Weekly Vulnerabilities Reports > June 5 to 11, 2023
Overview
578 new vulnerabilities reported during this period, including 66 critical vulnerabilities and 198 high severity vulnerabilities. This weekly summary report vulnerabilities in 959 products from 275 vendors including Google, Qualcomm, Linuxfoundation, Gitlab, and IBM. Vulnerabilities are notably categorized as "Missing Authorization", "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", and "SQL Injection".
- 438 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 137 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 276 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 52 reported vulnerabilities.
- Stylemixthemes has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
66 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-06-07 | CVE-2023-27881 | PTC | Unrestricted Upload of File with Dangerous Type vulnerability in PTC Vuforia Studio A user could use the “Upload Resource” functionality to upload files to any location on the disk. | 9.9 |
2023-06-11 | CVE-2023-22583 | Danfoss | SQL Injection vulnerability in Danfoss Ak-Em100 Firmware The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | 9.8 |
2023-06-11 | CVE-2023-25911 | Danfoss | Command Injection vulnerability in Danfoss Ak-Em100 Firmware The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters. | 9.8 |
2023-06-09 | CVE-2023-34364 | Progress | Out-of-bounds Write vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. | 9.8 |
2023-06-09 | CVE-2023-3173 | Froxlor | Improper Restriction of Excessive Authentication Attempts vulnerability in Froxlor Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | 9.8 |
2023-06-08 | CVE-2023-0954 | Johnsoncontrols | Unspecified vulnerability in Johnsoncontrols products A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. | 9.8 |
2023-06-08 | CVE-2023-29402 | Golang Fedoraproject | Code Injection vulnerability in multiple products The go command may generate unexpected code at build time when using cgo. | 9.8 |
2023-06-08 | CVE-2023-29404 | Golang Fedoraproject | Code Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
2023-06-08 | CVE-2023-29405 | Golang Fedoraproject | Injection vulnerability in multiple products The go command may execute arbitrary code at build time when using cgo. | 9.8 |
2023-06-08 | CVE-2023-34566 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo. | 9.8 |
2023-06-08 | CVE-2023-33443 | Besder | Unspecified vulnerability in Besder Videoplaytool 2.0.1.0 Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints. | 9.8 |
2023-06-08 | CVE-2023-2986 | Tychesoftwares | Unspecified vulnerability in Tychesoftwares Abandoned Cart Lite for Woocommerce The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. | 9.8 |
2023-06-07 | CVE-2023-31116 | Samsung | Incorrect Default Permissions vulnerability in Samsung Exynos 5123 Firmware and Exynos 5300 Firmware An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. | 9.8 |
2023-06-07 | CVE-2023-33496 | XXL RPC Project | Deserialization of Untrusted Data vulnerability in Xxl-Rpc Project Xxl-Rpc xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode. | 9.8 |
2023-06-07 | CVE-2023-33556 | Totolink | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | 9.8 |
2023-06-07 | CVE-2023-2530 | Puppet | Unspecified vulnerability in Puppet Enterprise 2021.7.1/2023.0/2023.1.0 A privilege escalation allowing remote code execution was discovered in the orchestration service. | 9.8 |
2023-06-07 | CVE-2023-33282 | Marvalglobal | Incorrect Default Permissions vulnerability in Marvalglobal MSM 15.0 Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. | 9.8 |
2023-06-07 | CVE-2023-33863 | Renderdoc | Integer Overflow or Wraparound vulnerability in Renderdoc SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. | 9.8 |
2023-06-07 | CVE-2023-33864 | Renderdoc | Integer Overflow or Wraparound vulnerability in Renderdoc StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. | 9.8 |
2023-06-07 | CVE-2023-34237 | Sabnzbd | Unspecified vulnerability in Sabnzbd SABnzbd is an open source automated Usenet download tool. | 9.8 |
2023-06-07 | CVE-2023-20887 | Vmware | Command Injection vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a command injection vulnerability. | 9.8 |
2023-06-07 | CVE-2023-33553 | Planet | Improper Authentication vulnerability in Planet Wdrt-1800Ax Firmware 1.01Cp21 An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. | 9.8 |
2023-06-07 | CVE-2020-36705 | Tunasite | Unspecified vulnerability in Tunasite Adning Advertising 1.5.5 The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. | 9.8 |
2023-06-07 | CVE-2020-36728 | Tunasite | Unspecified vulnerability in Tunasite Adning Advertising 1.5.5 The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. | 9.8 |
2023-06-07 | CVE-2021-4380 | Valvepress | Unspecified vulnerability in Valvepress Pinterest Automatic PIN 4.14.3 The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. | 9.8 |
2023-06-07 | CVE-2023-2186 | Trianglemicroworks | Use of Externally-Controlled Format String vulnerability in Trianglemicroworks Scada Data Gateway On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. | 9.8 |
2023-06-07 | CVE-2016-15033 | Delete ALL Comments Project | Unrestricted Upload of File with Dangerous Type vulnerability in Delete ALL Comments Project Delete ALL Comments The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. | 9.8 |
2023-06-07 | CVE-2019-25138 | Plugin Planet | Unrestricted Upload of File with Dangerous Type vulnerability in Plugin-Planet User Submitted Posts The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. | 9.8 |
2023-06-07 | CVE-2019-25141 | WP Ecommerce | Missing Authorization vulnerability in Wp-Ecommerce Easy WP Smtp The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. | 9.8 |
2023-06-07 | CVE-2020-36708 | Machothemes Colorlib Cpothemes | Code Injection vulnerability in multiple products The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. | 9.8 |
2023-06-07 | CVE-2020-36713 | Inspireui | Missing Authentication for Critical Function vulnerability in Inspireui Mstore API The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. | 9.8 |
2023-06-07 | CVE-2020-36718 | Ninjateam | Deserialization of Untrusted Data vulnerability in Ninjateam Gpdr Ccpa Compliance Support The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. | 9.8 |
2023-06-07 | CVE-2020-36719 | Cridio | Missing Authorization vulnerability in Cridio Listingpro The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. | 9.8 |
2023-06-07 | CVE-2020-36724 | Wordable | Missing Authentication for Critical Function vulnerability in Wordable The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. | 9.8 |
2023-06-07 | CVE-2020-36726 | Etoilewebdesign | Deserialization of Untrusted Data vulnerability in Etoilewebdesign Ultimate Reviews The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. | 9.8 |
2023-06-07 | CVE-2020-36727 | Xyzscripts | Deserialization of Untrusted Data vulnerability in Xyzscripts Newsletter Manager The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. | 9.8 |
2023-06-07 | CVE-2021-4341 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. | 9.8 |
2023-06-07 | CVE-2021-4343 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Ulisting The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. | 9.8 |
2023-06-07 | CVE-2021-4356 | Najeebmedia | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. | 9.8 |
2023-06-07 | CVE-2021-4362 | Wpkube | Missing Authorization vulnerability in Wpkube Kiwi Social Share 2.1.0 The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. | 9.8 |
2023-06-07 | CVE-2021-4370 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. | 9.8 |
2023-06-07 | CVE-2021-4374 | Valvepress | Missing Authorization vulnerability in Valvepress Wordpress Automatic Plugin The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. | 9.8 |
2023-06-07 | CVE-2021-4381 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. | 9.8 |
2023-06-07 | CVE-2023-30400 | Anyka | Command Injection vulnerability in Anyka Ak3918Ev300 Firmware 18 An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. | 9.8 |
2023-06-06 | CVE-2023-29632 | Joommasters | SQL Injection vulnerability in Joommasters Jmspagebuilder PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. | 9.8 |
2023-06-06 | CVE-2023-34409 | Percona | Path Traversal vulnerability in Percona Monitoring and Management 2.2.0/2.2.1 In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. | 9.8 |
2023-06-06 | CVE-2023-34111 | Tdengine | Command Injection vulnerability in Tdengine Grafana The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. | 9.8 |
2023-06-06 | CVE-2023-31569 | Totolink | Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | 9.8 |
2023-06-06 | CVE-2023-33532 | Netgear | Command Injection vulnerability in Netgear R6250 Firmware 1.0.4.48 There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. | 9.8 |
2023-06-06 | CVE-2023-32540 | Advantech | Code Injection vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | 9.8 |
2023-06-06 | CVE-2023-32628 | Advantech | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | 9.8 |
2023-06-05 | CVE-2023-29629 | Jmsthemelayout Project | SQL Injection vulnerability in Jmsthemelayout Project Jmsthemelayout 2.5.5 PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php. | 9.8 |
2023-06-05 | CVE-2023-29630 | Joommasters | SQL Injection vulnerability in Joommasters JMS Drop Mega Menu 1.0.0/2.0.0 PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php. | 9.8 |
2023-06-05 | CVE-2023-29631 | Joommasters | Unrestricted Upload of File with Dangerous Type vulnerability in Joommasters JMS Slider 1.6.0 PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. | 9.8 |
2023-06-05 | CVE-2023-33386 | Marsctf Project | Unrestricted Upload of File with Dangerous Type vulnerability in Marsctf Project Marsctf 1.2.1 MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. | 9.8 |
2023-06-05 | CVE-2023-3100 | Ibos | SQL Injection vulnerability in Ibos 4.5.5 A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. | 9.8 |
2023-06-05 | CVE-2023-0635 | ABB | Unspecified vulnerability in ABB products Improper Privilege Management vulnerability in ABB Ltd. | 9.8 |
2023-06-05 | CVE-2023-0636 | ABB | Command Injection vulnerability in ABB products Improper Input Validation vulnerability in ABB Ltd. | 9.8 |
2023-06-09 | CVE-2023-1895 | Motopress | Unspecified vulnerability in Motopress Getwid - Gutenberg Blocks 1.8.3 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. | 9.6 |
2023-06-08 | CVE-2023-23482 | IBM | Unspecified vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. | 9.6 |
2023-06-07 | CVE-2020-36730 | Niteothemes | Missing Authorization vulnerability in Niteothemes CMP The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. | 9.3 |
2023-06-09 | CVE-2023-0291 | Expresstech | Unspecified vulnerability in Expresstech Quiz and Survey Master The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. | 9.1 |
2023-06-08 | CVE-2023-34239 | Gradio Project | Unspecified vulnerability in Gradio Project Gradio Gradio is an open-source Python library that is used to build machine learning and data science. | 9.1 |
2023-06-07 | CVE-2023-31114 | Samsung | Incorrect Resource Transfer Between Spheres vulnerability in Samsung Exynos 5123 Firmware and Exynos 5300 Firmware An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. | 9.1 |
2023-06-07 | CVE-2023-33604 | Imperial CMS Project | Unspecified vulnerability in Imperial CMS Project Imperial CMS 7.5 Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. | 9.1 |
2023-06-05 | CVE-2023-3065 | Mobatime | Improper Authentication vulnerability in Mobatime Amxgt 100 Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | 9.1 |
198 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-06-09 | CVE-2023-30262 | Mimsoftware | Deserialization of Untrusted Data vulnerability in Mimsoftware products An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service. | 8.8 |
2023-06-09 | CVE-2023-33557 | Thedaylightstudio | SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.2 Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | 8.8 |
2023-06-09 | CVE-2023-2237 | Yudiz | Unspecified vulnerability in Yudiz WP Replicate Post The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
2023-06-09 | CVE-2023-2249 | Gvectors | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. | 8.8 |
2023-06-09 | CVE-2023-3176 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. | 8.8 |
2023-06-09 | CVE-2023-3177 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0 A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. | 8.8 |
2023-06-09 | CVE-2023-1888 | Wpwax | Improper Input Validation vulnerability in Wpwax Directorist The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. | 8.8 |
2023-06-09 | CVE-2023-34112 | Bytedeco | Code Injection vulnerability in Bytedeco Javacpp Presets JavaCPP Presets is a project providing Java distributions of native C++ libraries. | 8.8 |
2023-06-08 | CVE-2023-34230 | Snowflake | Command Injection vulnerability in Snowflake Connector snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. | 8.8 |
2023-06-08 | CVE-2023-34232 | Snowflake | Command Injection vulnerability in Snowflake Connector snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. | 8.8 |
2023-06-08 | CVE-2023-34233 | Snowflake | Command Injection vulnerability in Snowflake Connector The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. | 8.8 |
2023-06-08 | CVE-2023-32749 | Pydio | Incorrect Authorization vulnerability in Pydio Cells Pydio Cells allows users by default to create so-called external users in order to share files with them. | 8.8 |
2023-06-08 | CVE-2023-34231 | Snowflake | Command Injection vulnerability in Snowflake Gosnowflake gosnowflake is th Snowflake Golang driver. | 8.8 |
2023-06-08 | CVE-2023-34096 | Thruk | Path Traversal vulnerability in Thruk Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. | 8.8 |
2023-06-07 | CVE-2023-33284 | Marvalglobal | Deserialization of Untrusted Data vulnerability in Marvalglobal MSM 15.0 Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. | 8.8 |
2023-06-07 | CVE-2023-34108 | Mailcow | Unspecified vulnerability in Mailcow Mailcow: Dockerized mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. | 8.8 |
2023-06-07 | CVE-2023-3150 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. | 8.8 |
2023-06-07 | CVE-2023-3151 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. | 8.8 |
2023-06-07 | CVE-2023-3152 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. | 8.8 |
2023-06-07 | CVE-2023-3148 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. | 8.8 |
2023-06-07 | CVE-2023-3149 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. | 8.8 |
2023-06-07 | CVE-2023-3146 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. | 8.8 |
2023-06-07 | CVE-2023-3147 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. | 8.8 |
2023-06-07 | CVE-2023-20888 | Vmware | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. | 8.8 |
2023-06-07 | CVE-2023-3145 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. | 8.8 |
2023-06-07 | CVE-2023-33498 | Alist Project | Unrestricted Upload of File with Dangerous Type vulnerability in Alist Project Alist alist <=3.16.3 is vulnerable to Incorrect Access Control. | 8.8 |
2023-06-07 | CVE-2021-4337 | Xforwoocommerce | Missing Authorization vulnerability in Xforwoocommerce products Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. | 8.8 |
2023-06-07 | CVE-2023-33538 | TP Link | Command Injection vulnerability in Tp-Link products TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | 8.8 |
2023-06-07 | CVE-2019-25142 | Extendthemes | Missing Authorization vulnerability in Extendthemes Materialis and Mesmerize The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). | 8.8 |
2023-06-07 | CVE-2019-25150 | Wpexperts | Injection vulnerability in Wpexperts Email Templates The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. | 8.8 |
2023-06-07 | CVE-2020-36700 | King Theme | Unspecified vulnerability in King-Theme Page Builder Kingcomposer The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. | 8.8 |
2023-06-07 | CVE-2020-36701 | King Theme | Unrestricted Upload of File with Dangerous Type vulnerability in King-Theme Page Builder King Composer The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. | 8.8 |
2023-06-07 | CVE-2020-36707 | Wpconcern | Cross-Site Request Forgery (CSRF) vulnerability in Wpconcern Nifty Coming Soon & Maintenance Mode Page The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. | 8.8 |
2023-06-07 | CVE-2020-36717 | Kaliforms | Cross-Site Request Forgery (CSRF) vulnerability in Kaliforms Kali Forms The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. | 8.8 |
2023-06-07 | CVE-2021-4349 | Coolplugins | Cross-Site Request Forgery (CSRF) vulnerability in Coolplugins Process Steps Template Designer The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. | 8.8 |
2023-06-07 | CVE-2021-4354 | Magazine3 | Unrestricted Upload of File with Dangerous Type vulnerability in Magazine3 PWA for WP & AMP The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. | 8.8 |
2023-06-07 | CVE-2021-4360 | Wpruby | Unspecified vulnerability in Wpruby Controlled Admin Access The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. | 8.8 |
2023-06-07 | CVE-2021-4361 | Eyecix | Missing Authorization vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4 The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. | 8.8 |
2023-06-07 | CVE-2021-4368 | Najeebmedia | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. | 8.8 |
2023-06-07 | CVE-2021-4382 | Recently Project | Unrestricted Upload of File with Dangerous Type vulnerability in Recently Project Recently The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. | 8.8 |
2023-06-07 | CVE-2022-4949 | Adsanityplugin XEN | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. | 8.8 |
2023-06-07 | CVE-2022-4950 | Coolplugins Cryptocurrency Payment Donation BOX Plugins | Missing Authorization vulnerability in multiple products Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. | 8.8 |
2023-06-07 | CVE-2023-33601 | Phpok | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 6.4.100 An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 |
2023-06-07 | CVE-2023-3124 | Elementor | Unspecified vulnerability in Elementor PRO 3.0.5/3.11.6 The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. | 8.8 |
2023-06-07 | CVE-2021-33223 | Seeddms | Authorization Bypass Through User-Controlled Key vulnerability in Seeddms 6.0.15 An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. | 8.8 |
2023-06-07 | CVE-2023-33781 | Dlink | Unspecified vulnerability in Dlink Dir-842V2 Firmware 1.0.3 An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. | 8.8 |
2023-06-07 | CVE-2023-33782 | Dlink | Command Injection vulnerability in Dlink Dir-842V2 Firmware 1.0.3 D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | 8.8 |
2023-06-06 | CVE-2023-33652 | Sitecore | Unsafe Reflection vulnerability in Sitecore Experience Platform 9.3 Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. | 8.8 |
2023-06-06 | CVE-2023-33653 | Sitecore | Unspecified vulnerability in Sitecore Experience Platform 9.3 Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML. | 8.8 |
2023-06-06 | CVE-2023-33959 | Notaryproject | Improper Verification of Cryptographic Signature vulnerability in Notaryproject Notation-Go notation is a CLI tool to sign and verify OCI artifacts and container images. | 8.8 |
2023-06-06 | CVE-2023-33457 | Sogou | Classic Buffer Overflow vulnerability in Sogou C++ Workflow 0.10.6 In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. | 8.8 |
2023-06-06 | CVE-2023-33533 | Netgear | Command Injection vulnerability in Netgear products Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. | 8.8 |
2023-06-06 | CVE-2023-33530 | Tenda | Command Injection vulnerability in Tenda G103 Firmware 1.0.0.5 There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. | 8.8 |
2023-06-06 | CVE-2023-0985 | Mbconnectline | Authorization Bypass Through User-Controlled Key vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. | 8.8 |
2023-06-06 | CVE-2023-3119 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Service Provider Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. | 8.8 |
2023-06-06 | CVE-2023-2833 | Wpdeveloper | Improper Privilege Management vulnerability in Wpdeveloper Reviewx The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. | 8.8 |
2023-06-06 | CVE-2023-2546 | WP User Switch Project | Unspecified vulnerability in WP User Switch Project WP User Switch The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. | 8.8 |
2023-06-06 | CVE-2015-10116 | Realfavicongenerator | Cross-Site Request Forgery (CSRF) vulnerability in Realfavicongenerator Favicon BY Realfavicongenerator A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. | 8.8 |
2023-06-05 | CVE-2023-34102 | Avohq | Unsafe Reflection vulnerability in Avohq AVO Avo is an open source ruby on rails admin panel creation framework. | 8.8 |
2023-06-05 | CVE-2023-3079 | Google Fedoraproject Debian Couchbase | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-06-05 | CVE-2013-10029 | Angrybte | Cross-Site Request Forgery (CSRF) vulnerability in Angrybte Wordpress Exit BOX Lite A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. | 8.8 |
2023-06-05 | CVE-2023-33410 | Minical | Improper Neutralization of Formula Elements in a CSV File vulnerability in Minical 1.0.0 Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. | 8.8 |
2023-06-05 | CVE-2023-34097 | Hoppscotch | Information Exposure Through Log Files vulnerability in Hoppscotch hoppscotch is an open source API development ecosystem. | 8.8 |
2023-06-05 | CVE-2023-32217 | Sailpoint | Unsafe Reflection vulnerability in Sailpoint Identityiq IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | 8.8 |
2023-06-05 | CVE-2023-0041 | IBM | Insufficient Session Expiration vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. | 8.8 |
2023-06-06 | CVE-2023-32550 | Canonical | Exposure of Resource to Wrong Sphere vulnerability in Canonical Landscape Landscape's server-status page exposed sensitive system information. | 8.2 |
2023-06-09 | CVE-2023-0292 | Expresstech | Unspecified vulnerability in Expresstech Quiz and Survey Master The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. | 8.1 |
2023-06-08 | CVE-2023-34962 | Chamilo | Unspecified vulnerability in Chamilo LMS Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes. | 8.1 |
2023-06-07 | CVE-2023-29152 | PTC | Unspecified vulnerability in PTC Vuforia Studio By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. | 8.1 |
2023-06-07 | CVE-2023-30576 | Apache | Use After Free vulnerability in Apache Guacamole Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. | 8.1 |
2023-06-07 | CVE-2023-1388 | Trellix | Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8 A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. | 8.1 |
2023-06-07 | CVE-2023-33536 | TP Link | Out-of-bounds Read vulnerability in Tp-Link products TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. | 8.1 |
2023-06-07 | CVE-2023-33537 | TP Link | Out-of-bounds Read vulnerability in Tp-Link products TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. | 8.1 |
2023-06-07 | CVE-2020-36725 | Templateinvaders | Missing Authorization vulnerability in Templateinvaders TI Woocommerce Wishlist The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. | 8.1 |
2023-06-05 | CVE-2023-3066 | Mobatime | Authorization Bypass Through User-Controlled Key vulnerability in Mobatime Amxgt 100 Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. | 8.1 |
2023-06-07 | CVE-2023-31200 | PTC | Cross-Site Request Forgery (CSRF) vulnerability in PTC Vuforia Studio PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | 8.0 |
2023-06-09 | CVE-2023-29749 | Yandex | Unspecified vulnerability in Yandex Navigator 6.60 An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 7.8 |
2023-06-09 | CVE-2023-29752 | Ekatox | Unspecified vulnerability in Ekatox Facemoji Emoji Keyboard 2.9.1.2 An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | 7.8 |
2023-06-09 | CVE-2023-29755 | Urbanandroid | Unspecified vulnerability in Urbanandroid Twilight 13.3 An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 7.8 |
2023-06-09 | CVE-2023-29757 | Leap | Unspecified vulnerability in Leap Blue Light Filter 1.5.5 An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 7.8 |
2023-06-09 | CVE-2023-29766 | Appcrossx | Unspecified vulnerability in Appcrossx Crossx 1.15.3 An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files. | 7.8 |
2023-06-09 | CVE-2019-16283 | HP | Unspecified vulnerability in HP Softpaq Installer 4.0.100.1189 A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | 7.8 |
2023-06-09 | CVE-2023-0721 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. | 7.8 |
2023-06-08 | CVE-2023-29403 | Golang Fedoraproject | Exposure of Resource to Wrong Sphere vulnerability in multiple products On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. | 7.8 |
2023-06-07 | CVE-2023-1709 | Siemens | Stack-based Buffer Overflow vulnerability in Siemens Jt2Go and Teamcenter Visualization Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process. | 7.8 |
2023-06-07 | CVE-2023-24014 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft-B 1.0.0.2 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | 7.8 |
2023-06-07 | CVE-2023-25177 | Deltaww | Stack-based Buffer Overflow vulnerability in Deltaww Cncsoft-B 1.0.0.2 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | 7.8 |
2023-06-07 | CVE-2023-2866 | Advantech | Insufficient Verification of Data Authenticity vulnerability in Advantech Webaccess 8.4.5 If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. | 7.8 |
2023-06-07 | CVE-2023-33865 | Renderdoc | Link Following vulnerability in Renderdoc RenderDoc before 1.27 allows local privilege escalation via a symlink attack. | 7.8 |
2023-06-07 | CVE-2023-0976 | Trellix | Uncontrolled Search Path Element vulnerability in Trellix Agent 5.7.7/5.7.8 A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. | 7.8 |
2023-06-07 | CVE-2022-25834 | Percona | Command Injection vulnerability in Percona Xtrabackup In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. | 7.8 |
2023-06-06 | CVE-2023-2603 | Libcap Project Redhat Fedoraproject Debian | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in libcap. | 7.8 |
2023-06-06 | CVE-2023-33747 | MGT Commerce | Path Traversal vulnerability in Mgt-Commerce Cloudpanel CloudPanel v2.2.2 allows attackers to execute a path traversal. | 7.8 |
2023-06-06 | CVE-2023-27916 | Hornerautomation | Out-of-bounds Read vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). | 7.8 |
2023-06-06 | CVE-2023-28653 | Hornerautomation | Use After Free vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). | 7.8 |
2023-06-06 | CVE-2023-29503 | Hornerautomation | Stack-based Buffer Overflow vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). | 7.8 |
2023-06-06 | CVE-2023-31244 | Hornerautomation | Access of Uninitialized Pointer vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected product does not properly validate user-supplied data. | 7.8 |
2023-06-06 | CVE-2023-31278 | Hornerautomation | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). | 7.8 |
2023-06-06 | CVE-2023-32203 | Hornerautomation | Out-of-bounds Write vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). | 7.8 |
2023-06-06 | CVE-2023-32281 | Hornerautomation | Out-of-bounds Read vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). | 7.8 |
2023-06-06 | CVE-2023-32289 | Hornerautomation | Out-of-bounds Read vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). | 7.8 |
2023-06-06 | CVE-2023-32539 | Hornerautomation | Out-of-bounds Write vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). | 7.8 |
2023-06-06 | CVE-2023-32545 | Hornerautomation | Out-of-bounds Read vulnerability in Hornerautomation Cscape and Cscape Envisionrv The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). | 7.8 |
2023-06-06 | CVE-2022-33224 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries. | 7.8 |
2023-06-06 | CVE-2022-33226 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications. | 7.8 |
2023-06-06 | CVE-2022-33227 | Qualcomm | Double Free vulnerability in Qualcomm products Memory corruption in Linux android due to double free while calling unregister provider after register call. | 7.8 |
2023-06-06 | CVE-2022-33230 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host | 7.8 |
2023-06-06 | CVE-2022-33240 | Qualcomm | Incorrect Type Conversion or Cast vulnerability in Qualcomm products Memory corruption in Audio due to incorrect type cast during audio use-cases. | 7.8 |
2023-06-06 | CVE-2022-33263 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption due to use after free in Core when multiple DCI clients register and deregister. | 7.8 |
2023-06-06 | CVE-2022-33264 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | 7.8 |
2023-06-06 | CVE-2022-33267 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in Linux while sending DRM request. | 7.8 |
2023-06-06 | CVE-2022-33307 | Qualcomm | Double Free vulnerability in Qualcomm products Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed. | 7.8 |
2023-06-06 | CVE-2022-40507 | Qualcomm | Double Free vulnerability in Qualcomm products Memory corruption due to double free in Core while mapping HLOS address to the list. | 7.8 |
2023-06-06 | CVE-2022-40522 | Qualcomm | Double Free vulnerability in Qualcomm products Memory corruption in Linux Networking due to double free while handling a hyp-assign. | 7.8 |
2023-06-06 | CVE-2022-40529 | Qualcomm | Incorrect Authorization vulnerability in Qualcomm products Memory corruption due to improper access control in kernel while processing a mapping request from root process. | 7.8 |
2023-06-06 | CVE-2023-21628 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. | 7.8 |
2023-06-06 | CVE-2023-21632 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in Automotive GPU while querying a gsl memory node. | 7.8 |
2023-06-06 | CVE-2023-21656 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Memory corruption in WLAN HOST while receiving an WMI event from firmware. | 7.8 |
2023-06-06 | CVE-2023-21657 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Memoru corruption in Audio when ADSP sends input during record use case. | 7.8 |
2023-06-06 | CVE-2023-21670 | Qualcomm | Incorrect Authorization vulnerability in Qualcomm products Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | 7.8 |
2023-06-06 | CVE-2022-48390 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a possible missing permission check. | 7.8 | |
2023-06-06 | CVE-2022-48392 | Missing Authorization vulnerability in Google Android In dialer service, there is a possible missing permission check. | 7.8 | |
2023-06-06 | CVE-2023-30863 | Missing Authorization vulnerability in Google Android 10.0 In Connectivity Service, there is a possible missing permission check. | 7.8 | |
2023-06-06 | CVE-2023-30864 | Missing Authorization vulnerability in Google Android 10.0 In Connectivity Service, there is a possible missing permission check. | 7.8 | |
2023-06-05 | CVE-2022-48181 | Lenovo | Out-of-bounds Write vulnerability in Lenovo products An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. | 7.8 |
2023-06-05 | CVE-2022-48188 | Lenovo | Out-of-bounds Write vulnerability in Lenovo products A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. | 7.8 |
2023-06-05 | CVE-2023-3027 | Redhat | Improper Privilege Management vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.5/2.6/2.7 The grc-policy-propagator allows security escalation within the cluster. | 7.8 |
2023-06-05 | CVE-2022-4569 | Lenovo | Unspecified vulnerability in Lenovo Thinkpad Hybrid Usb-C With Usb-A Dock Firmware A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation. | 7.8 |
2023-06-05 | CVE-2023-3111 | Linux Debian Netapp | Use After Free vulnerability in multiple products A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. | 7.8 |
2023-06-05 | CVE-2023-29344 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2023-06-05 | CVE-2023-33733 | Reportlab | Unspecified vulnerability in Reportlab Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. | 7.8 |
2023-06-05 | CVE-2023-3098 | Ubuntukylin | Path Traversal vulnerability in Ubuntukylin Youker-Assistant A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. | 7.8 |
2023-06-05 | CVE-2023-3096 | Kylinos | Unspecified vulnerability in Kylinos Kylin-Software-Properties A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. | 7.8 |
2023-06-05 | CVE-2023-3097 | Kylinos | OS Command Injection vulnerability in Kylinos Kylin-Software-Properties A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. | 7.8 |
2023-06-05 | CVE-2023-27285 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. | 7.8 |
2023-06-11 | CVE-2023-22584 | Danfoss | Cleartext Storage of Sensitive Information vulnerability in Danfoss Ak-Em100 Firmware The Danfoss AK-EM100 stores login credentials in cleartext. | 7.5 |
2023-06-11 | CVE-2023-22586 | Danfoss | Information Exposure vulnerability in Danfoss Ak-Em100 Firmware The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. | 7.5 |
2023-06-10 | CVE-2023-26132 | Dottie Project | Unspecified vulnerability in Dottie Project Dottie Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file. | 7.5 |
2023-06-09 | CVE-2023-1428 | Grpc | Reachable Assertion vulnerability in Grpc There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. | 7.5 |
2023-06-09 | CVE-2023-32731 | Grpc | Unspecified vulnerability in Grpc When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. | 7.5 |
2023-06-08 | CVE-2023-24535 | Protobuf | Out-of-bounds Read vulnerability in Protobuf 1.29.0 Parsing invalid messages can panic. | 7.5 |
2023-06-08 | CVE-2023-3163 | Ruoyi | SQL Injection vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.7. | 7.5 |
2023-06-08 | CVE-2023-33657 | Emqx | Use After Free vulnerability in Emqx Nanomq 0.17.2 A use-after-free vulnerability exists in NanoMQ 0.17.2. | 7.5 |
2023-06-08 | CVE-2023-33658 | Emqx | Out-of-bounds Write vulnerability in Emqx Nanomq 0.17.2 A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. | 7.5 |
2023-06-08 | CVE-2023-33660 | Emqx | Out-of-bounds Write vulnerability in Emqx Nanomq 0.17.2 A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. | 7.5 |
2023-06-07 | CVE-2023-29168 | PTC | Insufficiently Protected Credentials vulnerability in PTC Vuforia Studio The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. | 7.5 |
2023-06-07 | CVE-2023-1864 | Fanuc | Path Traversal vulnerability in Fanuc Roboguide Handlingpro Firmware FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software. | 7.5 |
2023-06-07 | CVE-2023-31115 | Samsung | Incorrect Resource Transfer Between Spheres vulnerability in Samsung Exynos 5123 Firmware and Exynos 5300 Firmware An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. | 7.5 |
2023-06-07 | CVE-2023-33510 | Jeecg P3 BIZ Chat Project | Exposure of Resource to Wrong Sphere vulnerability in Jeecg P3 BIZ Chat Project Jeecg P3 BIZ Chat 1.0.5 Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. | 7.5 |
2023-06-07 | CVE-2023-34109 | Zxcvbn TS Project | Resource Exhaustion vulnerability in Zxcvbn-Ts Project Zxcvbn-Ts zxcvbn-ts is an open source password strength estimator written in typescript. | 7.5 |
2023-06-07 | CVE-2023-0121 | Gitlab | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | 7.5 |
2023-06-07 | CVE-2023-2198 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 7.5 |
2023-06-07 | CVE-2023-2199 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 7.5 |
2023-06-07 | CVE-2023-20889 | Vmware | Command Injection vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | 7.5 |
2023-06-07 | CVE-2023-30575 | Apache | Incorrect Calculation of Buffer Size vulnerability in Apache Guacamole Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data. | 7.5 |
2023-06-07 | CVE-2020-36696 | Tychesoftwares | Missing Authorization vulnerability in Tychesoftwares Product Input Fields for Woocommerce The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. | 7.5 |
2023-06-07 | CVE-2020-36710 | Wpserveur | Incorrect Authorization vulnerability in Wpserveur WPS Hide Login The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2. | 7.5 |
2023-06-07 | CVE-2021-4340 | Stylemixthemes | SQL Injection vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
2023-06-07 | CVE-2021-4346 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. | 7.5 |
2023-06-06 | CVE-2023-33651 | Sitecore | Incorrect Authorization vulnerability in Sitecore products An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules. | 7.5 |
2023-06-06 | CVE-2023-34104 | Fast XML Parser Project | Unspecified vulnerability in Fast-Xml-Parser Project Fast-Xml-Parser fast-xml-parser is an open source, pure javascript xml parser. | 7.5 |
2023-06-06 | CVE-2023-2132 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 7.5 |
2023-06-06 | CVE-2023-31606 | Promptworks | Unspecified vulnerability in Promptworks Redcloth A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. | 7.5 |
2023-06-06 | CVE-2023-32549 | Canonical | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Canonical Landscape Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator. | 7.5 |
2023-06-06 | CVE-2023-33659 | Emqx | Out-of-bounds Write vulnerability in Emqx Nanomq 0.17.2 A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. | 7.5 |
2023-06-06 | CVE-2022-22060 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Assertion occurs while processing Reconfiguration message due to improper validation | 7.5 |
2023-06-06 | CVE-2022-33251 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS due to reachable assertion in Modem because of invalid network configuration. | 7.5 |
2023-06-06 | CVE-2022-40521 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Transient DOS due to improper authorization in Modem | 7.5 |
2023-06-06 | CVE-2022-40536 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | 7.5 |
2023-06-06 | CVE-2022-40538 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network. | 7.5 |
2023-06-06 | CVE-2023-21658 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS in WLAN Firmware while processing the received beacon or probe response frame. | 7.5 |
2023-06-06 | CVE-2023-21659 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS in WLAN Firmware while processing frames with missing header fields. | 7.5 |
2023-06-06 | CVE-2023-21660 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS in WLAN Firmware while parsing FT Information Elements. | 7.5 |
2023-06-06 | CVE-2023-21661 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS while parsing WLAN beacon or probe-response frame. | 7.5 |
2023-06-06 | CVE-2023-21669 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address. | 7.5 |
2023-06-06 | CVE-2018-25087 | Arborator Server Project | Improper Resource Shutdown or Release vulnerability in Arborator Server Project Arborator Server A vulnerability classified as problematic was found in Arborator Server. | 7.5 |
2023-06-05 | CVE-2013-10030 | Angrybyte | Information Exposure vulnerability in Angrybyte Wordpress Exit BOX Lite A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. | 7.5 |
2023-06-05 | CVE-2023-24510 | Arista | Improper Handling of Exceptional Conditions vulnerability in Arista EOS On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. | 7.5 |
2023-06-05 | CVE-2020-19028 | Emlog | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0 *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | 7.5 |
2023-06-05 | CVE-2023-31893 | Telefonica | Uncontrolled Recursion vulnerability in Telefonica Brasil Vivo Play Firmware 2023.04.04.01.06.15 Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. | 7.5 |
2023-06-05 | CVE-2023-34411 | XML Library Project | XXE vulnerability in XML Library Project XML Library The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. | 7.5 |
2023-06-05 | CVE-2023-34407 | Harbingergroup | Path Traversal vulnerability in Harbingergroup Office Player 4.0.6.0.2 OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. | 7.5 |
2023-06-05 | CVE-2023-22862 | IBM | Unprotected Transport of Credentials vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 7.5 |
2023-06-07 | CVE-2023-2904 | Hidglobal | Modification of Assumed-Immutable Data (MAID) vulnerability in Hidglobal Safe The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). | 7.3 |
2023-06-07 | CVE-2020-36716 | Wpwhitesecurity | Missing Authorization vulnerability in Wpwhitesecurity WP Activity LOG The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. | 7.3 |
2023-06-09 | CVE-2023-2454 | Postgresql Redhat Fedoraproject | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | 7.2 |
2023-06-09 | CVE-2023-2607 | Themeisle | Unspecified vulnerability in Themeisle multiple Page Generator The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
2023-06-09 | CVE-2023-1016 | Hijiriworld | Unspecified vulnerability in Hijiriworld Intuitive Custom Post Order The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values. | 7.2 |
2023-06-09 | CVE-2023-3172 | Froxlor | Path Traversal vulnerability in Froxlor Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | 7.2 |
2023-06-06 | CVE-2023-33569 | Faculty Evaluation System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Faculty Evaluation System Project Faculty Evaluation System 1.0 Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. | 7.2 |
2023-06-06 | CVE-2023-33381 | Mitrastar | OS Command Injection vulnerability in Mitrastar Gpt-2741Gnac Firmware Arg5.8110Wvn0B72 A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). | 7.2 |
2023-06-06 | CVE-2023-3120 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Service Provider Management System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. | 7.2 |
2023-06-06 | CVE-2023-22450 | Advantech | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | 7.2 |
2023-06-05 | CVE-2023-0900 | Wpdevart | Unspecified vulnerability in Wpdevart Pricing Table Builder 1.1.5/1.1.6 The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. | 7.2 |
2023-06-09 | CVE-2023-3141 | Linux Netapp Debian | Use After Free vulnerability in multiple products A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. | 7.1 |
2023-06-09 | CVE-2023-27706 | Bitwarden | Cleartext Storage of Sensitive Information vulnerability in Bitwarden Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. | 7.1 |
2023-06-07 | CVE-2020-36720 | Kaliforms | Missing Authorization vulnerability in Kaliforms Kali Forms The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. | 7.1 |
2023-06-05 | CVE-2023-3099 | Ubuntukylin | Unspecified vulnerability in Ubuntukylin Youker-Assistant A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. | 7.1 |
308 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-06-08 | CVE-2023-34567 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. | 6.7 |
2023-06-08 | CVE-2023-34568 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. | 6.7 |
2023-06-08 | CVE-2023-34569 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. | 6.7 |
2023-06-08 | CVE-2023-34570 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName. | 6.7 |
2023-06-08 | CVE-2023-34571 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet. | 6.7 |
2023-06-06 | CVE-2023-20712 | Linuxfoundation Linux | Out-of-bounds Write vulnerability in multiple products In wlan, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-06-06 | CVE-2023-20715 | Linuxfoundation Linux | Out-of-bounds Write vulnerability in multiple products In wlan, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-06-06 | CVE-2023-20716 | Linuxfoundation Linux | Out-of-bounds Write vulnerability in multiple products In wlan, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-06-06 | CVE-2023-20723 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 6.7 | |
2023-06-06 | CVE-2023-20724 | Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. | 6.7 | |
2023-06-06 | CVE-2023-20725 | Rdkcentral Openwrt | Out-of-bounds Write vulnerability in multiple products In preloader, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-06-06 | CVE-2023-20732 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In wlan, there is a possible out of bounds read due to a missing bounds check. | 6.7 |
2023-06-06 | CVE-2023-20733 | Linuxfoundation | Improper Locking vulnerability in multiple products In vcu, there is a possible use after free due to improper locking. | 6.7 |
2023-06-06 | CVE-2023-20734 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In vcu, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-06-06 | CVE-2023-20735 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In vcu, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-06-06 | CVE-2023-20737 | Linuxfoundation | Improper Locking vulnerability in multiple products In vcu, there is a possible use after free due to improper locking. | 6.7 |
2023-06-06 | CVE-2023-20738 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In vcu, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2023-06-06 | CVE-2023-20739 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In vcu, there is a possible memory corruption due to a logic error. | 6.7 | |
2023-06-06 | CVE-2023-20740 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In vcu, there is a possible memory corruption due to a logic error. | 6.7 |
2023-06-06 | CVE-2023-20743 | Linuxfoundation | Improper Locking vulnerability in multiple products In vcu, there is a possible out of bounds write due to improper locking. | 6.7 |
2023-06-06 | CVE-2023-20744 | Linuxfoundation | Use After Free vulnerability in multiple products In vcu, there is a possible use after free due to a logic error. | 6.7 |
2023-06-06 | CVE-2023-20745 | Linuxfoundation | Improper Locking vulnerability in multiple products In vcu, there is a possible out of bounds write due to improper locking. | 6.7 |
2023-06-06 | CVE-2023-20746 | Linuxfoundation | Improper Locking vulnerability in multiple products In vcu, there is a possible out of bounds write due to improper locking. | 6.7 |
2023-06-06 | CVE-2023-20749 | Out-of-bounds Write vulnerability in Google Android 13.0 In swpm, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-06-06 | CVE-2023-20751 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In keymange, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-06-06 | CVE-2023-20752 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0 In keymange, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2023-06-10 | CVE-2023-3188 | Owncast Project | Server-Side Request Forgery (SSRF) vulnerability in Owncast Project Owncast Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. | 6.5 |
2023-06-09 | CVE-2023-34100 | Contiki NG | Out-of-bounds Read vulnerability in Contiki-Ng Contiki-NG is an open-source, cross-platform operating system for IoT devices. | 6.5 |
2023-06-09 | CVE-2023-2599 | Miniorange | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2023-06-09 | CVE-2023-0688 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. | 6.5 |
2023-06-09 | CVE-2023-1615 | Themefic | Unspecified vulnerability in Themefic Ultimate Addons for Contact Form 7 The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. | 6.5 |
2023-06-09 | CVE-2023-1889 | Wpwax | Unspecified vulnerability in Wpwax Directorist The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. | 6.5 |
2023-06-08 | CVE-2023-32750 | Pydio | Server-Side Request Forgery (SSRF) vulnerability in Pydio Cells Pydio Cells through 4.1.2 allows SSRF. | 6.5 |
2023-06-08 | CVE-2023-34969 | Freedesktop Fedoraproject Debian | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. | 6.5 |
2023-06-07 | CVE-2023-33848 | IBM | Unspecified vulnerability in IBM Cics TX and Txseries for Multiplatforms IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. | 6.5 |
2023-06-07 | CVE-2021-4379 | Villatheme | Unspecified vulnerability in Villatheme Woocommerce Multi Currency 2.1.17 The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. | 6.5 |
2023-06-07 | CVE-2023-0666 | Wireshark Debian | Out-of-bounds Write vulnerability in multiple products Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | 6.5 |
2023-06-07 | CVE-2023-0667 | Wireshark | Out-of-bounds Write vulnerability in Wireshark Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark | 6.5 |
2023-06-07 | CVE-2023-0668 | Wireshark Debian | Out-of-bounds Write vulnerability in multiple products Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | 6.5 |
2023-06-07 | CVE-2020-36697 | Appsaloon | Missing Authorization vulnerability in Appsaloon WP Gdpr The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. | 6.5 |
2023-06-07 | CVE-2020-36721 | Machothemes Colorlib Cpothemes | Missing Authorization vulnerability in multiple products The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. | 6.5 |
2023-06-07 | CVE-2021-4347 | Zorem | Missing Authorization vulnerability in Zorem Advanced Shipment Tracking for Woocommerce The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. | 6.5 |
2023-06-07 | CVE-2021-4377 | Wobbie | Information Exposure vulnerability in Wobbie Doneren MET Mollie The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. | 6.5 |
2023-06-07 | CVE-2023-3125 | Webwizards | Unspecified vulnerability in Webwizards B2Bking 4.6.00 The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. | 6.5 |
2023-06-06 | CVE-2023-1621 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. | 6.5 |
2023-06-06 | CVE-2023-2253 | Redhat | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). | 6.5 |
2023-06-06 | CVE-2023-33477 | Harmonicinc | Missing Authorization vulnerability in Harmonicinc NSG 9000-6G Firmware In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. | 6.5 |
2023-06-06 | CVE-2023-22833 | Palantir | Incorrect Authorization vulnerability in Palantir Foundry Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances. | 6.5 |
2023-06-06 | CVE-2023-33958 | Notaryproject | Resource Exhaustion vulnerability in Notaryproject Notation-Go notation is a CLI tool to sign and verify OCI artifacts and container images. | 6.5 |
2023-06-06 | CVE-2023-30948 | Palantir | Missing Authorization vulnerability in Palantir Foundry Comments A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. | 6.5 |
2023-06-06 | CVE-2023-33460 | Yajl Project Fedoraproject Debian | Memory Leak vulnerability in multiple products There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. | 6.5 |
2023-06-05 | CVE-2023-33409 | Minical | Cross-Site Request Forgery (CSRF) vulnerability in Minical 1.0.0 Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. | 6.5 |
2023-06-05 | CVE-2023-33956 | Kanboard | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard Kanboard is open source project management software that focuses on the Kanban methodology. | 6.5 |
2023-06-05 | CVE-2023-33970 | Kanboard | Missing Authorization vulnerability in Kanboard Kanboard is open source project management software that focuses on the Kanban methodology. | 6.5 |
2023-06-05 | CVE-2023-33690 | Sonicjs | Path Traversal vulnerability in Sonicjs SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | 6.5 |
2023-06-05 | CVE-2023-27989 | Zyxel | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | 6.5 |
2023-06-06 | CVE-2023-2183 | Grafana | Missing Authorization vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 6.4 |
2023-06-06 | CVE-2023-20736 | Linuxfoundation | Out-of-bounds Write vulnerability in multiple products In vcu, there is a possible out of bounds write due to a race condition. | 6.4 |
2023-06-11 | CVE-2023-22582 | Danfoss | Cross-site Scripting vulnerability in Danfoss Ak-Em100 Firmware The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. | 6.1 |
2023-06-11 | CVE-2023-22585 | Danfoss | Cross-site Scripting vulnerability in Danfoss Ak-Em100 Firmware The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. | 6.1 |
2023-06-09 | CVE-2023-26465 | Pega | Cross-site Scripting vulnerability in Pega Platform Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | 6.1 |
2023-06-09 | CVE-2023-29713 | Vadesecure | Cross-site Scripting vulnerability in Vadesecure Secure Gateway Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. | 6.1 |
2023-06-09 | CVE-2023-29714 | Vadesecure | Cross-site Scripting vulnerability in Vadesecure Secure Gateway Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. | 6.1 |
2023-06-09 | CVE-2023-29712 | Vadesecure | Cross-site Scripting vulnerability in Vadesecure Secure Gateway Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. | 6.1 |
2023-06-09 | CVE-2023-34245 | Udecode | Cross-site Scripting vulnerability in Udecode Plate @udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. | 6.1 |
2023-06-09 | CVE-2023-1978 | Plainware | Unspecified vulnerability in Plainware Shiftcontroller The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-09 | CVE-2023-2184 | I13Websolution | Unspecified vulnerability in I13Websolution WP Responsive Tabs The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-09 | CVE-2023-2289 | I13Websolution | Unspecified vulnerability in I13Websolution Wordpress Vertical Image Slider The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-09 | CVE-2023-2402 | I13Websolution | Unspecified vulnerability in I13Websolution Photo Gallery Slideshow & Masonry Tiled Gallery The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-09 | CVE-2023-2604 | I13Websolution | Unspecified vulnerability in I13Websolution Team Circle Image Slider With Lightbox The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-09 | CVE-2023-0992 | Getshieldsecurity | Cross-site Scripting vulnerability in Getshieldsecurity Shield Security The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. | 6.1 |
2023-06-08 | CVE-2023-34961 | Chamilo | Cross-site Scripting vulnerability in Chamilo LMS Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. | 6.1 |
2023-06-08 | CVE-2023-3165 | Janobe | Cross-site Scripting vulnerability in Janobe Life Insurance Management System 1.0 A vulnerability was found in SourceCodester Life Insurance Management System 1.0. | 6.1 |
2023-06-07 | CVE-2023-29345 | Microsoft | Cross-site Scripting vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 6.1 |
2023-06-07 | CVE-2023-2015 | Gitlab | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 6.1 |
2023-06-07 | CVE-2021-46889 | 10Web | Cross-site Scripting vulnerability in 10Web Photo Gallery The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. | 6.1 |
2023-06-07 | CVE-2019-25140 | Wpshopmart | Cross-site Scripting vulnerability in Wpshopmart Coming Soon Page & Maintenance Mode The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-07 | CVE-2019-25144 | Codemiq | Cross-site Scripting vulnerability in Codemiq WP Html Mail The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. | 6.1 |
2023-06-07 | CVE-2019-25145 | Wpforms | Cross-site Scripting vulnerability in Wpforms Contact Form 1.5.9 The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-07 | CVE-2019-25146 | Delucks | Cross-site Scripting vulnerability in Delucks SEO The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-07 | CVE-2019-25147 | Prettylinks | Cross-site Scripting vulnerability in Prettylinks Pretty Links The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. | 6.1 |
2023-06-07 | CVE-2019-25148 | Codemiq | Cross-site Scripting vulnerability in Codemiq WP Html Mail The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. | 6.1 |
2023-06-07 | CVE-2020-36731 | Wpdesk | Cross-site Scripting vulnerability in Wpdesk Flexible Checkout Fields for Woocommerce The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. | 6.1 |
2023-06-07 | CVE-2021-4348 | Createit | Open Redirect vulnerability in Createit Ultimate Gdpr & Ccpa Compliance Toolkit The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. | 6.1 |
2023-06-07 | CVE-2021-4358 | Legalweb | Cross-site Scripting vulnerability in Legalweb WP Dsgvo Tools The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-07 | CVE-2021-4363 | Webdevocean | Cross-site Scripting vulnerability in Webdevocean WP Quick Frontend Editor The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'save_content_front' function that uses print_r on the user-supplied $_REQUEST values . | 6.1 |
2023-06-07 | CVE-2021-4365 | Najeebmedia | Cross-site Scripting vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. | 6.1 |
2023-06-07 | CVE-2021-4372 | Rightpress | Cross-site Scripting vulnerability in Rightpress Woocommerce Dynamic Pricing and Discounts The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. | 6.1 |
2023-06-06 | CVE-2023-32551 | Canonical | Open Redirect vulnerability in Canonical Landscape Landscape allowed URLs which caused open redirection. | 6.1 |
2023-06-06 | CVE-2015-10117 | Webaware | Cross-site Scripting vulnerability in Webaware GF Windcave Free A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. | 6.1 |
2023-06-06 | CVE-2017-20185 | Server WEB Monitor Page Project | Cross-site Scripting vulnerability in Server web Monitor Page Project Server web Monitor Page ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. | 6.1 |
2023-06-05 | CVE-2015-10115 | Woocommerce | Open Redirect vulnerability in Woocommerce Sidebar Manager to Woosidebars Converter A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. | 6.1 |
2023-06-05 | CVE-2015-10113 | Woocommerce | Open Redirect vulnerability in Woocommerce Wooframework Tweaks 1.0.0/1.0.1 A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. | 6.1 |
2023-06-05 | CVE-2015-10114 | Woocommerce | Open Redirect vulnerability in Woocommerce Woosidebars A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. | 6.1 |
2023-06-05 | CVE-2023-32766 | Gitpod | Cross-site Scripting vulnerability in Gitpod Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). | 6.1 |
2023-06-05 | CVE-2023-2337 | Convertkit | Unspecified vulnerability in Convertkit - Email Marketing, Email Newsletter and Landing Pages The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-06-05 | CVE-2023-2472 | Brevo | Unspecified vulnerability in Brevo Newsletter, Smtp, Email Marketing and Subscribe The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-06-05 | CVE-2023-2488 | Trumani | Unspecified vulnerability in Trumani Stop Spammers The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-06-05 | CVE-2023-2503 | 10Web | Unspecified vulnerability in 10Web Social Post Feed The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-06-05 | CVE-2023-2571 | AYS PRO | Unspecified vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-06-05 | CVE-2023-2572 | AYS PRO | Unspecified vulnerability in Ays-Pro Survey Maker The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-06-05 | CVE-2015-10112 | Woocommerce | Open Redirect vulnerability in Woocommerce Wooframework Branding A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. | 6.1 |
2023-06-05 | CVE-2014-125105 | Managewp | Cross-site Scripting vulnerability in Managewp Broken Link Checker A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. | 6.1 |
2023-06-09 | CVE-2023-34363 | Progress | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. | 5.9 |
2023-06-05 | CVE-2023-27861 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Maximo Application Suite 8.8.0/8.9.0 IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. | 5.9 |
2023-06-06 | CVE-2023-33684 | Dbbroadcast | Unspecified vulnerability in Dbbroadcast SFT DAB 600/C Bios and SFT DAB 600/C Firmware Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol. | 5.7 |
2023-06-06 | CVE-2023-33957 | Notaryproject | Resource Exhaustion vulnerability in Notaryproject Notation-Go notation is a CLI tool to sign and verify OCI artifacts and container images. | 5.7 |
2023-06-09 | CVE-2023-29751 | Yandex | Unspecified vulnerability in Yandex Navigator 6.60 An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 5.5 |
2023-06-09 | CVE-2023-29753 | Ekatox | Unspecified vulnerability in Ekatox Facemoji:Emoji Keyboard&Ask AI 2.9.1.2 An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. | 5.5 |
2023-06-09 | CVE-2023-29756 | Urbanandroid | Unspecified vulnerability in Urbanandroid Twilight 13.3 An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 5.5 |
2023-06-09 | CVE-2023-29758 | Leap | Unspecified vulnerability in Leap Blue Light Filter 1.5.5 An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 5.5 |
2023-06-09 | CVE-2023-29759 | Flightaware | Unspecified vulnerability in Flightaware 5.8.0 An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files. | 5.5 |
2023-06-09 | CVE-2023-29761 | Urbanandroid | Unspecified vulnerability in Urbanandroid Sleep 20230303 An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 5.5 |
2023-06-09 | CVE-2023-29767 | Appcrossx | Resource Exhaustion vulnerability in Appcrossx Crossx 1.15.3 An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. | 5.5 |
2023-06-09 | CVE-2023-2767 | Iptanus | Cross-site Scripting vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. | 5.5 |
2023-06-07 | CVE-2023-33283 | Marvalglobal | Inadequate Encryption Strength vulnerability in Marvalglobal MSM Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. | 5.5 |
2023-06-07 | CVE-2023-33595 | Python | Use After Free vulnerability in Python 3.12.0 CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | 5.5 |
2023-06-07 | CVE-2023-2878 | Kubernetes | Information Exposure Through Log Files vulnerability in Kubernetes Secrets-Store-Csi-Driver Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | 5.5 |
2023-06-07 | CVE-2022-31693 | Vmware | Unspecified vulnerability in VMWare Tools VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. | 5.5 |
2023-06-06 | CVE-2023-2157 | Imagemagick | Out-of-bounds Write vulnerability in Imagemagick A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. | 5.5 |
2023-06-06 | CVE-2023-33613 | Axtls Project | Out-of-bounds Write vulnerability in Axtls Project Axtls 2.1.5 axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. | 5.5 |
2023-06-06 | CVE-2022-22076 | Qualcomm | Unspecified vulnerability in Qualcomm products information disclosure due to cryptographic issue in Core during RPMB read request. | 5.5 |
2023-06-06 | CVE-2022-33303 | Qualcomm | Resource Exhaustion vulnerability in Qualcomm products Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue. | 5.5 |
2023-06-06 | CVE-2022-40523 | Qualcomm | Exposure of Resource to Wrong Sphere vulnerability in Qualcomm products Information disclosure in Kernel due to indirect branch misprediction. | 5.5 |
2023-06-06 | CVE-2022-40525 | Qualcomm | Exposure of Resource to Wrong Sphere vulnerability in Qualcomm products Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis. | 5.5 |
2023-06-06 | CVE-2022-40533 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request. | 5.5 |
2023-06-06 | CVE-2022-48391 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48440 | Missing Authorization vulnerability in Google Android In dialer service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48441 | Missing Authorization vulnerability in Google Android In dialer service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48442 | Missing Authorization vulnerability in Google Android In dialer service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48443 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48444 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48445 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48446 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48447 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2022-48448 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In telephony service, there is a possible missing permission check. | 5.5 | |
2023-06-06 | CVE-2023-30865 | Missing Authorization vulnerability in Google Android In dialer service, there is a missing permission check. | 5.5 | |
2023-06-06 | CVE-2023-30866 | Missing Authorization vulnerability in Google Android 10.0 In telephony service, there is a missing permission check. | 5.5 | |
2023-06-06 | CVE-2023-30914 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In email service, there is a missing permission check. | 5.5 | |
2023-06-06 | CVE-2023-30915 | Missing Authorization vulnerability in Google Android 10.0/11.0/12.0 In email service, there is a missing permission check. | 5.5 | |
2023-06-05 | CVE-2023-33693 | Tsingsee | Out-of-bounds Write vulnerability in Tsingsee Easyplayerpro A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file. | 5.5 |
2023-06-11 | CVE-2023-3192 | Froxlor | Session Fixation vulnerability in Froxlor Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0. | 5.4 |
2023-06-10 | CVE-2023-3191 | Teampass | Cross-site Scripting vulnerability in Teampass Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 5.4 |
2023-06-09 | CVE-2023-3187 | Teachers Record Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Teachers Record Management System Project Teachers Record Management System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. | 5.4 |
2023-06-09 | CVE-2023-34856 | Dlink | Cross-site Scripting vulnerability in Dlink Di-7500G-Ci Firmware 19.05.29A A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. | 5.4 |
2023-06-09 | CVE-2023-2455 | Postgresql Redhat Fedoraproject | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. | 5.4 |
2023-06-09 | CVE-2023-2121 | Hashicorp | Cross-site Scripting vulnerability in Hashicorp Vault Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. | 5.4 |
2023-06-09 | CVE-2023-3183 | Performance Indicator System Project | Cross-site Scripting vulnerability in Performance Indicator System Project Performance Indicator System 1.0 A vulnerability was found in SourceCodester Performance Indicator System 1.0. | 5.4 |
2023-06-09 | CVE-2023-2031 | Plainware | Unspecified vulnerability in Plainware Locatoraid The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-06-09 | CVE-2023-2067 | Bulletin | Unspecified vulnerability in Bulletin Announcement & Notification Banner - Bulletin 3.6.0/3.7.0 The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions in versions up to, and including, 3.7.0. | 5.4 |
2023-06-09 | CVE-2023-2275 | Wclovers | Unspecified vulnerability in Wclovers Woocommerce Multivendor Marketplace The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. | 5.4 |
2023-06-09 | CVE-2023-2305 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-06-09 | CVE-2023-2526 | Supsystic | Unspecified vulnerability in Supsystic Easy Google Maps The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. | 5.4 |
2023-06-09 | CVE-2023-2558 | Pluginus | Unspecified vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-06-09 | CVE-2023-0695 | Wpmet | Cross-site Scripting vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. | 5.4 |
2023-06-09 | CVE-2023-0708 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. | 5.4 |
2023-06-09 | CVE-2023-0709 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. | 5.4 |
2023-06-09 | CVE-2023-0710 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. | 5.4 |
2023-06-09 | CVE-2023-1403 | Weavertheme | Unspecified vulnerability in Weavertheme Weaver Xtreme Theme 5.0.7 The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. | 5.4 |
2023-06-09 | CVE-2023-1404 | Weavertheme | Unspecified vulnerability in Weavertheme Weaver Show Posts The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. | 5.4 |
2023-06-09 | CVE-2023-1917 | Blubrry | Unspecified vulnerability in Blubrry Powerpress The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-06-08 | CVE-2023-32751 | Pydio | Cross-site Scripting vulnerability in Pydio Cells Pydio Cells through 4.1.2 allows XSS. | 5.4 |
2023-06-08 | CVE-2023-23480 | IBM | Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. | 5.4 |
2023-06-08 | CVE-2023-23481 | IBM | Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. | 5.4 |
2023-06-08 | CVE-2023-33846 | IBM | Cross-site Scripting vulnerability in IBM Cics TX and Txseries for Multiplatform IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. | 5.4 |
2023-06-07 | CVE-2023-2442 | Gitlab | Cross-site Scripting vulnerability in Gitlab 15.11.0/15.11.2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 5.4 |
2023-06-07 | CVE-2023-3142 | Microweber | Cross-site Scripting vulnerability in Microweber Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | 5.4 |
2023-06-07 | CVE-2023-3143 | Online Discussion Forum Site Project | Cross-site Scripting vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. | 5.4 |
2023-06-07 | CVE-2023-3144 | Online Discussion Forum Site Project | Cross-site Scripting vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. | 5.4 |
2023-06-07 | CVE-2020-36703 | Elementor | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts. | 5.4 |
2023-06-07 | CVE-2020-36704 | Fruitfulcode | Cross-site Scripting vulnerability in Fruitfulcode Fruitful Theme The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. | 5.4 |
2023-06-07 | CVE-2020-36711 | Theme Fusion | Cross-site Scripting vulnerability in Theme-Fusion Avada The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. | 5.4 |
2023-06-07 | CVE-2021-4338 | Duckdev | Missing Authorization vulnerability in Duckdev 404 to 301 The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. | 5.4 |
2023-06-07 | CVE-2021-4344 | Najeebmedia | Unspecified vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. | 5.4 |
2023-06-07 | CVE-2021-4367 | Flothemes | Cross-site Scripting vulnerability in Flothemes FLO Forms The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. | 5.4 |
2023-06-07 | CVE-2021-4378 | Webdevocean | Cross-site Scripting vulnerability in Webdevocean WP Quick Frontend Editor The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. | 5.4 |
2023-06-06 | CVE-2023-32682 | Matrix | Improper Authentication vulnerability in Matrix Synapse Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. | 5.4 |
2023-06-06 | CVE-2023-32683 | Matrix | Incorrect Authorization vulnerability in Matrix Synapse Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. | 5.4 |
2023-06-06 | CVE-2023-33977 | Kiwitcms | Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS is an open source test management system for both manual and automated testing. | 5.4 |
2023-06-06 | CVE-2022-46165 | Syncthing | Cross-site Scripting vulnerability in Syncthing Syncthing is an open source, continuous file synchronization program. | 5.4 |
2023-06-05 | CVE-2023-34103 | Avohq | Cross-site Scripting vulnerability in Avohq AVO Avo is an open source ruby on rails admin panel creation framework. | 5.4 |
2023-06-05 | CVE-2023-33408 | Minical | Cross-site Scripting vulnerability in Minical 1.0.0 Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
2023-06-05 | CVE-2023-33968 | Kanboard | Missing Authorization vulnerability in Kanboard Kanboard is open source project management software that focuses on the Kanban methodology. | 5.4 |
2023-06-05 | CVE-2023-33969 | Kanboard | Cross-site Scripting vulnerability in Kanboard Kanboard is open source project management software that focuses on the Kanban methodology. | 5.4 |
2023-06-05 | CVE-2023-3109 | Admidio | Cross-site Scripting vulnerability in Admidio Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. | 5.4 |
2023-06-05 | CVE-2022-4946 | Accesspressthemes | Unspecified vulnerability in Accesspressthemes Frontend Post Wordpress Plugin 2.8.4 The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. | 5.4 |
2023-06-05 | CVE-2023-0152 | Wpexperts | Unspecified vulnerability in Wpexperts WP Multi Store Locator 2.4 The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-06-05 | CVE-2023-34408 | Dokuwiki | Cross-site Scripting vulnerability in Dokuwiki DokuWiki before 2023-04-04a allows XSS via RSS titles. | 5.4 |
2023-06-11 | CVE-2023-25912 | Danfoss | Information Exposure vulnerability in Danfoss Ak-Em100 Firmware The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values. | 5.3 |
2023-06-09 | CVE-2023-32312 | Umbraco | Unspecified vulnerability in Umbraco Identity Extensibility 1.0.0/1.0.1/2.0.0 UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. | 5.3 |
2023-06-09 | CVE-2023-32732 | Grpc Fedoraproject | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. | 5.3 |
2023-06-09 | CVE-2023-0342 | Mongodb | Unspecified vulnerability in Mongodb OPS Manager Server MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. | 5.3 |
2023-06-09 | CVE-2023-2897 | Brizy | Insufficient Verification of Data Authenticity vulnerability in Brizy The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. | 5.3 |
2023-06-09 | CVE-2023-2159 | Niteothemes | Unspecified vulnerability in Niteothemes CMP The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. | 5.3 |
2023-06-09 | CVE-2023-2280 | Wpdirectorykit | Unspecified vulnerability in Wpdirectorykit WP Directory KIT The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. | 5.3 |
2023-06-09 | CVE-2023-1843 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. | 5.3 |
2023-06-08 | CVE-2023-34243 | Tgstation13 | Improper Restriction of Excessive Authentication Attempts vulnerability in Tgstation13 Tgstation-Server TGstation is a toolset to manage production BYOND servers. | 5.3 |
2023-06-08 | CVE-2023-34959 | Chamilo | Server-Side Request Forgery (SSRF) vulnerability in Chamilo LMS An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools. | 5.3 |
2023-06-08 | CVE-2023-34238 | Gatsbyjs | Unspecified vulnerability in Gatsbyjs Gatsby Gatsby is a free and open source framework based on React. | 5.3 |
2023-06-07 | CVE-2023-34234 | Openzeppelin | Unspecified vulnerability in Openzeppelin Contracts and Contracts Upgradeable OpenZeppelin Contracts is a library for smart contract development. | 5.3 |
2023-06-07 | CVE-2023-2589 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 5.3 |
2023-06-07 | CVE-2023-2541 | Knime | Unspecified vulnerability in Knime Business HUB The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. | 5.3 |
2023-06-07 | CVE-2023-2187 | Trianglemicroworks | Unspecified vulnerability in Trianglemicroworks Scada Data Gateway On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event". | 5.3 |
2023-06-07 | CVE-2019-25139 | Wpshopmart | Missing Authorization vulnerability in Wpshopmart Coming Soon Page & Maintenance Mode The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset. | 5.3 |
2023-06-07 | CVE-2020-36712 | Kaliforms | Missing Authorization vulnerability in Kaliforms Kali Forms The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. | 5.3 |
2023-06-07 | CVE-2020-36723 | Cridio | Unspecified vulnerability in Cridio Listingpro The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. | 5.3 |
2023-06-07 | CVE-2021-4339 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. | 5.3 |
2023-06-07 | CVE-2021-4345 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. | 5.3 |
2023-06-07 | CVE-2021-4350 | Najeebmedia | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. | 5.3 |
2023-06-07 | CVE-2021-4351 | Najeebmedia | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. | 5.3 |
2023-06-07 | CVE-2021-4352 | Eyecix | Incorrect Authorization vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4 The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. | 5.3 |
2023-06-07 | CVE-2021-4355 | Collne | Missing Authorization vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. | 5.3 |
2023-06-07 | CVE-2021-4357 | Stylemixthemes | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. | 5.3 |
2023-06-07 | CVE-2021-4359 | Najeebmedia | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. | 5.3 |
2023-06-07 | CVE-2021-4369 | Najeebmedia | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. | 5.3 |
2023-06-06 | CVE-2023-2801 | Grafana | Improper Synchronization vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 5.3 |
2023-06-05 | CVE-2023-33524 | Advent | Path Traversal vulnerability in Advent Tamale RMS Advent/SSC Inc. | 5.3 |
2023-06-05 | CVE-2023-33518 | Emoncms | Exposure of Resource to Wrong Sphere vulnerability in Emoncms 11.0 emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request. | 5.3 |
2023-06-05 | CVE-2023-3064 | Mobatime | Insecure Storage of Sensitive Information vulnerability in Mobatime Amxgt 100 Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | 5.3 |
2023-06-05 | CVE-2023-34410 | QT | Improper Certificate Validation vulnerability in QT An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. | 5.3 |
2023-06-05 | CVE-2023-32334 | IBM | Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. | 5.3 |
2023-06-09 | CVE-2023-2484 | Miniorange | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
2023-06-09 | CVE-2023-2688 | Iptanus | Unspecified vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. | 4.9 |
2023-06-07 | CVE-2023-2485 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 4.9 |
2023-06-09 | CVE-2023-3184 | Sales Tracker Management System Project | Cross-site Scripting vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0 A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. | 4.8 |
2023-06-09 | CVE-2023-2584 | Pixelyoursite | Unspecified vulnerability in Pixelyoursite and Pixelyoursite PRO The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. | 4.8 |
2023-06-07 | CVE-2020-36709 | King Theme | Cross-site Scripting vulnerability in King-Theme Page Builder Kingcomposer The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. | 4.8 |
2023-06-07 | CVE-2020-36722 | Visualcomposer | Cross-site Scripting vulnerability in Visualcomposer Visual Composer Website Builder The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. | 4.8 |
2023-06-05 | CVE-2023-0545 | Kibokolabs | Unspecified vulnerability in Kibokolabs Hostel The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-06-05 | CVE-2023-2224 | 10Web | Cross-site Scripting vulnerability in 10Web SEO The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-06-05 | CVE-2023-2489 | Trumani | Unspecified vulnerability in Trumani Stop Spammers The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-06-05 | CVE-2023-2634 | Punchcreative | Unspecified vulnerability in Punchcreative GET Your Number 1.1.3 The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2023-06-10 | CVE-2023-3190 | Teampass | Improper Encoding or Escaping of Output vulnerability in Teampass Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 4.6 |
2023-06-07 | CVE-2020-36715 | Xootix | Missing Authorization vulnerability in Xootix Login/Signup Popup The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. | 4.6 |
2023-06-06 | CVE-2023-27126 | TP Link | Insufficiently Protected Credentials vulnerability in Tp-Link Tapo C200 Firmware 1.2.2 The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. | 4.6 |
2023-06-06 | CVE-2023-3121 | Dahuasecurity | Server-Side Request Forgery (SSRF) vulnerability in Dahuasecurity Smart Parking Management A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. | 4.6 |
2023-06-09 | CVE-2023-2450 | Fibosearch | Unspecified vulnerability in Fibosearch The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. | 4.4 |
2023-06-09 | CVE-2023-2452 | Advanced WOO Search | Cross-site Scripting vulnerability in Advanced-Woo-Search Advanced WOO Search The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. | 4.4 |
2023-06-06 | CVE-2023-20728 | Linuxfoundation | Out-of-bounds Read vulnerability in multiple products In wlan, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
2023-06-06 | CVE-2023-20729 | Linuxfoundation | Out-of-bounds Read vulnerability in multiple products In wlan, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
2023-06-06 | CVE-2023-20730 | Linuxfoundation | Out-of-bounds Read vulnerability in multiple products In wlan, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
2023-06-06 | CVE-2023-20731 | Linuxfoundation | Out-of-bounds Read vulnerability in multiple products In wlan, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
2023-06-06 | CVE-2023-20741 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-06-06 | CVE-2023-20742 | Out-of-bounds Read vulnerability in Google Android 12.0/13.0 In ril, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2023-06-06 | CVE-2023-20747 | Linuxfoundation | Type Confusion vulnerability in multiple products In vcu, there is a possible memory corruption due to type confusion. | 4.4 |
2023-06-06 | CVE-2023-20727 | Linuxfoundation | Out-of-bounds Read vulnerability in multiple products In wlan, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
2023-06-06 | CVE-2022-48438 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-06-06 | CVE-2022-48439 | Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0 In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. | 4.4 | |
2023-06-09 | CVE-2023-2261 | Wpwhitesecurity | Unspecified vulnerability in Wpwhitesecurity WP Activity LOG 4.5.0 The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. | 4.3 |
2023-06-09 | CVE-2023-2284 | Wpwhitesecurity | Unspecified vulnerability in Wpwhitesecurity WP Activity LOG 4.5.0 The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. | 4.3 |
2023-06-09 | CVE-2023-2285 | Wpwhitesecurity | Unspecified vulnerability in Wpwhitesecurity WP Activity LOG 4.5.0 The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. | 4.3 |
2023-06-09 | CVE-2023-2286 | Wpwhitesecurity | Cross-Site Request Forgery (CSRF) vulnerability in Wpwhitesecurity WP Activity LOG The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. | 4.3 |
2023-06-09 | CVE-2023-2892 | Wpeasycart | Unspecified vulnerability in Wpeasycart WP Easycart The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. | 4.3 |
2023-06-09 | CVE-2023-2893 | Wpeasycart | Unspecified vulnerability in Wpeasycart WP Easycart The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. | 4.3 |
2023-06-09 | CVE-2023-2894 | Wpeasycart | Unspecified vulnerability in Wpeasycart WP Easycart The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. | 4.3 |
2023-06-09 | CVE-2023-2895 | Wpeasycart | Unspecified vulnerability in Wpeasycart WP Easycart The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. | 4.3 |
2023-06-09 | CVE-2023-2896 | Wpeasycart | Unspecified vulnerability in Wpeasycart WP Easycart The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. | 4.3 |
2023-06-09 | CVE-2023-2066 | Bulletin | Unspecified vulnerability in Bulletin Announcement & Notification Banner - Bulletin 3.6.0 The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0. | 4.3 |
2023-06-09 | CVE-2023-2083 | Wpdeveloper | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. | 4.3 |
2023-06-09 | CVE-2023-2084 | Wpdeveloper | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. | 4.3 |
2023-06-09 | CVE-2023-2085 | Wpdeveloper | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. | 4.3 |
2023-06-09 | CVE-2023-2086 | Wpdeveloper | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. | 4.3 |
2023-06-09 | CVE-2023-2087 | Wpdeveloper | Unspecified vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. | 4.3 |
2023-06-09 | CVE-2023-2189 | Staxwp | Missing Authorization vulnerability in Staxwp Stax The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. | 4.3 |
2023-06-09 | CVE-2023-2414 | Vcita | Missing Authorization vulnerability in Vcita Online Booking & Scheduling Calendar The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. | 4.3 |
2023-06-09 | CVE-2023-2555 | Pluginus | Unspecified vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. | 4.3 |
2023-06-09 | CVE-2023-2556 | Pluginus | Unspecified vulnerability in Pluginus Wordpress Currency Switcher The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. | 4.3 |
2023-06-09 | CVE-2023-2557 | Pluginus | Missing Authorization vulnerability in Pluginus Wordpress Currency Switcher Professional The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. | 4.3 |
2023-06-09 | CVE-2023-2764 | Nsqua | Unspecified vulnerability in Nsqua Draw Attention The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. | 4.3 |
2023-06-09 | CVE-2023-2891 | Wpeasycart | Unspecified vulnerability in Wpeasycart WP Easycart The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. | 4.3 |
2023-06-09 | CVE-2023-0691 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. | 4.3 |
2023-06-09 | CVE-2023-0692 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. | 4.3 |
2023-06-09 | CVE-2023-0693 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. | 4.3 |
2023-06-09 | CVE-2023-0694 | Wpmet | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. | 4.3 |
2023-06-09 | CVE-2023-0729 | Wickedplugins | Unspecified vulnerability in Wickedplugins Wicked Folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. | 4.3 |
2023-06-09 | CVE-2023-0831 | Webfactoryltd | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
2023-06-09 | CVE-2023-0832 | Webfactoryltd | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
2023-06-09 | CVE-2023-0993 | Getshieldsecurity | Unspecified vulnerability in Getshieldsecurity Shield Security The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. | 4.3 |
2023-06-09 | CVE-2023-1169 | Ooohboi Steroids FOR Elementor Project | Unspecified vulnerability in Ooohboi Steroids for Elementor Project Ooohboi Steroids for Elementor The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. | 4.3 |
2023-06-09 | CVE-2023-1375 | Wpfastestcache | Unspecified vulnerability in Wpfastestcache WP Fastest Cache The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . | 4.3 |
2023-06-09 | CVE-2023-1807 | Staxwp | Unspecified vulnerability in Staxwp Stax The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. | 4.3 |
2023-06-09 | CVE-2023-1910 | Motopress | Unspecified vulnerability in Motopress Getwid - Gutenberg Blocks 1.8.3 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. | 4.3 |
2023-06-08 | CVE-2023-29401 | GIN Gonic | Download of Code Without Integrity Check vulnerability in Gin-Gonic GIN The filename parameter of the Context.FileAttachment function is not properly sanitized. | 4.3 |
2023-06-08 | CVE-2023-34958 | Chamilo | Unspecified vulnerability in Chamilo LMS Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. | 4.3 |
2023-06-07 | CVE-2023-29502 | PTC | Path Traversal vulnerability in PTC Vuforia Studio Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | 4.3 |
2023-06-07 | CVE-2023-0508 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 4.3 |
2023-06-07 | CVE-2023-1825 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 4.3 |
2023-06-07 | CVE-2023-2001 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 4.3 |
2023-06-07 | CVE-2023-2013 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. | 4.3 |
2023-06-07 | CVE-2023-3140 | Knime | Improper Restriction of Rendered UI Layers or Frames vulnerability in Knime Business HUB Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. | 4.3 |
2023-06-07 | CVE-2019-25143 | Mooveagency | Missing Authorization vulnerability in Mooveagency Gdpr Cookie Compliance The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. | 4.3 |
2023-06-07 | CVE-2019-25149 | Robogallery | Unspecified vulnerability in Robogallery Gallery Images APE The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. | 4.3 |
2023-06-07 | CVE-2019-25151 | Cartflows | Improper Privilege Management vulnerability in Cartflows The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. | 4.3 |
2023-06-07 | CVE-2020-36699 | Quick Page Post Redirect Project | Missing Authorization vulnerability in Quick Page/Post Redirect Project Quick Page/Post Redirect The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. | 4.3 |
2023-06-07 | CVE-2020-36702 | Brainstormforce | Missing Authorization vulnerability in Brainstormforce Spectra The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. | 4.3 |
2023-06-07 | CVE-2020-36729 | 2Joomla | Missing Authorization vulnerability in 2Joomla 2J Slideshow The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. | 4.3 |
2023-06-07 | CVE-2021-4364 | Eyecix | Missing Authorization vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4 The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. | 4.3 |
2023-06-07 | CVE-2021-4366 | Magazine3 | Missing Authorization vulnerability in Magazine3 PWA for WP & AMP The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. | 4.3 |
2023-06-07 | CVE-2021-4371 | Pluginmirror | Missing Authorization vulnerability in Pluginmirror WP Quick Frontend Editor The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. | 4.3 |
2023-06-07 | CVE-2021-4373 | Webberzone | Cross-Site Request Forgery (CSRF) vulnerability in Webberzone Better Search The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. | 4.3 |
2023-06-07 | CVE-2021-4375 | Collne | Missing Authorization vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. | 4.3 |
2023-06-07 | CVE-2021-4376 | Palscode | Missing Authorization vulnerability in Palscode Woocommerce Multi Currency The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. | 4.3 |
2023-06-07 | CVE-2021-4383 | Webdevocean | Missing Authorization vulnerability in Webdevocean WP Quick Frontend Editor The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. | 4.3 |
2023-06-07 | CVE-2022-4948 | Flying Press | Missing Authorization vulnerability in Flying-Press Flyingpress The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. | 4.3 |
2023-06-07 | CVE-2023-3126 | Webwizards | Unspecified vulnerability in Webwizards B2Bking 4.6.00 The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. | 4.3 |
2023-06-06 | CVE-2023-0921 | Gitlab | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | 4.3 |
2023-06-06 | CVE-2023-1779 | Mbconnectline | Incorrect Authorization vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information. | 4.3 |
2023-06-06 | CVE-2023-20750 | Out-of-bounds Write vulnerability in Google Android 13.0 In swpm, there is a possible out of bounds write due to a race condition. | 4.1 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-06-09 | CVE-2023-1430 | Wpmanageninja | Unspecified vulnerability in Wpmanageninja Fluentcrm The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. | 3.7 |
2023-06-07 | CVE-2023-33849 | IBM | Missing Encryption of Sensitive Data vulnerability in IBM Cics TX and Txseries for Multiplatforms IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. | 3.7 |
2023-06-07 | CVE-2023-24476 | PTC | Unspecified vulnerability in PTC Vuforia Studio An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | 3.3 |
2023-06-06 | CVE-2023-2602 | Libcap Project Redhat Debian Fedoraproject | Memory Leak vulnerability in multiple products A vulnerability was found in the pthread_create() function in libcap. | 3.3 |
2023-06-06 | CVE-2023-2961 | Advancemame | Unspecified vulnerability in Advancemame Advancecomp A segmentation fault flaw was found in the Advancecomp package. | 3.3 |
2023-06-08 | CVE-2023-33847 | IBM | Unspecified vulnerability in IBM Cics TX and Txseries for Multiplatform IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. | 3.1 |