffer Overflow vulnerability in Apple Macos 13.0/13.0.1/13.1

A buffer overflow issue was addressed with improved memory handling.

7.1
2023-05-09 CVE-2023-24899 Microsoft Race Condition vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.0

415 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-05-09 CVE-2021-46775 AMD Improper Input Validation vulnerability in AMD products

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution.

6.8
2023-05-12 CVE-2023-20879 Vmware Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations

VMware Aria Operations contains a Local privilege escalation vulnerability.

6.7
2023-05-12 CVE-2023-20880 Vmware Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation

VMware Aria Operations contains a privilege escalation vulnerability.

6.7
2023-05-12 CVE-2023-30763 Intel Out-of-bounds Write vulnerability in Intel products

Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-05-12 CVE-2023-30768 Intel Unspecified vulnerability in Intel products

Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-05-12 CVE-2023-31199 Intel Unspecified vulnerability in Intel Solid State Drive Toolbox 3.4.3

Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-05-10 CVE-2022-28699 Intel Improper Input Validation vulnerability in Intel products

Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-05-10 CVE-2022-42465 Intel Unspecified vulnerability in Intel ONE Boot Flash Update

Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-05-10 CVE-2023-25545 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

6.7
2023-05-09 CVE-2023-24932 Microsoft Unspecified vulnerability in Microsoft products

Secure Boot Security Feature Bypass Vulnerability

6.7
2023-05-08 CVE-2023-2513 Linux
Redhat
Use After Free vulnerability in multiple products

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes.

6.7
2023-05-08 CVE-2023-27933 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

6.7
2023-05-09 CVE-2023-29338 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

Visual Studio Code Spoofing Vulnerability

6.6
2023-05-12 CVE-2023-2088 Redhat Unspecified vulnerability in Redhat Openstack

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova.

6.5
2023-05-12 CVE-2023-2181 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3.

6.5
2023-05-12 CVE-2023-32081 Eclipse Improper Authentication vulnerability in Eclipse Vert.X Stomp

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client.

6.5
2023-05-12 CVE-2023-23169 Synapsoft Server-Side Request Forgery (SSRF) vulnerability in Synapsoft Pdfocus 1.17

Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal.

6.5
2023-05-11 CVE-2023-28325 Rocket Chat Improper Authentication vulnerability in Rocket.Chat

An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.

6.5
2023-05-11 CVE-2023-28361 UNI Cross-Site Request Forgery (CSRF) vulnerability in UNI Unifi OS

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.

6.5
2023-05-11 CVE-2023-29024 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable.

6.5
2023-05-11 CVE-2023-2646 TP Link Unspecified vulnerability in Tp-Link Archer C7 Firmware 180114

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic.

6.5
2023-05-10 CVE-2023-31150 Selinc Insecure Storage of Sensitive Information vulnerability in Selinc products

A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details.

6.5
2023-05-10 CVE-2023-31555 Podofo Project Unspecified vulnerability in Podofo Project Podofo 0.10.0

podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.

6.5
2023-05-10 CVE-2023-31556 Podofo Project Out-of-bounds Write vulnerability in Podofo Project Podofo 0.10.0

podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.

6.5
2023-05-10 CVE-2023-27562 N8N Path Traversal vulnerability in N8N 0.218.0

The n8n package 0.218.0 for Node.js allows Directory Traversal.

6.5
2023-05-10 CVE-2022-40685 Intel Insufficiently Protected Credentials vulnerability in Intel Data Center Manager

Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

6.5
2023-05-10 CVE-2023-22361 Seiko SOL Unspecified vulnerability in Seiko-Sol products

Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver.

6.5
2023-05-10 CVE-2023-23901 Seiko SOL Improper Certificate Validation vulnerability in Seiko-Sol products

Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver.

6.5
2023-05-10 CVE-2023-24586 Seiko SOL Cleartext Storage of Sensitive Information vulnerability in Seiko-Sol products

Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver.

6.5
2023-05-10 CVE-2023-25070 Seiko SOL Cleartext Transmission of Sensitive Information vulnerability in Seiko-Sol products

Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver.

6.5
2023-05-10 CVE-2023-32573 QT
Redhat
Divide By Zero vulnerability in multiple products

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.

6.5
2023-05-09 CVE-2023-24944 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Driver Information Disclosure Vulnerability

6.5
2023-05-09 CVE-2023-24950 Microsoft Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

Microsoft SharePoint Server Spoofing Vulnerability

6.5
2023-05-09 CVE-2023-24954 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5
2023-05-09 CVE-2023-29324 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Security Feature Bypass Vulnerability

6.5
2023-05-09 CVE-2023-31138 Dhis2 Incorrect Authorization vulnerability in Dhis2 Dhis 2

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture.

6.5
2023-05-09 CVE-2023-32060 Dhis2 Incorrect Authorization vulnerability in Dhis2 Dhis 2

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture.

6.5
2023-05-09 CVE-2022-4537 Wpplugins Insufficient Verification of Data Authenticity vulnerability in Wpplugins Hide MY WP Ghost

The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18.

6.5
2023-05-08 CVE-2023-2478 Gitlab Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2.

6.5
2023-05-08 CVE-2023-31125 Socket Uncaught Exception vulnerability in Socket Engine.Io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO.

6.5
2023-05-08 CVE-2023-31140 Openproject Insufficient Session Expiration vulnerability in Openproject

OpenProject is open source project management software.

6.5
2023-05-08 CVE-2023-23528 Apple Out-of-bounds Read vulnerability in Apple Iphone OS

An out-of-bounds read was addressed with improved bounds checking.

6.5
2023-05-08 CVE-2023-27954 Apple
Debian
The issue was addressed by removing origin information.
6.5
2023-05-08 CVE-2023-28180 Apple Unspecified vulnerability in Apple Macos

A denial-of-service issue was addressed with improved memory handling.

6.5
2023-05-08 CVE-2023-28182 Apple Improper Authentication vulnerability in Apple Iphone OS and Macos

The issue was addressed with improved authentication.

6.5
2023-05-08 CVE-2023-1979 Google Incorrect Authorization vulnerability in Google web Stories

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password.

6.5
2023-05-08 CVE-2020-22334 Beescms Cross-Site Request Forgery (CSRF) vulnerability in Beescms 4.0

Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.

6.5
2023-05-08 CVE-2023-0522 Enable Disable Auto Login When Register Project Unspecified vulnerability in Enable/Disable Auto Login When Register Project Enable/Disable Auto Login When Register 1.1.0

The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2023-05-08 CVE-2023-27945 Apple Unspecified vulnerability in Apple Xcode

This issue was addressed with improved entitlements.

6.3
2023-05-08 CVE-2023-27966 Apple Unspecified vulnerability in Apple Macos 13.0/13.0.1/13.1

The issue was addressed with improved checks.

6.3
2023-05-14 CVE-2023-2692 ICT Laboratory Management System Project Cross-site Scripting vulnerability in ICT Laboratory Management System Project ICT Laboratory Management System 1.0

A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic.

6.1
2023-05-12 CVE-2022-48020 Vinteo Cross-site Scripting vulnerability in Vinteo Video Core 2.36.4

Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter.

6.1
2023-05-12 CVE-2023-27237 Lavalite Cross-site Scripting vulnerability in Lavalite 9.0.0

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.

6.1
2023-05-12 CVE-2023-2671 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability was found in SourceCodester Lost and Found Information System 1.0.

6.1
2023-05-12 CVE-2023-2667 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic.

6.1
2023-05-12 CVE-2021-39036 IBM Cross-site Scripting vulnerability in IBM Cognos Analytics 11.1/11.2

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.

6.1
2023-05-12 CVE-2023-29808 Companymaps Project Cross-site Scripting vulnerability in Companymaps Project Companymaps 8.0

Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code.

6.1
2023-05-11 CVE-2023-28358 Rocket Chat Cross-site Scripting vulnerability in Rocket.Chat

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags.

6.1
2023-05-11 CVE-2023-29791 Kodcloud Cross-site Scripting vulnerability in Kodcloud Kodbox

kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information.

6.1
2023-05-11 CVE-2023-30394 Moveit Cross-site Scripting vulnerability in Moveit 1.1.11

The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function.

6.1
2023-05-11 CVE-2023-25309 Fetlife Cross-site Scripting vulnerability in Fetlife Rollout-Ui

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.

6.1
2023-05-11 CVE-2023-29023 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable.

6.1
2023-05-11 CVE-2023-2657 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0.

6.1
2023-05-11 CVE-2023-30256 Webkul Cross-site Scripting vulnerability in Webkul Qloapps 1.5.2

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.

6.1
2023-05-10 CVE-2023-32070 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

6.1
2023-05-10 CVE-2022-47441 Wpcharitable Cross-site Scripting vulnerability in Wpcharitable Charitable

Unauth.

6.1
2023-05-10 CVE-2022-47590 Fugu Cross-site Scripting vulnerability in Fugu Maintenance Switch

Unauth.

6.1
2023-05-10 CVE-2022-47600 I13Websolution Cross-site Scripting vulnerability in I13Websolution Mass Email to Users

Unauth.

6.1
2023-05-10 CVE-2023-27419 Everestthemes Cross-site Scripting vulnerability in Everestthemes Viable Blog

Unauth.

6.1
2023-05-10 CVE-2023-27455 Mauimarketing Cross-site Scripting vulnerability in Mauimarketing Update Image TAG ALT Attribute

Unauth.

6.1
2023-05-10 CVE-2023-29101 Muffingroup Cross-site Scripting vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1

Unauth.

6.1
2023-05-10 CVE-2023-24392 I13Websolution Cross-site Scripting vulnerability in I13Websolution Full Width Banner Slider WP

Unauth.

6.1
2023-05-10 CVE-2023-27918 TMS Outsource Cross-site Scripting vulnerability in Tms-Outsource Amelia

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL.

6.1
2023-05-10 CVE-2023-30777 Advancedcustomfields Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields

Unauth.

6.1
2023-05-09 CVE-2023-25831 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis 10.7.1/10.8.1/10.9.1

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

6.1
2023-05-09 CVE-2021-46759 AMD Out-of-bounds Write vulnerability in AMD products

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.

6.1
2023-05-09 CVE-2023-25829 Esri Open Redirect vulnerability in Esri Portal for Arcgis 10.9.1/11.0

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

6.1
2023-05-09 CVE-2023-25830 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis 10.7.1/10.8.1/10.9.1

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

6.1
2023-05-09 CVE-2020-18280 MD Project Cross-site Scripting vulnerability in MD Project MD 1.0

Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function.

6.1
2023-05-09 CVE-2023-31144 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS

Craft CMS is a content management system.

6.1
2023-05-09 CVE-2023-31801 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

6.1
2023-05-09 CVE-2022-46822 Jazzcash Cross-site Scripting vulnerability in Jazzcash Woocommerce Jazzcash Gateway

Unauth.

6.1
2023-05-09 CVE-2022-46858 Product Specifications FOR Woocommerce Project Cross-site Scripting vulnerability in Product Specifications for Woocommerce Project Product Specifications for Woocommerce 0.6.0

Unauth.

6.1
2023-05-09 CVE-2022-46864 Woocommerce Custom Checkout Fields Editor With Drag Drop Project Cross-site Scripting vulnerability in Woocommerce Custom Checkout Fields Editor With Drag & Drop Project Woocommerce Custom Checkout Fields Editor With Drag & Drop

Unauth.

6.1
2023-05-09 CVE-2023-30741 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link.

6.1
2023-05-09 CVE-2023-30742 SAP Cross-site Scripting vulnerability in SAP products

SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session.

6.1
2023-05-09 CVE-2023-30743 SAP Cross-site Scripting vulnerability in SAP Sapui5

Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS.

6.1
2023-05-09 CVE-2023-31406 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link.

6.1
2023-05-08 CVE-2023-22710 Return AND Warranty Management System FOR Woocommerce Project Cross-site Scripting vulnerability in Return and Warranty Management System for Woocommerce Project Return and Warranty Management System for Woocommerce

Unauth.

6.1
2023-05-08 CVE-2023-2582 Strikingly Unspecified vulnerability in Strikingly

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly.

6.1
2023-05-08 CVE-2023-30334 Asmbb Project Cross-site Scripting vulnerability in Asmbb Project Asmbb 2.9.1

AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.

6.1
2023-05-08 CVE-2023-31180 Wjjsoft Cross-site Scripting vulnerability in Wjjsoft Innokb 2.2.1

WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request.

6.1
2023-05-08 CVE-2023-31183 Cybonet Cross-site Scripting vulnerability in Cybonet Pineapp Mail Secure

Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.

6.1
2023-05-08 CVE-2022-45065 Squirrly Cross-site Scripting vulnerability in Squirrly SEO Plugin BY Squirrly SEO

Unauth.

6.1
2023-05-08 CVE-2022-47439 Rocketapps Cross-site Scripting vulnerability in Rocketapps Open Graphite

Unauth.

6.1
2023-05-08 CVE-2020-18282 5None Cross-site Scripting vulnerability in 5None Nonecms 1.3.0

Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.

6.1
2023-05-08 CVE-2020-19660 Ipandao Cross-site Scripting vulnerability in Ipandao Editor.Md 1.5.0

Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.

6.1
2023-05-08 CVE-2020-21038 Typecho Open Redirect vulnerability in Typecho 1.117.10.30

Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.

6.1
2023-05-08 CVE-2023-0421 Cloud Manager Project Unspecified vulnerability in Cloud Manager Project Cloud Manager

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.

6.1
2023-05-08 CVE-2023-0514 Membership Database Project Unspecified vulnerability in Membership Database Project Membership Database

The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-05-08 CVE-2023-0948 Artisanworkshop Cross-site Scripting vulnerability in Artisanworkshop Japanized for Woocommerce

The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

6.1
2023-05-08 CVE-2023-1011 Quantumcloud Unspecified vulnerability in Quantumcloud AI Chatbot

The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.

6.1
2023-05-08 CVE-2023-1660 Quantumcloud Unspecified vulnerability in Quantumcloud AI Chatbot

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard

6.1
2023-05-08 CVE-2023-1806 Wpinventory Unspecified vulnerability in Wpinventory WP Inventory Manager

The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.

6.1
2023-05-08 CVE-2022-46799 I13Websolution Cross-site Scripting vulnerability in I13Websolution Easy Testimonial Slider and Form

Unauth.

6.1
2023-05-10 CVE-2022-32577 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access

6.0
2023-05-09 CVE-2023-20098 Cisco Path Traversal vulnerability in Cisco Sd-Wan Vmanage

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands.

6.0
2023-05-11 CVE-2023-29022 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.

5.9
2023-05-11 CVE-2023-29025 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.

5.9
2023-05-11 CVE-2023-29026 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.

5.9
2023-05-11 CVE-2023-29027 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.

5.9
2023-05-11 CVE-2023-29028 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.

5.9
2023-05-11 CVE-2023-29029 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation products

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface.

5.9
2023-05-10 CVE-2023-32570 Videolan
Fedoraproject
Race Condition vulnerability in multiple products

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.

5.9
2023-05-09 CVE-2023-28125 Ivanti Race Condition vulnerability in Ivanti Avalanche

An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.

5.9
2023-05-09 CVE-2023-28126 Ivanti Race Condition vulnerability in Ivanti Avalanche

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.

5.9
2023-05-09 CVE-2021-46792 AMD Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.

5.9
2023-05-09 CVE-2023-24900 Microsoft Unspecified vulnerability in Microsoft products

Windows NTLM Security Support Provider Information Disclosure Vulnerability

5.9
2023-05-09 CVE-2023-31136 Vapor Insufficiently Protected Credentials vulnerability in Vapor Postgresnio

PostgresNIO is a Swift client for PostgreSQL.

5.9
2023-05-09 CVE-2023-28764 SAP Insufficiently Protected Credentials vulnerability in SAP Businessobjects 4.20/4.30

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network.

5.9
2023-05-08 CVE-2023-31141 Amazon Incorrect Authorization vulnerability in Amazon Opensearch Security

OpenSearch is open-source software suite for search, analytics, and observability applications.

5.9
2023-05-12 CVE-2023-32303 Planet Incorrect Permission Assignment for Critical Resource vulnerability in Planet

Planet is software that provides satellite data.

5.5
2023-05-12 CVE-2023-31913 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.

5.5
2023-05-12 CVE-2023-31914 Jerryscript Unspecified vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.

5.5
2023-05-12 CVE-2023-31916 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c.

5.5
2023-05-12 CVE-2023-31918 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.

5.5
2023-05-12 CVE-2023-31919 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.

5.5
2023-05-12 CVE-2023-31920 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.

5.5
2023-05-12 CVE-2023-31921 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.

5.5
2023-05-12 CVE-2023-29818 Webroot Unspecified vulnerability in Webroot Secureanywhere

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.

5.5
2023-05-12 CVE-2023-29819 Webroot Improper Privilege Management vulnerability in Webroot Secureanywhere

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload.

5.5
2023-05-12 CVE-2023-29820 Webroot Exposure of Resource to Wrong Sphere vulnerability in Webroot Secureanywhere

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer.

5.5
2023-05-11 CVE-2023-29277 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-05-11 CVE-2023-29279 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-05-11 CVE-2023-29286 Adobe Access of Uninitialized Pointer vulnerability in Adobe Substance 3D Painter

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-05-11 CVE-2023-2662 Xpdfreader Divide By Zero vulnerability in Xpdfreader Xpdf

In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.

5.5
2023-05-11 CVE-2023-2663 Xpdfreader Uncontrolled Recursion vulnerability in Xpdfreader Xpdf

 In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.

5.5
2023-05-11 CVE-2023-2664 Xpdfreader Uncontrolled Recursion vulnerability in Xpdfreader Xpdf

 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.

5.5
2023-05-11 CVE-2023-32668 TUG
Luatex Project
Miktex
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests.
5.5
2023-05-10 CVE-2022-29840 Westerndigital Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS

Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices.

5.5
2023-05-10 CVE-2023-32076 IN Toto Project Externally Controlled Reference to a Resource in Another Sphere vulnerability in In-Toto Project In-Toto

in-toto is a framework to protect supply chain integrity.

5.5
2023-05-10 CVE-2023-31554 Glyphandcog Out-of-bounds Write vulnerability in Glyphandcog Pdfimages 4.04

xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2(Object*).

5.5
2023-05-10 CVE-2023-31557 Xpdfreader Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.04

xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readEmbeddedFileTree(Object*).

5.5
2023-05-10 CVE-2022-21239 Intel Out-of-bounds Read vulnerability in Intel Quickassist Technology 1.6/1.9.0

Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-25976 Intel Improper Input Validation vulnerability in Intel Virtual Raid on CPU

Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2022-37327 Intel Unspecified vulnerability in Intel products

Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-37409 Intel Unspecified vulnerability in Intel Integrated Performance Primitives Cryptography

Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-38087 Intel Exposure of Resource to Wrong Sphere vulnerability in Intel products

Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-40974 Intel Incomplete Cleanup vulnerability in Intel Integrated Performance Primitives Cryptography

Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-41610 Intel Incorrect Authorization vulnerability in Intel products

Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2022-41621 Intel Unspecified vulnerability in Intel Quickassist Technology 1.6

Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-41646 Intel Unspecified vulnerability in Intel Integrated Performance Primitives Cryptography

Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-41771 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Quickassist Technology 1.6

Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-41801 Intel Resource Exhaustion vulnerability in Intel Connect M 1.7.4

Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2022-41808 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Quickassist Technology 1.7.L.4.10.0

Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2022-42878 Intel NULL Pointer Dereference vulnerability in Intel Oneapi HPC Toolkit and Trace Analyzer and Collector

Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-43465 Intel Incorrect Authorization vulnerability in Intel Setup and Configuration Software

Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2022-45128 Intel Incorrect Authorization vulnerability in Intel Endpoint Management Assistant

Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2022-46279 Intel Unspecified vulnerability in Intel Retail Edge Program

Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-46645 Intel Resource Exhaustion vulnerability in Intel Smart Campus 6.1

Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2023-22379 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

5.5
2023-05-10 CVE-2023-22443 Intel Integer Overflow or Wraparound vulnerability in Intel products

Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access.

5.5
2023-05-10 CVE-2023-23909 Intel Out-of-bounds Read vulnerability in Intel Oneapi HPC Toolkit and Trace Analyzer and Collector

Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-05-10 CVE-2023-25175 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

5.5
2023-05-10 CVE-2023-25179 Intel Resource Exhaustion vulnerability in Intel Unite

Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2023-25771 Intel Unspecified vulnerability in Intel products

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2023-25772 Intel Unspecified vulnerability in Intel Retail Edge Program

Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-05-10 CVE-2023-28411 Intel Double Free vulnerability in Intel products

Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

5.5
2023-05-10 CVE-2022-4008 Octopus Resource Exhaustion vulnerability in Octopus Server

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

5.5
2023-05-09 CVE-2021-26354 AMD Classic Buffer Overflow vulnerability in AMD products

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.

5.5
2023-05-09 CVE-2021-26371 AMD Unspecified vulnerability in AMD products

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.

5.5
2023-05-09 CVE-2023-24945 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Target Service Information Disclosure Vulnerability

5.5
2023-05-09 CVE-2023-28251 Microsoft Unspecified vulnerability in Microsoft products

Windows Driver Revocation List Security Feature Bypass Vulnerability

5.5
2023-05-09 CVE-2023-2609 VIM
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

5.5
2023-05-09 CVE-2023-30083 Libming Classic Buffer Overflow vulnerability in Libming 0.4.8

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c.

5.5
2023-05-09 CVE-2023-30084 Libming Out-of-bounds Read vulnerability in Libming 0.4.8

An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c.

5.5
2023-05-09 CVE-2023-30085 Libming Classic Buffer Overflow vulnerability in Libming 0.4.8

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.

5.5
2023-05-09 CVE-2023-30086 Libtiff Out-of-bounds Write vulnerability in Libtiff 4.0.7

Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.

5.5
2023-05-09 CVE-2023-30087 Cesanta Out-of-bounds Write vulnerability in Cesanta MJS 1.26

Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.

5.5
2023-05-09 CVE-2023-30088 Cesanta Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cesanta MJS 1.26

An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.

5.5
2023-05-09 CVE-2023-31489 Frrouting
Fedoraproject
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.
5.5
2023-05-09 CVE-2023-31973 Tortall Memory Leak vulnerability in Tortall Yasm 1.3.0

yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c.

5.5
2023-05-09 CVE-2023-30985 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023 Update0001

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2).

5.5
2023-05-09 CVE-2023-31972 Tortall Use After Free vulnerability in Tortall Yasm 1.3.0

yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c.

5.5
2023-05-09 CVE-2023-31974 Tortall Use After Free vulnerability in Tortall Yasm 1.3.0

yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c.

5.5
2023-05-09 CVE-2022-38685 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In bluetooth service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-44419 Google Unspecified vulnerability in Google Android

In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE.

5.5
2023-05-09 CVE-2022-44420 Google Insufficient Verification of Data Authenticity vulnerability in Google Android

In modem, there is a possible missing verification of HashMME value in Security Mode Command.

5.5
2023-05-09 CVE-2022-47340 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In h265 codec firmware, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-05-09 CVE-2022-47487 Google Classic Buffer Overflow vulnerability in Google Android

In thermal service, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-05-09 CVE-2022-47490 Google Missing Authorization vulnerability in Google Android

In soter service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-47492 Google Missing Authorization vulnerability in Google Android

In soter service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-47493 Google Missing Authorization vulnerability in Google Android

In soter service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48231 Google NULL Pointer Dereference vulnerability in Google Android

In soter service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48232 Google Out-of-bounds Write vulnerability in Google Android

In FM service , there is a possible missing params check.

5.5
2023-05-09 CVE-2022-48233 Google Out-of-bounds Write vulnerability in Google Android

In FM service , there is a possible missing params check.

5.5
2023-05-09 CVE-2022-48234 Google Out-of-bounds Write vulnerability in Google Android

In FM service , there is a possible missing params check.

5.5
2023-05-09 CVE-2022-48241 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48242 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48370 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48371 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48375 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In contacts service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48376 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48377 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48378 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In engineermode service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2022-48379 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

5.5
2023-05-09 CVE-2023-32112 SAP Missing Authorization vulnerability in SAP S4Core and Vendor Master Hierarchy

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function.

5.5
2023-05-08 CVE-2023-23527 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-23533 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-23534 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-23535 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

5.5
2023-05-08 CVE-2023-23537 Apple Unspecified vulnerability in Apple products

A privacy issue was addressed with improved private data redaction for log entries.

5.5
2023-05-08 CVE-2023-23538 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-23542 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed with improved private data redaction for log entries.

5.5
2023-05-08 CVE-2023-27929 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

5.5
2023-05-08 CVE-2023-27931 Apple Unspecified vulnerability in Apple products

This issue was addressed by removing the vulnerable code.

5.5
2023-05-08 CVE-2023-27932 Apple
Debian
This issue was addressed with improved state management.
5.5
2023-05-08 CVE-2023-27941 Apple Unspecified vulnerability in Apple Macos

A validation issue was addressed with improved input sanitization.

5.5
2023-05-08 CVE-2023-27942 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-27943 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-27951 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-27955 Apple Unspecified vulnerability in Apple Iphone OS and Macos

The issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-27956 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

5.5
2023-05-08 CVE-2023-27961 Apple Improper Input Validation vulnerability in Apple products

Multiple validation issues were addressed with improved input sanitization.

5.5
2023-05-08 CVE-2023-27962 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-28178 Apple Unspecified vulnerability in Apple Iphone OS and Macos

A logic issue was addressed with improved validation.

5.5
2023-05-08 CVE-2023-28189 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved checks.

5.5
2023-05-08 CVE-2023-28190 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed by moving sensitive data to a more secure location.

5.5
2023-05-08 CVE-2023-28192 Apple Incorrect Default Permissions vulnerability in Apple Macos

A permissions issue was addressed with improved validation.

5.5
2023-05-08 CVE-2023-28200 Apple Improper Input Validation vulnerability in Apple Iphone OS and Macos

A validation issue was addressed with improved input sanitization.

5.5
2023-05-14 CVE-2023-2691 Personnel Property Equipment System Project Cross-site Scripting vulnerability in Personnel Property Equipment System Project Personnel Property Equipment System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0.

5.4
2023-05-12 CVE-2023-23867 Buttons X Project Cross-site Scripting vulnerability in Buttons X Project Buttons X

Auth.

5.4
2023-05-12 CVE-2023-29983 Companymaps Project Cross-site Scripting vulnerability in Companymaps Project Companymaps 8.0

Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel.

5.4
2023-05-12 CVE-2023-2678 File Tracker Manager System Project Cross-site Scripting vulnerability in File Tracker Manager System Project File Tracker Manager System 1.0

A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic.

5.4
2023-05-12 CVE-2023-28520 IBM Cross-site Scripting vulnerability in IBM Planning Analytics Local 2.0.0

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting.

5.4
2023-05-11 CVE-2023-22720 WP Links Page Project Cross-site Scripting vulnerability in WP Links Page Project WP Links Page

Auth.

5.4
2023-05-10 CVE-2023-31153 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31154 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31155 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31156 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31157 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31158 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31159 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31160 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31163 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31164 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2023-31165 Selinc Cross-site Scripting vulnerability in Selinc products

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.

5.4
2023-05-10 CVE-2022-27856 Atlasgondal Cross-site Scripting vulnerability in Atlasgondal Export ALL Urls

Auth.

5.4
2023-05-10 CVE-2022-32970 Themify Cross-site Scripting vulnerability in Themify Portfolio Post

Auth.

5.4
2023-05-10 CVE-2023-22696 Custom4Web Cross-site Scripting vulnerability in Custom4Web Affiliate Links Lite

Auth.

5.4
2023-05-10 CVE-2023-23873 Bbspoiler Project Cross-site Scripting vulnerability in Bbspoiler Project Bbspoiler

Auth.

5.4
2023-05-10 CVE-2023-22711 Agentevolution Cross-site Scripting vulnerability in Agentevolution Impress Listings

Auth.

5.4
2023-05-10 CVE-2023-23701 WEB Design Easy Sign UP Project Cross-site Scripting vulnerability in web Design Easy Sign UP Project web Design Easy Sign UP

Auth.

5.4
2023-05-10 CVE-2023-23786 Servit Cross-site Scripting vulnerability in Servit Affiliate-Toolkit

Auth.

5.4
2023-05-10 CVE-2023-27888 Sitebridge Cross-site Scripting vulnerability in Sitebridge Joruri GW

Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.

5.4
2023-05-10 CVE-2023-2614 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

5.4
2023-05-10 CVE-2023-2615 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

5.4
2023-05-10 CVE-2023-2616 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

5.4
2023-05-10 CVE-2023-25833 Esri Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Esri Portal for Arcgis

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).

5.4
2023-05-09 CVE-2023-30057 Fico Cross-site Scripting vulnerability in Fico Origination Manager Decision 4.8.1

Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

5.4
2023-05-09 CVE-2021-31711 Responsivefilemanager Cross-site Scripting vulnerability in Responsivefilemanager

Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file.

5.4
2023-05-09 CVE-2023-25834 Esri Improper Privilege Management vulnerability in Esri Portal for Arcgis

Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases.

5.4
2023-05-09 CVE-2023-31800 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

5.4
2023-05-09 CVE-2023-31802 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

5.4
2023-05-09 CVE-2023-31804 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.

5.4
2023-05-09 CVE-2023-31806 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.

5.4
2023-05-09 CVE-2023-31807 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.

5.4
2023-05-09 CVE-2023-32066 Anuko Cross-site Scripting vulnerability in Anuko Time Tracker

Time Tracker is an open source time tracking system.

5.4
2023-05-09 CVE-2023-31134 Tauri Open Redirect vulnerability in Tauri

Tauri is software for building applications for multi-platform deployment.

5.4
2023-05-09 CVE-2022-46844 Pixelgrade Cross-site Scripting vulnerability in Pixelgrade Pixfields

Auth.

5.4
2023-05-09 CVE-2023-23647 Wpmart Cross-site Scripting vulnerability in Wpmart Team Member - Team With Slider

Auth.

5.4
2023-05-09 CVE-2023-23862 Vertical Scroll Recent Post Project Cross-site Scripting vulnerability in Vertical Scroll Recent Post Project Vertical Scroll Recent Post

Auth.

5.4
2023-05-09 CVE-2022-41640 Rymera Cross-site Scripting vulnerability in Rymera Wholesale Suite

Auth.

5.4
2023-05-09 CVE-2023-23664 Convertbox Cross-site Scripting vulnerability in Convertbox Auto Embed

Auth.

5.4
2023-05-09 CVE-2023-2591 Teampass Cross-site Scripting vulnerability in Teampass

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

5.4
2023-05-09 CVE-2023-31407 SAP Cross-site Scripting vulnerability in SAP Business Planning and Consolidation 740/750

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability.

5.4
2023-05-09 CVE-2023-29188 SAP Cross-site Scripting vulnerability in SAP products

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

5.4
2023-05-08 CVE-2023-23894 Surbma Cross-site Scripting vulnerability in Surbma Gdpr Proof Cookie Consent & Notice BAR

Auth.

5.4
2023-05-08 CVE-2023-30787 Monicahq Cross-site Scripting vulnerability in Monicahq Monica 4.0.0

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter.

5.4
2023-05-08 CVE-2023-30788 Monicahq Cross-site Scripting vulnerability in Monicahq Monica 4.0.0

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter.

5.4
2023-05-08 CVE-2023-30789 Monicahq Cross-site Scripting vulnerability in Monicahq Monica 4.0.0

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.

5.4
2023-05-08 CVE-2023-30790 Monicahq Cross-site Scripting vulnerability in Monicahq Monica 4.0.0

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.

5.4
2023-05-08 CVE-2023-30860 Wwbn Cross-site Scripting vulnerability in Wwbn Avideo

WWBN AVideo is an open source video platform.

5.4
2023-05-08 CVE-2023-24408 Lightspeedhq Cross-site Scripting vulnerability in Lightspeedhq Ecwid Ecommerce Shopping Cart

Auth.

5.4
2023-05-08 CVE-2023-28493 Machothemes Cross-site Scripting vulnerability in Machothemes Newsmag 2.4.3

Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.

5.4
2023-05-08 CVE-2023-0267 Topdigitaltrends Unspecified vulnerability in Topdigitaltrends Ultimate Carousel for Wpbakery Page Builder

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-05-08 CVE-2023-0268 Topdigitaltrends Unspecified vulnerability in Topdigitaltrends Mega Addons for Wpbakery Page Builder

The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-05-08 CVE-2023-0280 Topdigitaltrends Cross-site Scripting vulnerability in Topdigitaltrends Ultimate Carousel for Elementor

The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-05-08 CVE-2023-0526 Post Shortcode Project Unspecified vulnerability in Post Shortcode Project Post Shortcode

The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-05-08 CVE-2023-0536 WP D3 Project Unspecified vulnerability in Wp-D3 Project Wp-D3

The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-05-08 CVE-2023-0537 Shapedplugin Unspecified vulnerability in Shapedplugin Product Slider for Woocommerce 1.0/1.1

The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-05-08 CVE-2023-0542 Blackbirdi Unspecified vulnerability in Blackbirdi Custom Post Type List Shortcode

The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-05-08 CVE-2023-1651 Quantumcloud Unspecified vulnerability in Quantumcloud AI Chatbot

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them.

5.4
2023-05-08 CVE-2023-1905 Timersys Unspecified vulnerability in Timersys WP Popups

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-05-08 CVE-2022-45812 Exxp Project Cross-site Scripting vulnerability in Exxp Project Exxp

Auth.

5.4
2023-05-08 CVE-2023-23668 Givewp Cross-site Scripting vulnerability in Givewp

Auth.

5.4
2023-05-08 CVE-2023-29247 Apache Cross-site Scripting vulnerability in Apache Airflow

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.

5.4
2023-05-12 CVE-2022-47880 Jedox Insufficiently Protected Credentials vulnerability in Jedox and Jedox Cloud

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.

5.3
2023-05-12 CVE-2023-28936 Apache Incorrect Comparison vulnerability in Apache Openmeetings

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

5.3
2023-05-11 CVE-2023-28359 Rocket Chat SQL Injection vulnerability in Rocket.Chat

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat.

5.3
2023-05-11 CVE-2023-0858 Canon Improper Authentication vulnerability in Canon products

Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product.

5.3
2023-05-11 CVE-2023-0859 Canon Unspecified vulnerability in Canon products

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*).

5.3
2023-05-11 CVE-2023-31445 Cassianetworks Incorrect Permission Assignment for Critical Resource vulnerability in Cassianetworks Access Controller 2.0.1

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users.

5.3
2023-05-11 CVE-2023-29986 Spring Boot Actuator Logview Project Path Traversal vulnerability in Spring-Boot-Actuator-Logview Project Spring-Boot-Actuator-Logview 0.2.13

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view.

5.3
2023-05-10 CVE-2023-2310 Selinc Unspecified vulnerability in Selinc products

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.

5.3
2023-05-10 CVE-2023-27919 Next Engine Improper Authentication vulnerability in Next-Engine Next Engine Integration

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system.

5.3
2023-05-10 CVE-2023-26126 M Static Project Path Traversal vulnerability in M.Static Project M.Static

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

5.3
2023-05-09 CVE-2023-28317 Rocket Chat Unspecified vulnerability in Rocket.Chat

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.

5.3
2023-05-09 CVE-2023-28318 Rocket Chat Unspecified vulnerability in Rocket.Chat

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration.

5.3
2023-05-09 CVE-2023-28290 Microsoft Unspecified vulnerability in Microsoft Remote Desktop

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability

5.3
2023-05-09 CVE-2023-29107 Siemens Files or Directories Accessible to External Parties vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1).

5.3
2023-05-08 CVE-2023-21404 Axis Missing Encryption of Sensitive Data vulnerability in Axis OS

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code.

5.3
2023-05-08 CVE-2023-23494 Apple Classic Buffer Overflow vulnerability in Apple Iphone OS

A buffer overflow was addressed with improved bounds checking.

5.3
2023-05-08 CVE-2023-30019 Evilmartians Server-Side Request Forgery (SSRF) vulnerability in Evilmartians Imgproxy

imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.

5.3
2023-05-09 CVE-2023-31404 SAP Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted.

5.0
2023-05-12 CVE-2023-27863 IBM Unspecified vulnerability in IBM Spectrum Protect 10.1.13

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores.

4.9
2023-05-11 CVE-2023-31473 GL Inet Command Injection vulnerability in Gl-Inet products

An issue was discovered on GL.iNet devices before 3.216.

4.9
2023-05-12 CVE-2023-22685 Tipsandtricks HQ Cross-site Scripting vulnerability in Tipsandtricks-Hq Category Specific RSS Feed Subscription

Auth.

4.8
2023-05-12 CVE-2023-23810 Snaborbital Cross-site Scripting vulnerability in Snaborbital Panorama

Auth.

4.8
2023-05-12 CVE-2023-25460 Codesolz Cross-site Scripting vulnerability in Codesolz Easy AD Manager

Auth.

4.8
2023-05-12 CVE-2023-25958 Simple Tooltips Project Cross-site Scripting vulnerability in Simple Tooltips Project Simple Tooltips

Auth.

4.8
2023-05-12 CVE-2023-28414 Apexchat Cross-site Scripting vulnerability in Apexchat

Auth.

4.8
2023-05-11 CVE-2023-2490 Useragent SPY Project Cross-site Scripting vulnerability in Useragent-Spy Project Useragent-Spy

Auth.

4.8
2023-05-10 CVE-2023-0007 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.

4.8
2023-05-10 CVE-2023-2630 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

4.8
2023-05-10 CVE-2022-47137 Wpmanageninja Cross-site Scripting vulnerability in Wpmanageninja Ninja Tables

Auth.

4.8
2023-05-10 CVE-2022-47423 WP Dtree Project Cross-site Scripting vulnerability in Wp-Dtree Project Wp-Dtree

Auth.

4.8
2023-05-10 CVE-2022-47436 Mantrabrain Cross-site Scripting vulnerability in Mantrabrain Yatra

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14.

4.8
2023-05-10 CVE-2022-47587 WP Search Analytics Project Cross-site Scripting vulnerability in WP Search Analytics Project WP Search Analytics

Auth.

4.8
2023-05-10 CVE-2022-47606 WP Cors Project Cross-site Scripting vulnerability in Wp-Cors Project Wp-Cors

Auth.

4.8
2023-05-10 CVE-2022-33961 Waspthemes Cross-site Scripting vulnerability in Waspthemes Visual CSS Style Editor

Auth.

4.8
2023-05-10 CVE-2022-46817 Flyzoo Cross-site Scripting vulnerability in Flyzoo Chat

Auth.

4.8
2023-05-10 CVE-2022-46819 Gopiplus Cross-site Scripting vulnerability in Gopiplus Continuous Announcement Scroller

Auth.

4.8
2023-05-10 CVE-2022-46861 WEB Settler Cross-site Scripting vulnerability in Web-Settler Custom Login Page Styler

Auth.

4.8
2023-05-10 CVE-2023-23794 Semalt Blocker Project Cross-site Scripting vulnerability in Semalt Blocker Project Semalt Blocker

Auth.

4.8
2023-05-10 CVE-2023-24406 Simple Popup Project Cross-site Scripting vulnerability in Simple Popup Project Simple Popup

Auth.

4.8
2023-05-10 CVE-2023-30746 Booqable Cross-site Scripting vulnerability in Booqable Rental Software Booqable Rental

Auth.

4.8
2023-05-10 CVE-2023-23788 Custom More Link Complete Project Cross-site Scripting vulnerability in Custom More Link Complete Project Custom More Link Complete

Auth.

4.8
2023-05-10 CVE-2023-23789 Premmerce Cross-site Scripting vulnerability in Premmerce Redirect Manager

Auth.

4.8
2023-05-10 CVE-2023-23812 Enhanced WP Contact Form Project Cross-site Scripting vulnerability in Enhanced WP Contact Form Project Enhanced WP Contact Form

Auth.

4.8
2023-05-10 CVE-2023-24418 Gopiplus Cross-site Scripting vulnerability in Gopiplus Tiny Carousel Horizontal Slider Plus

Auth.

4.8
2023-05-10 CVE-2023-28932 Wpmobile APP Project Cross-site Scripting vulnerability in Wpmobile.App Project Wpmobile.App

Auth.

4.8
2023-05-09 CVE-2023-31799 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.

4.8
2023-05-09 CVE-2023-31803 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.

4.8
2023-05-09 CVE-2023-31805 Chamilo Cross-site Scripting vulnerability in Chamilo LMS 1.11.18

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.

4.8
2023-05-09 CVE-2023-23732 Disqus Conditional Load Project Cross-site Scripting vulnerability in Disqus Conditional Load Project Disqus Conditional Load

Auth.

4.8
2023-05-09 CVE-2023-23733 Lazy Social Comments Project Cross-site Scripting vulnerability in Lazy Social Comments Project Lazy Social Comments

Auth.

4.8
2023-05-09 CVE-2023-23734 Userlike Cross-site Scripting vulnerability in Userlike

Auth.

4.8
2023-05-09 CVE-2023-23883 WP Content Filter Censor ALL Offensive Content From Your Site Project Cross-site Scripting vulnerability in WP Content Filter - Censor ALL Offensive Content From Your Site Project WP Content Filter - Censor ALL Offensive Content From Your Site

Auth.

4.8
2023-05-09 CVE-2023-23884 Kanbanwp Cross-site Scripting vulnerability in Kanbanwp Kanban Boards for Wordpress

Auth.

4.8
2023-05-09 CVE-2023-24372 Usbmemorydirect Cross-site Scripting vulnerability in Usbmemorydirect Simple Custom Author Profiles

Auth.

4.8
2023-05-09 CVE-2023-23793 8Web Cross-site Scripting vulnerability in 8Web Read More Without Refresh

Auth.

4.8
2023-05-09 CVE-2023-23863 Blackandwhitedigital Cross-site Scripting vulnerability in Blackandwhitedigital Treepress

Auth.

4.8
2023-05-08 CVE-2023-24376 WP Simple Events Project Cross-site Scripting vulnerability in WP Simple Events Project WP Simple Events

Auth.

4.8
2023-05-08 CVE-2022-47437 WSB Brands Project Cross-site Scripting vulnerability in WSB Brands Project WSB Brands

Auth.

4.8
2023-05-08 CVE-2023-22791 Arubanetworks
HP
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN.
4.8
2023-05-08 CVE-2020-18132 Mipcms Cross-site Scripting vulnerability in Mipcms 3.6.0

Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.

4.8
2023-05-08 CVE-2023-0544 WP Login BOX Project Unspecified vulnerability in WP Login BOX Project WP Login BOX

The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-05-08 CVE-2023-0894 Byconsole Unspecified vulnerability in Byconsole Pickup | Delivery | Dine-In Date Time

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-05-08 CVE-2023-1649 Quantumcloud Unspecified vulnerability in Quantumcloud AI Chatbot

The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-05-08 CVE-2023-25052 TE ST Cross-site Scripting vulnerability in Te-St Yandex.News Feed BY Teplitsa

Auth.

4.8
2023-05-08 CVE-2023-25452 CMS Press Project Cross-site Scripting vulnerability in CMS Press Project CMS Press

Auth.

4.8
2023-05-08 CVE-2023-28169 Easy Event Calendar Project Cross-site Scripting vulnerability in Easy Event Calendar Project Easy Event Calendar

Auth.

4.8
2023-05-08 CVE-2023-25021 Fareharbor Cross-site Scripting vulnerability in Fareharbor

Auth.

4.8
2023-05-08 CVE-2023-2566 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

4.8
2023-05-08 CVE-2023-27952 Apple Race Condition vulnerability in Apple Macos

A race condition was addressed with improved locking.

4.7
2023-05-10 CVE-2023-0008 Paloaltonetworks Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.

4.4
2023-05-10 CVE-2022-31477 Intel Improper Initialization vulnerability in Intel products

Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-05-10 CVE-2022-32582 Intel Unspecified vulnerability in Intel products

Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-05-10 CVE-2023-22447 Intel Information Exposure Through Log Files vulnerability in Intel Open Cache Acceleration Software

Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-05-10 CVE-2023-23573 Intel Unspecified vulnerability in Intel Unite

Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-05-10 CVE-2023-24475 Intel Out-of-bounds Read vulnerability in Intel products

Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

4.4
2023-05-10 CVE-2023-25776 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

4.4
2023-05-09 CVE-2022-39089 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0

In mlog service, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47334 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In phasecheck server, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47469 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47470 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47485 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In modem control device, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47486 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47488 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

In spipe drive, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47489 Google Integer Overflow or Wraparound vulnerability in Google Android

In soter service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47491 Google Classic Buffer Overflow vulnerability in Google Android

In soter service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47494 Google Classic Buffer Overflow vulnerability in Google Android

In soter service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47495 Google Classic Buffer Overflow vulnerability in Google Android

In soter service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47496 Google Classic Buffer Overflow vulnerability in Google Android

In soter service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47497 Google Classic Buffer Overflow vulnerability in Google Android

In soter service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47498 Google Classic Buffer Overflow vulnerability in Google Android

In soter service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-47499 Google Classic Buffer Overflow vulnerability in Google Android

In soter service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48235 Google Out-of-bounds Write vulnerability in Google Android

In MP3 encoder, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48236 Google Out-of-bounds Read vulnerability in Google Android

In MP3 encoder, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48237 Google Out-of-bounds Write vulnerability in Google Android

In Image filter, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48238 Google Out-of-bounds Write vulnerability in Google Android

In Image filter, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48239 Google Out-of-bounds Write vulnerability in Google Android

In camera driver, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48240 Google Out-of-bounds Write vulnerability in Google Android

In camera driver, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48372 Google Out-of-bounds Write vulnerability in Google Android

In bootcp service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48373 Google Out-of-bounds Write vulnerability in Google Android

In tee service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48374 Google Out-of-bounds Write vulnerability in Google Android

In tee service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48380 Google Out-of-bounds Write vulnerability in Google Android 10.0

In modem control device, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48381 Google Out-of-bounds Write vulnerability in Google Android 10.0

In modem control device, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48382 Google Out-of-bounds Write vulnerability in Google Android

In log service, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48385 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In cp_dump driver, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48386 Google Use After Free vulnerability in Google Android 11.0/12.0

the apipe driver, there is a possible use after free due to a logic error.

4.4
2023-05-09 CVE-2022-48387 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

the apipe driver, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-09 CVE-2022-48389 Google Out-of-bounds Write vulnerability in Google Android 10.0

In modem control device, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-05-12 CVE-2023-2674 Open EMR Improper Access Control vulnerability in Open-Emr Openemr

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

4.3
2023-05-11 CVE-2023-28357 Rocket Chat Information Exposure vulnerability in Rocket.Chat

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users.

4.3
2023-05-11 CVE-2023-28360 Brave Unspecified vulnerability in Brave

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.

4.3
2023-05-11 CVE-2023-29195 Linuxfoundation Unspecified vulnerability in Linuxfoundation Vitess

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding.

4.3
2023-05-11 CVE-2023-32082 Etcd Unspecified vulnerability in Etcd

etcd is a distributed key-value store for the data of a distributed system.

4.3
2023-05-11 CVE-2023-32075 Pimcore Unspecified vulnerability in Pimcore Customer Management Framework

The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management.

4.3
2023-05-10 CVE-2023-31162 Selinc Improper Input Validation vulnerability in Selinc products

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details.

4.3
2023-05-10 CVE-2023-31166 Selinc Path Traversal vulnerability in Selinc products

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See SEL Service Bulletin dated 2022-11-15 for more details.

4.3
2023-05-09 CVE-2023-29103 Siemens Use of Hard-coded Password vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1).

4.3
2023-05-08 CVE-2023-22813 Westerndigital Missing Authorization vulnerability in Westerndigital products

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App.

4.3
2023-05-10 CVE-2023-31151 Selinc Improper Certificate Validation vulnerability in Selinc products

An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details.

4.2

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-05-08 CVE-2023-23543 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with additional restrictions on the observability of app states.

3.6
2023-05-09 CVE-2023-2590 Answer Missing Authorization vulnerability in Answer

Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.

3.5
2023-05-09 CVE-2023-29333 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Access Denial of Service Vulnerability

3.3
2023-05-09 CVE-2023-27408 Siemens Creation of Temporary File With Insecure Permissions vulnerability in Siemens Scalance Lpe9403 Firmware 2.0

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1).

3.3
2023-05-09 CVE-2023-27409 Siemens Path Traversal vulnerability in Siemens Scalance Lpe9403 Firmware 2.0

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1).

3.3
2023-05-09 CVE-2023-31975 Yasm Project Memory Leak vulnerability in Yasm Project Yasm 1.3.0

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.

3.3
2023-05-08 CVE-2023-23523 Apple Unspecified vulnerability in Apple Iphone OS

A logic issue was addressed with improved restrictions.

3.3
2023-05-08 CVE-2023-23541 Apple Unspecified vulnerability in Apple Iphone OS

A privacy issue was addressed with improved private data redaction for log entries.

3.3
2023-05-08 CVE-2023-27928 Apple Unspecified vulnerability in Apple products

A privacy issue was addressed with improved private data redaction for log entries.

3.3
2023-05-08 CVE-2023-28194 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed with improved checks.

3.3
2023-05-09 CVE-2023-27410 Siemens Heap-based Buffer Overflow vulnerability in Siemens Scalance Lpe9403 Firmware 2.0

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1).

2.7
2023-05-09 CVE-2023-29128 Siemens Path Traversal vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1).

2.7