Weekly Vulnerabilities Reports > May 15 to 21, 2023

Overview

445 new vulnerabilities reported during this period, including 61 critical vulnerabilities and 175 high severity vulnerabilities. This weekly summary report vulnerabilities in 544 products from 207 vendors including Google, Jenkins, Cisco, Openlinksw, and Codesys. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Cross-Site Request Forgery (CSRF)", and "Improper Input Validation".

  • 362 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 184 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 227 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 46 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

61 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-05-15 CVE-2023-32314 VM2 Project Unspecified vulnerability in VM2 Project VM2

vm2 is a sandbox that can run untrusted code with Node's built-in modules.

10.0
2023-05-20 CVE-2023-2712 Rental Module Project Unrestricted Upload of File with Dangerous Type vulnerability in Rental Module Project Rental Module

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.

9.8
2023-05-20 CVE-2023-2713 Rental Module Project Authorization Bypass Through User-Controlled Key vulnerability in Rental Module Project Rental Module

Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.

9.8
2023-05-20 CVE-2023-2823 Class Scheduling System Project SQL Injection vulnerability in Class Scheduling System Project Class Scheduling System 1.0

A vulnerability was found in SourceCodester Class Scheduling System 1.0.

9.8
2023-05-20 CVE-2023-2276 Wclovers Authorization Bypass Through User-Controlled Key vulnerability in Wclovers Wcfm Membership

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7.

9.8
2023-05-19 CVE-2023-2815 Online Jewelry Store Project SQL Injection vulnerability in Online Jewelry Store Project Online Jewelry Store 1.0

A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0.

9.8
2023-05-19 CVE-2022-47984 IBM SQL Injection vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.

9.8
2023-05-19 CVE-2023-31707 SEM CMS SQL Injection vulnerability in Sem-Cms Semcms 1.5

SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.

9.8
2023-05-19 CVE-2023-2704 Vibethemes Missing Authentication for Critical Function vulnerability in Vibethemes BP Social Connect

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5.

9.8
2023-05-18 CVE-2023-23556 Facebook Out-of-bounds Write vulnerability in Facebook Hermes

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write.

9.8
2023-05-18 CVE-2023-23557 Facebook Type Confusion vulnerability in Facebook Hermes

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion.

9.8
2023-05-18 CVE-2023-25933 Facebook Type Confusion vulnerability in Facebook Hermes

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript.

9.8
2023-05-18 CVE-2023-28081 Facebook Use After Free vulnerability in Facebook Hermes

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload.

9.8
2023-05-18 CVE-2023-28753 Facebook Out-of-bounds Write vulnerability in Facebook Netconsd 0.1

netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function.

9.8
2023-05-18 CVE-2023-30470 Facebook Use After Free vulnerability in Facebook Hermes

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution.

9.8
2023-05-18 CVE-2023-30333 Perfree Unrestricted Upload of File with Dangerous Type vulnerability in Perfree Perfreeblog 3.1.2

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.

9.8
2023-05-18 CVE-2022-36327 Westerndigital Path Traversal vulnerability in Westerndigital products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.

9.8
2023-05-18 CVE-2023-2799 Cnoa OA Project Use of Hard-coded Password vulnerability in Cnoa OA Project Cnoa OA 5.1.1.5

A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5.

9.8
2023-05-18 CVE-2023-20156 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

9.8
2023-05-18 CVE-2023-20157 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

9.8
2023-05-18 CVE-2023-20158 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

9.8
2023-05-18 CVE-2023-20159 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

9.8
2023-05-18 CVE-2023-20160 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

9.8
2023-05-18 CVE-2023-20161 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

9.8
2023-05-18 CVE-2023-20162 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

9.8
2023-05-18 CVE-2023-20189 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

9.8
2023-05-18 CVE-2023-27217 Belkin Out-of-bounds Write vulnerability in Belkin F7C063 Firmware 2.00.11420.Owrt.Pvtsnsv2

A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.

9.8
2023-05-18 CVE-2023-31729 Totolink Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.

9.8
2023-05-18 CVE-2023-29985 Student Study Center Desk Management System Project SQL Injection vulnerability in Student Study Center Desk Management System Project Student Study Center Desk Management System 1.0

Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability.

9.8
2023-05-17 CVE-2023-2319 Clusterlabs
Redhat
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591.
9.8
2023-05-17 CVE-2023-2780 Lfprojects Path Traversal: '..filename' vulnerability in Lfprojects Mlflow

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

9.8
2023-05-17 CVE-2023-2774 BUS Dispatch AND Information System Project SQL Injection vulnerability in BUS Dispatch and Information System Project BUS Dispatch and Information System 1.0

A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical.

9.8
2023-05-17 CVE-2023-2776 Simple Photo Gallery Project Unrestricted Upload of File with Dangerous Type vulnerability in Simple Photo Gallery Project Simple Photo Gallery 1.0

A vulnerability was found in code-projects Simple Photo Gallery 1.0.

9.8
2023-05-17 CVE-2023-30191 Cdesigner Project SQL Injection vulnerability in Cdesigner Project Cdesigner 3.1.3/3.2.1/3.2.2

PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent().

9.8
2023-05-17 CVE-2023-31902 Mobilemouse Unspecified vulnerability in Mobilemouse Mobile Mouse 3.6.0.4

RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).

9.8
2023-05-17 CVE-2023-31903 Freeguppy Unrestricted Upload of File with Dangerous Type vulnerability in Freeguppy Guppy 6.00.10

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.

9.8
2023-05-16 CVE-2023-27742 Idurar Project SQL Injection vulnerability in Idurar Project Idurar 1.0.0

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.

9.8
2023-05-16 CVE-2023-30189 Posthemes SQL Injection vulnerability in Posthemes Posstaticblocks

Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().

9.8
2023-05-16 CVE-2023-31890 Glazedlists Deserialization of Untrusted Data vulnerability in Glazedlists Glazed Lists 1.11.0

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.

9.8
2023-05-16 CVE-2023-2738 Tongda2000 Unrestricted Upload of File with Dangerous Type vulnerability in Tongda2000 Tongda Office Anywhere 11.10

A vulnerability classified as critical has been found in Tongda OA 11.10.

9.8
2023-05-16 CVE-2023-31519 Pharmacy Management System Project SQL Injection vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php.

9.8
2023-05-16 CVE-2023-31587 Tenda Unspecified vulnerability in Tenda AC5 Firmware 15.03.06.28

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

9.8
2023-05-16 CVE-2023-31856 Totolink Command Injection vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594B20200910

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.

9.8
2023-05-16 CVE-2023-31857 Oretnom23 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Online Computer and Laptop Store 1.0

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution.

9.8
2023-05-16 CVE-2023-2499 Metagauss Improper Authentication vulnerability in Metagauss Registrationmagic

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0.

9.8
2023-05-16 CVE-2023-32956 Synology Unspecified vulnerability in Synology Router Manager

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8
2023-05-16 CVE-2023-29961 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 1.17B01

D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,

9.8
2023-05-15 CVE-2021-0877 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android SoCAndroid ID: A-273754094

9.8
2023-05-15 CVE-2023-32308 Anuko SQL Injection vulnerability in Anuko Time Tracker

anuko timetracker is an open source time tracking system.

9.8
2023-05-15 CVE-2023-30245 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file.

9.8
2023-05-15 CVE-2023-29861 Flir Unspecified vulnerability in Flir Dvtel Camera Firmware

An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device.

9.8
2023-05-15 CVE-2022-4774 Bitapps Unspecified vulnerability in Bitapps BIT Form

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.

9.8
2023-05-15 CVE-2023-0600 Plugins Market Unspecified vulnerability in Plugins-Market WP Visitor Statistics

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

9.8
2023-05-15 CVE-2023-29862 Agasio Camera Project Unspecified vulnerability in Agasio Camera Project Agasio Camera Firmware

An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.

9.8
2023-05-15 CVE-2023-31986 Edimax Command Injection vulnerability in Edimax Br-6428Ns Firmware 1.10

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.

9.8
2023-05-15 CVE-2023-23450 Sick Improper Authentication vulnerability in Sick products

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface.

9.8
2023-05-15 CVE-2022-47937 Apache Improper Input Validation vulnerability in Apache Sling Commons Json

** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. NOTE: This vulnerability only affects products that are no longer supported by the maintainer The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore.

9.8
2023-05-15 CVE-2023-1698 Wago OS Command Injection vulnerability in Wago products

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.

9.8
2023-05-18 CVE-2023-32680 Metabase Missing Authentication for Critical Function vulnerability in Metabase

Metabase is an open source business analytics engine.

9.6
2023-05-15 CVE-2023-31131 Vmware Path Traversal vulnerability in VMWare Greenplum Database

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL.

9.1
2023-05-17 CVE-2023-31703 Escanav Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.

9.0

175 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-05-20 CVE-2022-47134 Gallery Metabox Project Cross-Site Request Forgery (CSRF) vulnerability in Gallery Metabox Project Gallery Metabox

Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions.

8.8
2023-05-20 CVE-2023-22689 Autoaffiliatelinks Cross-Site Request Forgery (CSRF) vulnerability in Autoaffiliatelinks Auto Affiliate Links

Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.

8.8
2023-05-20 CVE-2023-23890 Ljapps Cross-Site Request Forgery (CSRF) vulnerability in Ljapps WP Airbnb Review Slider

Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.

8.8
2023-05-20 CVE-2023-24414 Robosoft Cross-Site Request Forgery (CSRF) vulnerability in Robosoft Robogallery

Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions.

8.8
2023-05-20 CVE-2023-32589 Pingonline Cross-Site Request Forgery (CSRF) vulnerability in Pingonline Dyslexiefont Free

Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.

8.8
2023-05-19 CVE-2023-2806 Weaver XXE vulnerability in Weaver E-Cology 9.0

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0.

8.8
2023-05-18 CVE-2023-25698 Studiowombat Cross-Site Request Forgery (CSRF) vulnerability in Studiowombat Shoppable Images

Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions.

8.8
2023-05-18 CVE-2023-27423 Mijnpress Cross-Site Request Forgery (CSRF) vulnerability in Mijnpress Auto Prune Posts

Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions.

8.8
2023-05-18 CVE-2023-27430 Mijnpress Cross-Site Request Forgery (CSRF) vulnerability in Mijnpress Mass Delete Unused Tags

Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions.

8.8
2023-05-18 CVE-2023-20003 Cisco Missing Authentication for Critical Function vulnerability in Cisco products

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication.

8.8
2023-05-18 CVE-2023-20182 Cisco Improper Input Validation vulnerability in Cisco DNA Center

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user.

8.8
2023-05-17 CVE-2023-2203 Webkitgtk
Redhat
Use After Free vulnerability in multiple products

A flaw was found in the WebKitGTK package.

8.8
2023-05-17 CVE-2023-27233 Piwigo SQL Injection vulnerability in Piwigo

Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.

8.8
2023-05-17 CVE-2023-2775 BUS Dispatch AND Information System Project SQL Injection vulnerability in BUS Dispatch and Information System Project BUS Dispatch and Information System 1.0

A vulnerability was found in code-projects Bus Dispatch and Information System 1.0.

8.8
2023-05-17 CVE-2023-2771 Online Exam System Project SQL Injection vulnerability in Online Exam System Project Online Exam System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Exam System 1.0.

8.8
2023-05-17 CVE-2023-2772 Oretnom23 SQL Injection vulnerability in Oretnom23 Budget and Expense Tracker System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0.

8.8
2023-05-17 CVE-2023-2773 BUS Dispatch AND Information System Project SQL Injection vulnerability in BUS Dispatch and Information System Project BUS Dispatch and Information System 1.0

A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical.

8.8
2023-05-17 CVE-2023-24805 Linuxfoundation
Fedoraproject
Debian
OS Command Injection vulnerability in multiple products

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos.

8.8
2023-05-17 CVE-2023-2769 Oretnom23 SQL Injection vulnerability in Oretnom23 Service Provider Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0.

8.8
2023-05-17 CVE-2023-2770 Online Exam System Project SQL Injection vulnerability in Online Exam System Project Online Exam System 1.0

A vulnerability classified as critical was found in SourceCodester Online Exam System 1.0.

8.8
2023-05-17 CVE-2023-31700 TP Link Command Injection vulnerability in Tp-Link Tl-Wpa4530 KIT Firmware 161115/170406

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.

8.8
2023-05-17 CVE-2023-31701 TP Link Command Injection vulnerability in Tp-Link Tl-Wpa4530 KIT Firmware 161115/170406

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.

8.8
2023-05-17 CVE-2023-30438 IBM Unspecified vulnerability in IBM Powervm Hypervisor Fw1010.32/Fw950/Fw950.40

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.

8.8
2023-05-17 CVE-2023-31208 Tribe29 Command Injection vulnerability in Tribe29 Checkmk

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.

8.8
2023-05-17 CVE-2023-0863 ABB Improper Authentication vulnerability in ABB products

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

8.8
2023-05-17 CVE-2023-2528 Supsystic Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24.

8.8
2023-05-17 CVE-2023-31848 Davinci Project Server-Side Request Forgery (SSRF) vulnerability in Davinci Project Davinci 0.3.0

davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).

8.8
2023-05-16 CVE-2023-2721 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-05-16 CVE-2023-2722 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-05-16 CVE-2023-2723 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-05-16 CVE-2023-2724 Google
Debian
Fedoraproject
Type Confusion vulnerability in multiple products

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-05-16 CVE-2023-2725 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-05-16 CVE-2023-2726 Google
Debian
Fedoraproject
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page.
8.8
2023-05-16 CVE-2023-30501 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host.

8.8
2023-05-16 CVE-2023-30502 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host.

8.8
2023-05-16 CVE-2023-30503 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host.

8.8
2023-05-16 CVE-2023-30504 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host.

8.8
2023-05-16 CVE-2023-30505 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host.

8.8
2023-05-16 CVE-2023-30506 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host.

8.8
2023-05-16 CVE-2023-32991 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

8.8
2023-05-16 CVE-2023-32992 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Saml Single Sign on

Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

8.8
2023-05-16 CVE-2023-32995 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saml Single Sign on

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

8.8
2023-05-16 CVE-2023-32997 Jenkins Session Fixation vulnerability in Jenkins CAS

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.

8.8
2023-05-16 CVE-2023-32998 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Appspider

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

8.8
2023-05-16 CVE-2023-32981 Jenkins Out-of-bounds Write vulnerability in Jenkins Pipeline Utility Steps 2.13.1/2.13.2

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.

8.8
2023-05-16 CVE-2023-32986 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins File Parameters

Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

8.8
2023-05-16 CVE-2023-32987 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth

A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.

8.8
2023-05-16 CVE-2023-32989 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure VM Agents

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.

8.8
2023-05-16 CVE-2023-31572 Bludit Unspecified vulnerability in Bludit 4.0.0

An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.

8.8
2023-05-16 CVE-2023-31576 S9Y Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity 2.4.0

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.

8.8
2023-05-15 CVE-2022-47379 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47380 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47381 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47382 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47383 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47384 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47385 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47386 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47387 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47388 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47389 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-15 CVE-2022-47390 Codesys Out-of-bounds Write vulnerability in Codesys products

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

8.8
2023-05-19 CVE-2023-1618 Mitsubishielectric Insecure Default Initialization of Resource vulnerability in Mitsubishielectric Melsec Ws0-Geth00200 Firmware

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory.

8.6
2023-05-20 CVE-2023-33244 Obsidian Unspecified vulnerability in Obsidian

Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.

8.2
2023-05-19 CVE-2023-20881 Cloudfoundry Improper Certificate Validation vulnerability in Cloudfoundry Capi-Release, Cf-Deployment and Loggregator-Agent

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain.

8.1
2023-05-17 CVE-2023-2706 Xootix Improper Authentication vulnerability in Xootix OTP Login Woocommerce & Gravity Forms

The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass.

8.1
2023-05-16 CVE-2023-32955 Synology Unspecified vulnerability in Synology Router Manager

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.

8.1
2023-05-20 CVE-2023-2736 Groundhogg Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8.

8.0
2023-05-20 CVE-2023-32700 Luatex Project
Miktex
TUG
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source.
7.8
2023-05-19 CVE-2023-33240 Foxit Unspecified vulnerability in Foxit PDF Editor and PDF Reader

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service.

7.8
2023-05-18 CVE-2023-31871 Opentext Unspecified vulnerability in Opentext Documentum Content Server 7.3

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root.

7.8
2023-05-18 CVE-2022-45452 Acronis Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect

Local privilege escalation due to insecure folder permissions.

7.8
2023-05-18 CVE-2022-4418 Acronis Improper Verification of Cryptographic Signature vulnerability in Acronis Cyber Protect Home Office

Local privilege escalation due to unrestricted loading of unsigned libraries.

7.8
2023-05-18 CVE-2023-33204 Sysstat Project
Fedoraproject
Debian
Integer Overflow or Wraparound vulnerability in multiple products

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c.

7.8
2023-05-17 CVE-2023-2491 GNU
Redhat
Command Injection vulnerability in multiple products

A flaw was found in the Emacs text editor.

7.8
2023-05-17 CVE-2023-31724 Yasm Project Unspecified vulnerability in Yasm Project Yasm 1.3.0.55.G101Bc

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.

7.8
2023-05-17 CVE-2023-31722 Nasm Out-of-bounds Write vulnerability in Nasm Netwide Assembler 2.16.02

There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).

7.8
2023-05-15 CVE-2023-21102 Google Unspecified vulnerability in Google Android

In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code.

7.8
2023-05-15 CVE-2023-21106 Google Double Free vulnerability in Google Android

In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free.

7.8
2023-05-15 CVE-2023-21107 Google Incorrect Default Permissions vulnerability in Google Android

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check.

7.8
2023-05-15 CVE-2023-21109 Google Unspecified vulnerability in Google Android

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code.

7.8
2023-05-15 CVE-2023-21110 Google Resource Exhaustion vulnerability in Google Android

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion.

7.8
2023-05-15 CVE-2023-21117 Google Unspecified vulnerability in Google Android 13.0

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass.

7.8
2023-05-15 CVE-2023-2124 Linux
Debian
Netapp
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal).

7.8
2023-05-15 CVE-2022-4048 Codesys Inadequate Encryption Strength vulnerability in Codesys Development System V3

Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.

7.7
2023-05-21 CVE-2023-33252 0Kims Unspecified vulnerability in 0Kims Snarkjs

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

7.5
2023-05-20 CVE-2023-1692 Huawei Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Emui and Harmonyos

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

7.5
2023-05-20 CVE-2023-1693 Huawei Improper Privilege Management vulnerability in Huawei Emui and Harmonyos

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

7.5
2023-05-20 CVE-2023-1694 Huawei Improper Privilege Management vulnerability in Huawei Emui and Harmonyos

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

7.5
2023-05-20 CVE-2023-1696 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.

7.5
2023-05-19 CVE-2023-30199 Webbax Path Traversal vulnerability in Webbax Customexporter

Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php.

7.5
2023-05-19 CVE-2022-30114 Fastweb Out-of-bounds Write vulnerability in Fastweb products

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.

7.5
2023-05-18 CVE-2023-23759 Facebook Reachable Assertion vulnerability in Facebook Fizz

There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely.

7.5
2023-05-18 CVE-2023-24832 Facebook NULL Pointer Dereference vulnerability in Facebook Hermes

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true.

7.5
2023-05-18 CVE-2023-24833 Facebook Use After Free vulnerability in Facebook Hermes

A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap.

7.5
2023-05-18 CVE-2023-2024 Johnsoncontrols Improper Authentication vulnerability in Johnsoncontrols Openblue Enterprise Manager Data Collector

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.

7.5
2023-05-18 CVE-2023-31655 Redis Unspecified vulnerability in Redis 7.0.10

redis-7.0.10 was discovered to contain a segmentation violation.

7.5
2023-05-18 CVE-2023-0965 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

7.5
2023-05-18 CVE-2023-1132 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

7.5
2023-05-18 CVE-2023-2481 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

7.5
2023-05-18 CVE-2023-32096 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

7.5
2023-05-18 CVE-2023-32097 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

7.5
2023-05-18 CVE-2023-32098 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

7.5
2023-05-18 CVE-2023-32099 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

7.5
2023-05-18 CVE-2023-32100 Silabs Unspecified vulnerability in Silabs Gecko Software Development KIT

Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

7.5
2023-05-18 CVE-2023-2789 GNU Improper Resource Shutdown or Release vulnerability in GNU Cflow 1.7

A vulnerability was found in GNU cflow 1.7.

7.5
2023-05-18 CVE-2022-45450 Acronis Files or Directories Accessible to External Parties vulnerability in Acronis Agent and Cyber Protect

Sensitive information disclosure and manipulation due to improper authorization.

7.5
2023-05-18 CVE-2022-45453 Acronis Inadequate Encryption Strength vulnerability in Acronis Cyber Protect 15

TLS/SSL weak cipher suites enabled.

7.5
2023-05-18 CVE-2022-45457 Acronis Improper Certificate Validation vulnerability in Acronis Agent and Cyber Protect

Sensitive information disclosure and manipulation due to improper certification validation.

7.5
2023-05-18 CVE-2022-45458 Acronis Improper Certificate Validation vulnerability in Acronis Agent and Cyber Protect

Sensitive information disclosure and manipulation due to improper certification validation.

7.5
2023-05-18 CVE-2022-45459 Acronis Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect

Sensitive information disclosure due to insecure registry permissions.

7.5
2023-05-18 CVE-2023-20024 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.

7.5
2023-05-17 CVE-2023-2295 Libreswan
Redhat
A vulnerability was found in the libreswan library.
7.5
2023-05-17 CVE-2023-32767 Symcon Path Traversal vulnerability in Symcon IP Symcon

The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via ..

7.5
2023-05-17 CVE-2023-2765 Weaver Absolute Path Traversal vulnerability in Weaver Office Automation 9.5

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic.

7.5
2023-05-17 CVE-2023-2766 Weaver Files or Directories Accessible to External Parties vulnerability in Weaver Office Automation 9.5

A vulnerability was found in Weaver OA 9.5 and classified as problematic.

7.5
2023-05-17 CVE-2023-31904 Savysoda Path Traversal vulnerability in Savysoda Wifi HD Wireless Disk Drive 11

savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.

7.5
2023-05-16 CVE-2023-31677 Luowice Unspecified vulnerability in Luowice 3.5.18

Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter.

7.5
2023-05-16 CVE-2023-31679 Videogo Project Unspecified vulnerability in Videogo Project Videogo 6.8.1

Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter.

7.5
2023-05-16 CVE-2023-33000 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Ns-Nd Integration Performance Publisher

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.

7.5
2023-05-16 CVE-2023-33001 Jenkins Information Exposure Through Log Files vulnerability in Jenkins Hashicorp Vault

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

7.5
2023-05-16 CVE-2023-28076 Dell Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Cloudlink

CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability.

7.5
2023-05-15 CVE-2023-32309 Pymdown Extensions Project Path Traversal vulnerability in Pymdown Extensions Project Pymdown Extensions

PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project.

7.5
2023-05-15 CVE-2023-31607 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31608 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31609 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31610 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31611 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31612 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31613 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31614 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

7.5
2023-05-15 CVE-2023-31615 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31616 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31617 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31618 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31619 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31620 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31621 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31622 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31623 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31624 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31625 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31626 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31627 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31628 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31629 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31630 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-31631 Openlinksw SQL Injection vulnerability in Openlinksw Virtuoso 7.2.9

An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-05-15 CVE-2023-32787 Opcfoundation Resource Exhaustion vulnerability in Opcfoundation UA Java Legacy

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.

7.5
2023-05-15 CVE-2023-0812 Miniorange Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.

7.5
2023-05-15 CVE-2023-2180 Kiwiz Invoices Certification PDF System Project Unspecified vulnerability in Kiwiz Invoices Certification & PDF System Project Kiwiz Invoices Certification & PDF System

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)

7.5
2023-05-15 CVE-2023-23445 Sick Incorrect Authorization vulnerability in Sick products

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface.

7.5
2023-05-15 CVE-2023-23446 Sick Incorrect Authorization vulnerability in Sick products

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.

7.5
2023-05-15 CVE-2023-23447 Sick Resource Exhaustion vulnerability in Sick products

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface.

7.5
2023-05-15 CVE-2023-31408 Sick Cleartext Storage of Sensitive Information vulnerability in Sick products

Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks.

7.5
2023-05-15 CVE-2023-31409 Sick Resource Exhaustion vulnerability in Sick products

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.

7.5
2023-05-15 CVE-2022-47391 Codesys Improper Input Validation vulnerability in Codesys products

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

7.5
2023-05-15 CVE-2023-22318 Tribe29 Improper Locking vulnerability in Tribe29 Checkmk Appliance Firmware

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.

7.5
2023-05-15 CVE-2023-32784 Keepass Cleartext Transmission of Sensitive Information vulnerability in Keepass

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running.

7.5
2023-05-15 CVE-2023-32758 Coala Unspecified vulnerability in Coala Git-Url-Parse

giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs.

7.5
2023-05-19 CVE-2023-32679 Craftcms Injection vulnerability in Craftcms Craft CMS

Craft CMS is an open source content management system.

7.2
2023-05-18 CVE-2019-25137 Umbraco XML Injection (aka Blind XPath Injection) vulnerability in Umbraco CMS

Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.

7.2
2023-05-18 CVE-2023-20163 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.

7.2
2023-05-18 CVE-2023-20164 Cisco OS Command Injection vulnerability in Cisco Identity Services Engine

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.

7.2
2023-05-17 CVE-2023-31702 Escanav SQL Injection vulnerability in Escanav Escan Management Console 14.0.1400.2281

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

7.2
2023-05-17 CVE-2023-2756 Pimcore SQL Injection vulnerability in Pimcore Customer Management Framework

SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.

7.2
2023-05-16 CVE-2023-2548 Metagauss Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Registrationmagic

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5.

7.2
2023-05-15 CVE-2023-1207 Riverside Unspecified vulnerability in Riverside Http Headers

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.

7.2
2023-05-15 CVE-2023-1549 AD Inserter Project Unspecified vulnerability in AD Inserter Project AD Inserter

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

7.2
2023-05-15 CVE-2023-31842 Faculty Evaluation System Project SQL Injection vulnerability in Faculty Evaluation System Project Faculty Evaluation System 1.0

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=.

7.2
2023-05-15 CVE-2023-31843 Faculty Evaluation System Project SQL Injection vulnerability in Faculty Evaluation System Project Faculty Evaluation System 1.0

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=.

7.2
2023-05-15 CVE-2023-31844 Faculty Evaluation System Project SQL Injection vulnerability in Faculty Evaluation System Project Faculty Evaluation System 1.0

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=.

7.2
2023-05-15 CVE-2023-31845 Faculty Evaluation System Project SQL Injection vulnerability in Faculty Evaluation System Project Faculty Evaluation System 1.0

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=.

7.2
2023-05-19 CVE-2023-28045 Dell Missing Encryption of Sensitive Data vulnerability in Dell Cloudiq Collector

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability.

7.1
2023-05-17 CVE-2023-25394 Getvideostream Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Getvideostream Videostream 0.4.3/0.5.0

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition.

7.0

200 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-05-21 CVE-2020-36694 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in netfilter in the Linux kernel before 5.10.

6.7
2023-05-19 CVE-2023-31756 TP Link OS Command Injection vulnerability in Tp-Link Archer Vr1600V Firmware

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0.

6.7
2023-05-18 CVE-2023-20166 Cisco Path Traversal vulnerability in Cisco Identity Services Engine 3.2

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files.

6.7
2023-05-15 CVE-2023-20673 Mediatek
Google
Type Confusion vulnerability in multiple products

In vcu, there is a possible memory corruption due to type confusion.

6.7
2023-05-15 CVE-2023-20694 Google
Openwrt
Out-of-bounds Write vulnerability in multiple products

In preloader, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-05-15 CVE-2023-20695 Google
Openwrt
Out-of-bounds Write vulnerability in multiple products

In preloader, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-05-15 CVE-2023-20696 Google
Openwrt
Out-of-bounds Write vulnerability in multiple products

In preloader, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-05-15 CVE-2023-20699 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In adsp, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-05-15 CVE-2023-20700 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In widevine, there is a possible out of bounds write due to a logic error.

6.7
2023-05-15 CVE-2023-20701 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In widevine, there is a possible out of bounds write due to a logic error.

6.7
2023-05-15 CVE-2023-20707 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-05-15 CVE-2023-20708 Google Improper Input Validation vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds read due to a missing bounds check.

6.7
2023-05-15 CVE-2023-20718 Google
Yoctoproject
Improper Input Validation vulnerability in multiple products

In vcu, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-05-15 CVE-2023-20720 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In pqframework, there is a possible out of bounds read due to a missing bounds check.

6.7
2023-05-15 CVE-2023-20721 Google
Yoctoproject
Improper Input Validation vulnerability in multiple products

In isp, there is a possible out of bounds write due to improper input validation.

6.7
2023-05-15 CVE-2023-20722 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In m4u, there is a possible out of bounds write due to improper input validation.

6.7
2023-05-15 CVE-2023-21116 Google Unspecified vulnerability in Google Android

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code.

6.7
2023-05-21 CVE-2023-33254 Quest Incorrect Authorization vulnerability in Quest Kace Systems Deployment Appliance 9.0.146

There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146.

6.5
2023-05-18 CVE-2023-2025 Johnsoncontrols Exposure of Resource to Wrong Sphere vulnerability in Johnsoncontrols Openblue Enterprise Manager Data Collector

OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.

6.5
2023-05-18 CVE-2023-31597 Zammad Incorrect Authorization vulnerability in Zammad

An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user.

6.5
2023-05-18 CVE-2023-20077 Cisco Path Traversal vulnerability in Cisco Identity Services Engine

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.

6.5
2023-05-18 CVE-2023-20087 Cisco Path Traversal vulnerability in Cisco Identity Services Engine

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.

6.5
2023-05-18 CVE-2023-20110 Cisco SQL Injection vulnerability in Cisco Smart Software Manager On-Prem

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

6.5
2023-05-18 CVE-2023-20171 Cisco Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system.

6.5
2023-05-17 CVE-2023-1972 GNU Out-of-bounds Write vulnerability in GNU Binutils

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c.

6.5
2023-05-17 CVE-2023-1763 Canon Insufficiently Protected Credentials vulnerability in Canon IJ Network Tool

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.

6.5
2023-05-17 CVE-2023-1764 Canon Inadequate Encryption Strength vulnerability in Canon IJ Network Tool

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.

6.5
2023-05-17 CVE-2023-31847 Davinci Project Unspecified vulnerability in Davinci Project Davinci 0.3.0

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.

6.5
2023-05-16 CVE-2023-30281 Storecommander Unspecified vulnerability in Storecommander Scquickaccounting

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / email

6.5
2023-05-16 CVE-2023-30507 Arubanetworks Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

6.5
2023-05-16 CVE-2023-30508 Arubanetworks Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

6.5
2023-05-16 CVE-2023-30509 Arubanetworks Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

6.5
2023-05-16 CVE-2023-32990 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Azure VM Agents

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.

6.5
2023-05-15 CVE-2023-1729 Libraw
Fedoraproject
Redhat
Out-of-bounds Write vulnerability in multiple products

A flaw was found in LibRaw.

6.5
2023-05-15 CVE-2023-2179 Woocommerce Unspecified vulnerability in Woocommerce Order Status Change Notifier

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example

6.5
2023-05-15 CVE-2022-47392 Codesys Improper Input Validation vulnerability in Codesys products

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.

6.5
2023-05-15 CVE-2022-47393 Codesys Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Codesys products

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.

6.5
2023-05-15 CVE-2022-47378 Codesys Improper Input Validation vulnerability in Codesys products

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability.

6.5
2023-05-18 CVE-2023-33203 Linux
Redhat
Race Condition vulnerability in multiple products

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

6.4
2023-05-20 CVE-2023-2824 Dental Clinic Appointment Reservation System Project Cross-site Scripting vulnerability in Dental Clinic Appointment Reservation System Project Dental Clinic Appointment Reservation System 1.0

A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0.

6.1
2023-05-20 CVE-2023-2822 Ellucian Cross-site Scripting vulnerability in Ellucian Ethos Identity 5.10.5

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5.

6.1
2023-05-19 CVE-2023-1996 3DS Cross-site Scripting vulnerability in 3DS 3Dexperience

A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

6.1
2023-05-19 CVE-2023-2814 Class Scheduling System Project Cross-site Scripting vulnerability in Class Scheduling System Project Class Scheduling System 1.0

A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0.

6.1
2023-05-18 CVE-2023-29720 Sofawiki Project Cross-site Scripting vulnerability in Sofawiki Project Sofawiki

SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php.

6.1
2023-05-18 CVE-2023-30487 Thimpress Cross-site Scripting vulnerability in Thimpress Learnpress

Unauth.

6.1
2023-05-18 CVE-2023-30868 CMS Tree Page View Project Cross-site Scripting vulnerability in CMS Tree Page View Project CMS Tree Page View

Unauth.

6.1
2023-05-17 CVE-2023-29837 Exelysis Cross-site Scripting vulnerability in Exelysis Unified Communications Solution 1.0

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page.

6.1
2023-05-17 CVE-2023-2509 Asustor Cross-site Scripting vulnerability in Asustor Adm, Looksgood and Soundsgood

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps.

6.1
2023-05-17 CVE-2022-45144 Algoo Cross-site Scripting vulnerability in Algoo Tracim

Algoo Tracim before 4.4.2 allows XSS via HTML file upload.

6.1
2023-05-16 CVE-2023-2740 Guest Management System Project Cross-site Scripting vulnerability in Guest Management System Project Guest Management System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0.

6.1
2023-05-16 CVE-2023-2739 Gira Cross-site Scripting vulnerability in Gira Home Server Firmware

A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta.

6.1
2023-05-16 CVE-2023-29439 Fooplugins Cross-site Scripting vulnerability in Fooplugins Foogallery

Unauth.

6.1
2023-05-16 CVE-2023-2708 I13Websolution Cross-site Scripting vulnerability in I13Websolution Video Gallery

The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping.

6.1
2023-05-16 CVE-2023-2710 I13Websolution Cross-site Scripting vulnerability in I13Websolution Video Carousel Slider With Lightbox

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping.

6.1
2023-05-15 CVE-2023-31145 Collabora Cross-site Scripting vulnerability in Collabora Online

Collabora Online is a collaborative online office suite based on LibreOffice technology.

6.1
2023-05-15 CVE-2023-32068 Xwiki Open Redirect vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-05-15 CVE-2023-0644 Pushassist Unspecified vulnerability in Pushassist Push Notifications

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6.1
2023-05-15 CVE-2023-1596 Tagdiv Unspecified vulnerability in Tagdiv Composer

The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-05-15 CVE-2023-1835 Ninjaforms Unspecified vulnerability in Ninjaforms Ninja Forms

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-05-15 CVE-2023-1890 Pauple Unspecified vulnerability in Pauple Tablesome

The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

6.1
2023-05-15 CVE-2023-1915 I13Websolution Unspecified vulnerability in I13Websolution Thumbnail Carousel Slider

The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.

6.1
2023-05-15 CVE-2023-22706 WP Property Hive Cross-site Scripting vulnerability in Wp-Property-Hive Propertyhive

Unauth.

6.1
2023-05-15 CVE-2023-22703 Webcodin Cross-site Scripting vulnerability in Webcodin WCP Contact Form

Unauth.

6.1
2023-05-21 CVE-2023-33251 Lightbend Unspecified vulnerability in Lightbend Akka Http

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.

5.5
2023-05-19 CVE-2023-22878 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user.

5.5
2023-05-19 CVE-2023-28950 IBM Unspecified vulnerability in IBM MQ

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled.

5.5
2023-05-19 CVE-2023-28514 IBM Information Exposure Through an Error Message vulnerability in IBM MQ

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace.

5.5
2023-05-19 CVE-2023-30774 Libtiff
Apple
Out-of-bounds Write vulnerability in multiple products

A vulnerability was found in the libtiff library.

5.5
2023-05-19 CVE-2023-30775 Libtiff Out-of-bounds Write vulnerability in Libtiff 4.4.0

A vulnerability was found in the libtiff library.

5.5
2023-05-19 CVE-2023-26818 Telegram Incorrect Authorization vulnerability in Telegram 9.3.1/9.4

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.

5.5
2023-05-18 CVE-2023-1195 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel.

5.5
2023-05-18 CVE-2023-2790 Totolink Password in Configuration File vulnerability in Totolink N200Re Firmware 9.3.5U.6255B20211224

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224.

5.5
2023-05-18 CVE-2023-2782 Acronis Incorrect Authorization vulnerability in Acronis Cyber Infrastructure

Sensitive information disclosure due to improper authorization.

5.5
2023-05-17 CVE-2023-2731 Libtiff
Redhat
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file.

5.5
2023-05-17 CVE-2023-31135 Dgraph Inadequate Encryption Strength vulnerability in Dgraph

Dgraph is an open source distributed GraphQL database.

5.5
2023-05-17 CVE-2023-31723 Yasm Project Unspecified vulnerability in Yasm Project Yasm 1.3.0.55.G101Bc

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.

5.5
2023-05-17 CVE-2023-31725 Yasm Project Use After Free vulnerability in Yasm Project Yasm 1.3.0.55.G101Bc

yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.

5.5
2023-05-16 CVE-2023-2161 Schneider Electric XXE vulnerability in Schneider-Electric OPC Factory Server

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. 

5.5
2023-05-15 CVE-2023-20703 Google Out-of-bounds Read vulnerability in Google Android 12.0/13.0

In apu, there is a possible out of bounds read due to a missing bounds check.

5.5
2023-05-15 CVE-2023-20704 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In apu, there is a possible out of bounds read due to a missing bounds check.

5.5
2023-05-15 CVE-2023-20705 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In apu, there is a possible out of bounds read due to a missing bounds check.

5.5
2023-05-15 CVE-2023-20706 Google Out-of-bounds Read vulnerability in Google Android 12.0/13.0

In apu, there is a possible out of bounds read due to a missing bounds check.

5.5
2023-05-15 CVE-2023-20914 Google Cleartext Storage of Sensitive Information vulnerability in Google Android 11.0

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass.

5.5
2023-05-15 CVE-2023-20930 Google Resource Exhaustion vulnerability in Google Android

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion.

5.5
2023-05-15 CVE-2023-21103 Google Unspecified vulnerability in Google Android

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed.

5.5
2023-05-15 CVE-2023-21104 Google Incorrect Default Permissions vulnerability in Google Android 12.1/13.0

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed.

5.5
2023-05-15 CVE-2023-21111 Google Improper Input Validation vulnerability in Google Android

In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation.

5.5
2023-05-15 CVE-2023-21112 Google Out-of-bounds Read vulnerability in Google Android

In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check.

5.5
2023-05-15 CVE-2023-21118 Google Out-of-bounds Read vulnerability in Google Android

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow.

5.5
2023-05-15 CVE-2023-2700 Redhat
Fedoraproject
Memory Leak vulnerability in multiple products

A vulnerability was found in libvirt.

5.5
2023-05-21 CVE-2021-46888 Hledger Cross-site Scripting vulnerability in Hledger

An issue was discovered in hledger before 1.23.

5.4
2023-05-21 CVE-2023-2826 Class Scheduling System Project Cross-site Scripting vulnerability in Class Scheduling System Project Class Scheduling System 1.0

A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic.

5.4
2023-05-20 CVE-2023-2716 Groundhogg Missing Authorization vulnerability in Groundhogg

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8.

5.4
2023-05-20 CVE-2023-2735 Groundhogg Cross-site Scripting vulnerability in Groundhogg

The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-05-19 CVE-2023-28529 IBM Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting.

5.4
2023-05-19 CVE-2023-31757 Dedecms Cross-site Scripting vulnerability in Dedecms 5.7.108

DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'

5.4
2023-05-19 CVE-2023-31862 Jizhicms Cross-site Scripting vulnerability in Jizhicms 2.4.6

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS).

5.4
2023-05-18 CVE-2023-23667 Berocket Cross-site Scripting vulnerability in Berocket Brands for Woocommerce

Auth.

5.4
2023-05-18 CVE-2023-23999 Monsterinsights Cross-site Scripting vulnerability in Monsterinsights Google Analytics Dashboard

Auth.

5.4
2023-05-18 CVE-2023-30780 Theguidex Cross-site Scripting vulnerability in Theguidex User IP and Location

Auth.

5.4
2023-05-18 CVE-2023-2757 Plugin Cross-site Scripting vulnerability in Plugin Waiting

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2.

5.4
2023-05-18 CVE-2023-30124 Lavalite Cross-site Scripting vulnerability in Lavalite 9.0.0

LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).

5.4
2023-05-17 CVE-2023-2768 Sucms Project Cross-site Scripting vulnerability in Sucms Project Sucms 1.0

A vulnerability was found in Sucms 1.0.

5.4
2023-05-17 CVE-2023-31698 Bludit Cross-site Scripting vulnerability in Bludit 3.14.1

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.

5.4
2023-05-17 CVE-2023-2745 Wordpress Path Traversal vulnerability in Wordpress

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter.

5.4
2023-05-17 CVE-2023-2752 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.

5.4
2023-05-17 CVE-2023-2753 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.

5.4
2023-05-17 CVE-2023-30452 Morosystems Cross-site Scripting vulnerability in Morosystems Easymind

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.

5.4
2023-05-16 CVE-2023-31544 Alkacon Cross-site Scripting vulnerability in Alkacon Opencms 11.0

A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.

5.4
2023-05-16 CVE-2021-27131 Moodle Cross-site Scripting vulnerability in Moodle 3.10.1

Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php.

5.4
2023-05-16 CVE-2023-33002 Jenkins Cross-site Scripting vulnerability in Jenkins Testcomplete Support

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

5.4
2023-05-16 CVE-2023-33005 Jenkins Insufficient Session Expiration vulnerability in Jenkins Wso2 Oauth

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

5.4
2023-05-16 CVE-2023-33006 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Wso2 Oauth

A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.

5.4
2023-05-16 CVE-2023-33007 Jenkins Cross-site Scripting vulnerability in Jenkins Loadcomplete Support

Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

5.4
2023-05-16 CVE-2023-32977 Jenkins Cross-site Scripting vulnerability in Jenkins Pipeline: JOB

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

5.4
2023-05-16 CVE-2023-32984 Jenkins Cross-site Scripting vulnerability in Jenkins Testng Results

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.

5.4
2023-05-16 CVE-2023-2730 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

5.4
2023-05-16 CVE-2023-23641 Wpmanage Cross-site Scripting vulnerability in Wpmanage UJI Popup

Auth.

5.4
2023-05-16 CVE-2023-23657 Webfwd Cross-site Scripting vulnerability in Webfwd Mail Subscribe List

Auth.

5.4
2023-05-16 CVE-2023-23703 Tychesoftwares Cross-site Scripting vulnerability in Tychesoftwares Arconix Shortcodes

Auth.

5.4
2023-05-16 CVE-2023-23709 Wpjam Basic Project Cross-site Scripting vulnerability in Wpjam Basic Project Wpjam Basic

Auth.

5.4
2023-05-16 CVE-2023-23676 File Gallery Project Cross-site Scripting vulnerability in File Gallery Project File Gallery

Auth.

5.4
2023-05-15 CVE-2023-0233 Activecampaign Unspecified vulnerability in Activecampaign

The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-05-15 CVE-2023-0490 F X TOC Project Unspecified vulnerability in F(X) TOC Project F(X) TOC

The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-05-15 CVE-2023-0520 Rapidexp Unspecified vulnerability in Rapidexp Rapidexpcart

The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form.

5.4
2023-05-15 CVE-2023-1019 Help Desk WP Project Unspecified vulnerability in Help Desk WP Project Help Desk WP

The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.

5.4
2023-05-15 CVE-2023-22717 Ncrafts Cross-site Scripting vulnerability in Ncrafts Formcraft

Auth.

5.4
2023-05-15 CVE-2023-23688 Sumo Cross-site Scripting vulnerability in Sumo Social Share Boost

Auth.

5.4
2023-05-19 CVE-2023-32675 Vyperlang Always-Incorrect Control Flow Implementation vulnerability in Vyperlang Vyper

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine.

5.3
2023-05-18 CVE-2023-29857 Teslamate Project Information Exposure vulnerability in Teslamate Project Teslamate 1.27.1

An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link.

5.3
2023-05-18 CVE-2022-4870 Octopus Information Exposure Through an Error Message vulnerability in Octopus Server

In affected versions of Octopus Deploy it is possible to discover network details via error message

5.3
2023-05-17 CVE-2023-26044 Reactphp Unspecified vulnerability in Reactphp Http

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP.

5.3
2023-05-16 CVE-2023-31678 Videogo Project Unspecified vulnerability in Videogo Project Videogo 6.8.1

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended.

5.3
2023-05-16 CVE-2023-32983 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Ansible

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.

5.3
2023-05-15 CVE-2023-32313 VM2 Project Unspecified vulnerability in VM2 Project VM2

vm2 is a sandbox that can run untrusted code with Node's built-in modules.

5.3
2023-05-15 CVE-2023-23448 Sick Exposure of Resource to Wrong Sphere vulnerability in Sick products

Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code.

5.3
2023-05-15 CVE-2023-23449 Sick Information Exposure Through Discrepancy vulnerability in Sick products

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface.

5.3
2023-05-18 CVE-2022-36326 Westerndigital Resource Exhaustion vulnerability in Westerndigital products

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.

4.9
2023-05-18 CVE-2022-36328 Westerndigital Path Traversal vulnerability in Westerndigital products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.

4.9
2023-05-18 CVE-2023-32322 Ombi Path Traversal vulnerability in Ombi

Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers.

4.9
2023-05-18 CVE-2023-20167 Cisco Path Traversal vulnerability in Cisco Identity Services Engine

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files.

4.9
2023-05-18 CVE-2023-20172 Cisco Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system.

4.9
2023-05-18 CVE-2023-20173 Cisco XXE vulnerability in Cisco Identity Services Engine

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device.

4.9
2023-05-18 CVE-2023-20174 Cisco XXE vulnerability in Cisco Identity Services Engine

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device.

4.9
2023-05-18 CVE-2022-47157 Webhammer Cross-site Scripting vulnerability in Webhammer WP Custom Fields Search

Auth.

4.8
2023-05-18 CVE-2023-31233 Baidu Tongji Generator Project Cross-site Scripting vulnerability in Baidu Tongji Generator Project Baidu Tongji Generator

Auth.

4.8
2023-05-18 CVE-2023-32515 Custom Field Suite Project Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite

Auth.

4.8
2023-05-17 CVE-2023-31699 Churchcrm Cross-site Scripting vulnerability in Churchcrm 4.5.4

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.

4.8
2023-05-16 CVE-2023-32993 Jenkins Insufficient Verification of Data Authenticity vulnerability in Jenkins Saml Single Sign on

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

4.8
2023-05-16 CVE-2023-23720 Skeepers Cross-site Scripting vulnerability in Skeepers Verified Reviews (Avis Verifies)

Auth.

4.8
2023-05-16 CVE-2023-23673 Themeist Cross-site Scripting vulnerability in Themeist I Recommend This

Auth.

4.8
2023-05-16 CVE-2023-23727 Formilla Cross-site Scripting vulnerability in Formilla Live Chat

Auth.

4.8
2023-05-15 CVE-2023-0892 Bizlibrary Unspecified vulnerability in Bizlibrary

The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-05-15 CVE-2023-1839 Themeisle Unspecified vulnerability in Themeisle Product Addons & Fields for Woocommerce

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

4.8
2023-05-15 CVE-2023-23682 Duplicator Cross-site Scripting vulnerability in Duplicator EZP Maintenance Mode

Auth.

4.8
2023-05-15 CVE-2023-2009 Pretty URL Project Cross-site Scripting vulnerability in Pretty URL Project Pretty URL

Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-05-15 CVE-2023-23654 Messagebird Cross-site Scripting vulnerability in Messagebird Sparkpost

Auth.

4.8
2023-05-15 CVE-2023-23674 Rvola Cross-site Scripting vulnerability in Rvola WP Original Media Path

Auth.

4.8
2023-05-15 CVE-2023-23683 White Label Branding FOR Elementor Page Builder Project Cross-site Scripting vulnerability in White Label Branding for Elementor Page Builder Project White Label Branding for Elementor Page Builder

Auth.

4.8
2023-05-15 CVE-2023-22684 Hellobar Cross-site Scripting vulnerability in Hellobar Subscribers

Auth.

4.8
2023-05-15 CVE-2023-22690 Shopfiles Cross-site Scripting vulnerability in Shopfiles Ebook Store

Auth.

4.8
2023-05-18 CVE-2023-2800 Huggingface Insecure Temporary File vulnerability in Huggingface Transformers

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

4.7
2023-05-17 CVE-2023-1859 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel.

4.7
2023-05-21 CVE-2023-33250 Linux
Netapp
Use After Free vulnerability in multiple products

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.

4.4
2023-05-15 CVE-2023-20697 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-15 CVE-2023-20698 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-15 CVE-2023-20709 Google Improper Input Validation vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-15 CVE-2023-20710 Google Improper Input Validation vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-15 CVE-2023-20711 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-15 CVE-2023-20719 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In pqframework, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-05-20 CVE-2023-2714 Groundhogg Missing Authorization vulnerability in Groundhogg

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8.

4.3
2023-05-20 CVE-2023-2715 Groundhogg Missing Authorization vulnerability in Groundhogg

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8.

4.3
2023-05-20 CVE-2023-2717 Groundhogg Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8.

4.3
2023-05-18 CVE-2023-20183 Cisco Files or Directories Accessible to External Parties vulnerability in Cisco DNA Center

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user.

4.3
2023-05-18 CVE-2023-20184 Cisco Files or Directories Accessible to External Parties vulnerability in Cisco DNA Center

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user.

4.3
2023-05-17 CVE-2023-22348 Tribe29 Unspecified vulnerability in Tribe29 Checkmk

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.

4.3
2023-05-17 CVE-2023-2679 Snowsoftware Unspecified vulnerability in Snowsoftware Snow License Manager

Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.

4.3
2023-05-17 CVE-2023-0864 ABB Cleartext Transmission of Sensitive Information vulnerability in ABB products

Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.

4.3
2023-05-17 CVE-2023-2608 Themeisle Cross-Site Request Forgery (CSRF) vulnerability in Themeisle multiple Page Generator

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

4.3
2023-05-16 CVE-2023-29927 Sage Unspecified vulnerability in Sage 300 2020/2021/2022

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side.

4.3
2023-05-16 CVE-2023-2631 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Code DX

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

4.3
2023-05-16 CVE-2023-30510 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance.

4.3
2023-05-16 CVE-2023-2196 Jenkins Path Traversal vulnerability in Jenkins Code DX

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.

4.3
2023-05-16 CVE-2023-2632 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Code DX

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

4.3
2023-05-16 CVE-2023-2633 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Code DX

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

4.3
2023-05-16 CVE-2023-32996 Jenkins Incorrect Default Permissions vulnerability in Jenkins Saml Single Sign-On

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

4.3
2023-05-16 CVE-2023-32999 Jenkins Incorrect Default Permissions vulnerability in Jenkins Appspider

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.

4.3
2023-05-16 CVE-2023-33003 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins TAG Profiler

A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.

4.3
2023-05-16 CVE-2023-33004 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins TAG Profiler

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.

4.3
2023-05-16 CVE-2023-32978 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Lightweight Directory Access Protocol

A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.

4.3
2023-05-16 CVE-2023-32979 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Email Extension

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.

4.3
2023-05-16 CVE-2023-32980 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Email Extension

A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.

4.3
2023-05-16 CVE-2023-32982 Jenkins Missing Encryption of Sensitive Data vulnerability in Jenkins Ansible

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

4.3
2023-05-16 CVE-2023-32985 Jenkins Path Traversal vulnerability in Jenkins Sidebar Link

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

4.3
2023-05-16 CVE-2023-32988 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Azure VM Agents

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2023-05-15 CVE-2023-0761 Infigosoftware Unspecified vulnerability in Infigosoftware Clock in Portal- Staff & Attendance Management

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack

4.3
2023-05-15 CVE-2023-0762 Infigosoftware Unspecified vulnerability in Infigosoftware Clock in Portal- Staff & Attendance Management

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack

4.3
2023-05-15 CVE-2023-0763 Infigosoftware Cross-Site Request Forgery (CSRF) vulnerability in Infigosoftware Clock in Portal- Staff & Attendance Management

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack

4.3
2023-05-15 CVE-2022-22508 Codesys Improper Input Validation vulnerability in Codesys products

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.

4.3
2023-05-15 CVE-2023-20717 Google Unspecified vulnerability in Google Android 11.0/12.0/13.0

In vcu, there is a possible leak of dma buffer due to a race condition.

4.1

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-05-18 CVE-2023-20106 Cisco Unspecified vulnerability in Cisco Identity Services Engine 3.1/3.2

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system.

3.8
2023-05-19 CVE-2023-28623 Zulip Missing Authorization vulnerability in Zulip

Zulip is an open-source team collaboration tool with unique topic-based threading.

3.7
2023-05-16 CVE-2023-32994 Jenkins Improper Certificate Validation vulnerability in Jenkins Saml Single Sign on

Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

3.7
2023-05-16 CVE-2023-2195 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Code DX

A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.

3.5
2023-05-18 CVE-2022-35798 Microsoft Unspecified vulnerability in Microsoft Azure ARC Jumpstart

Azure Arc Jumpstart Information Disclosure Vulnerability

3.3
2023-05-18 CVE-2023-28369 Brother Unspecified vulnerability in Brother Iprint&Scan

Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability.

3.3
2023-05-17 CVE-2022-42336 XEN Unspecified vulnerability in XEN 4.17

Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads.

3.3
2023-05-15 CVE-2023-20726 Linuxfoundation
Rdkcentral
Google
Openwrt
Missing Authorization vulnerability in multiple products

In mnld, there is a possible leak of GPS location due to a missing permission check.

3.3
2023-05-19 CVE-2023-32677 Zulip Missing Authorization vulnerability in Zulip

Zulip is an open-source team collaboration tool with unique topic-based threading.

3.1