Weekly Vulnerabilities Reports > June 5 to 11, 2023

Overview

578 new vulnerabilities reported during this period, including 66 critical vulnerabilities and 198 high severity vulnerabilities. This weekly summary report vulnerabilities in 959 products from 275 vendors including Google, Qualcomm, Linuxfoundation, Gitlab, and IBM. Vulnerabilities are notably categorized as "Missing Authorization", "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", and "SQL Injection".

  • 438 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 137 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 276 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 52 reported vulnerabilities.
  • Stylemixthemes has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

66 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-07 CVE-2023-27881 PTC Unrestricted Upload of File with Dangerous Type vulnerability in PTC Vuforia Studio

A user could use the “Upload Resource” functionality to upload files to any location on the disk.

9.9
2023-06-11 CVE-2023-22583 Danfoss SQL Injection vulnerability in Danfoss Ak-Em100 Firmware

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

9.8
2023-06-11 CVE-2023-25911 Danfoss Command Injection vulnerability in Danfoss Ak-Em100 Firmware

The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.

9.8
2023-06-09 CVE-2023-34364 Progress Out-of-bounds Write vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle.

9.8
2023-06-09 CVE-2023-3173 Froxlor Improper Restriction of Excessive Authentication Attempts vulnerability in Froxlor

Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.

9.8
2023-06-08 CVE-2023-0954 Johnsoncontrols Unspecified vulnerability in Johnsoncontrols products

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.

9.8
2023-06-08 CVE-2023-29402 Golang
Fedoraproject
Code Injection vulnerability in multiple products

The go command may generate unexpected code at build time when using cgo.

9.8
2023-06-08 CVE-2023-29404 Golang
Fedoraproject
Code Injection vulnerability in multiple products

The go command may execute arbitrary code at build time when using cgo.

9.8
2023-06-08 CVE-2023-29405 Golang
Fedoraproject
Injection vulnerability in multiple products

The go command may execute arbitrary code at build time when using cgo.

9.8
2023-06-08 CVE-2023-34566 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.

9.8
2023-06-08 CVE-2023-33443 Besder Unspecified vulnerability in Besder Videoplaytool 2.0.1.0

Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints.

9.8
2023-06-08 CVE-2023-2986 Tychesoftwares Unspecified vulnerability in Tychesoftwares Abandoned Cart Lite for Woocommerce

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2.

9.8
2023-06-07 CVE-2023-31116 Samsung Incorrect Default Permissions vulnerability in Samsung Exynos 5123 Firmware and Exynos 5300 Firmware

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.

9.8
2023-06-07 CVE-2023-33496 XXL RPC Project Deserialization of Untrusted Data vulnerability in Xxl-Rpc Project Xxl-Rpc

xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.

9.8
2023-06-07 CVE-2023-33556 Totolink Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.

9.8
2023-06-07 CVE-2023-2530 Puppet Unspecified vulnerability in Puppet Enterprise 2021.7.1/2023.0/2023.1.0

A privilege escalation allowing remote code execution was discovered in the orchestration service.

9.8
2023-06-07 CVE-2023-33282 Marvalglobal Incorrect Default Permissions vulnerability in Marvalglobal MSM 15.0

Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials.

9.8
2023-06-07 CVE-2023-33863 Renderdoc Integer Overflow or Wraparound vulnerability in Renderdoc

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow.

9.8
2023-06-07 CVE-2023-33864 Renderdoc Integer Overflow or Wraparound vulnerability in Renderdoc

StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow.

9.8
2023-06-07 CVE-2023-34237 Sabnzbd Unspecified vulnerability in Sabnzbd

SABnzbd is an open source automated Usenet download tool.

9.8
2023-06-07 CVE-2023-20887 Vmware Command Injection vulnerability in VMWare Aria Operations for Networks

Aria Operations for Networks contains a command injection vulnerability.

9.8
2023-06-07 CVE-2023-33553 Planet Improper Authentication vulnerability in Planet Wdrt-1800Ax Firmware 1.01Cp21

An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.

9.8
2023-06-07 CVE-2020-36705 Tunasite Unspecified vulnerability in Tunasite Adning Advertising 1.5.5

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5.

9.8
2023-06-07 CVE-2020-36728 Tunasite Unspecified vulnerability in Tunasite Adning Advertising 1.5.5

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5.

9.8
2023-06-07 CVE-2021-4380 Valvepress Unspecified vulnerability in Valvepress Pinterest Automatic PIN 4.14.3

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3.

9.8
2023-06-07 CVE-2023-2186 Trianglemicroworks Use of Externally-Controlled Format String vulnerability in Trianglemicroworks Scada Data Gateway

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor.

9.8
2023-06-07 CVE-2016-15033 Delete ALL Comments Project Unrestricted Upload of File with Dangerous Type vulnerability in Delete ALL Comments Project Delete ALL Comments

The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0.

9.8
2023-06-07 CVE-2019-25138 Plugin Planet Unrestricted Upload of File with Dangerous Type vulnerability in Plugin-Planet User Submitted Posts

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312.

9.8
2023-06-07 CVE-2019-25141 WP Ecommerce Missing Authorization vulnerability in Wp-Ecommerce Easy WP Smtp

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9.

9.8
2023-06-07 CVE-2020-36708 Machothemes
Colorlib
Cpothemes
Code Injection vulnerability in multiple products

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4.

9.8
2023-06-07 CVE-2020-36713 Inspireui Missing Authentication for Critical Function vulnerability in Inspireui Mstore API

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5.

9.8
2023-06-07 CVE-2020-36718 Ninjateam Deserialization of Untrusted Data vulnerability in Ninjateam Gpdr Ccpa Compliance Support

The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value.

9.8
2023-06-07 CVE-2020-36719 Cridio Missing Authorization vulnerability in Cridio Listingpro

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1.

9.8
2023-06-07 CVE-2020-36724 Wordable Missing Authentication for Critical Function vulnerability in Wordable

The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1.

9.8
2023-06-07 CVE-2020-36726 Etoilewebdesign Deserialization of Untrusted Data vulnerability in Etoilewebdesign Ultimate Reviews

The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions.

9.8
2023-06-07 CVE-2020-36727 Xyzscripts Deserialization of Untrusted Data vulnerability in Xyzscripts Newsletter Manager

The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1.

9.8
2023-06-07 CVE-2021-4341 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Ulisting

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6.

9.8
2023-06-07 CVE-2021-4343 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Ulisting

The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6.

9.8
2023-06-07 CVE-2021-4356 Najeebmedia Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2.

9.8
2023-06-07 CVE-2021-4362 Wpkube Missing Authorization vulnerability in Wpkube Kiwi Social Share 2.1.0

The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0.

9.8
2023-06-07 CVE-2021-4370 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Ulisting

The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated.

9.8
2023-06-07 CVE-2021-4374 Valvepress Missing Authorization vulnerability in Valvepress Wordpress Automatic Plugin

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2.

9.8
2023-06-07 CVE-2021-4381 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Ulisting

The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6.

9.8
2023-06-07 CVE-2023-30400 Anyka Command Injection vulnerability in Anyka Ak3918Ev300 Firmware 18

An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18.

9.8
2023-06-06 CVE-2023-29632 Joommasters SQL Injection vulnerability in Joommasters Jmspagebuilder

PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.

9.8
2023-06-06 CVE-2023-34409 Percona Path Traversal vulnerability in Percona Monitoring and Management 2.2.0/2.2.1

In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts.

9.8
2023-06-06 CVE-2023-34111 Tdengine Command Injection vulnerability in Tdengine Grafana

The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow.

9.8
2023-06-06 CVE-2023-31569 Totolink Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.

9.8
2023-06-06 CVE-2023-33532 Netgear Command Injection vulnerability in Netgear R6250 Firmware 1.0.4.48

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48.

9.8
2023-06-06 CVE-2023-32540 Advantech Code Injection vulnerability in Advantech Webaccess/Scada

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.

9.8
2023-06-06 CVE-2023-32628 Advantech Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.

9.8
2023-06-05 CVE-2023-29629 Jmsthemelayout Project SQL Injection vulnerability in Jmsthemelayout Project Jmsthemelayout 2.5.5

PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.

9.8
2023-06-05 CVE-2023-29630 Joommasters SQL Injection vulnerability in Joommasters JMS Drop Mega Menu 1.0.0/2.0.0

PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.

9.8
2023-06-05 CVE-2023-29631 Joommasters Unrestricted Upload of File with Dangerous Type vulnerability in Joommasters JMS Slider 1.6.0

PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.

9.8
2023-06-05 CVE-2023-33386 Marsctf Project Unrestricted Upload of File with Dangerous Type vulnerability in Marsctf Project Marsctf 1.2.1

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background.

9.8
2023-06-05 CVE-2023-3100 Ibos SQL Injection vulnerability in Ibos 4.5.5

A vulnerability, which was classified as critical, has been found in IBOS 4.5.5.

9.8
2023-06-05 CVE-2023-0635 ABB Unspecified vulnerability in ABB products

Improper Privilege Management vulnerability in ABB Ltd.

9.8
2023-06-05 CVE-2023-0636 ABB Command Injection vulnerability in ABB products

Improper Input Validation vulnerability in ABB Ltd.

9.8
2023-06-09 CVE-2023-1895 Motopress Unspecified vulnerability in Motopress Getwid - Gutenberg Blocks 1.8.3

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3.

9.6
2023-06-08 CVE-2023-23482 IBM Unspecified vulnerability in IBM Sterling Partner Engagement Manager

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim.

9.6
2023-06-07 CVE-2020-36730 Niteothemes Missing Authorization vulnerability in Niteothemes CMP

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1.

9.3
2023-06-09 CVE-2023-0291 Expresstech Unspecified vulnerability in Expresstech Quiz and Survey Master

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8.

9.1
2023-06-08 CVE-2023-34239 Gradio Project Unspecified vulnerability in Gradio Project Gradio

Gradio is an open-source Python library that is used to build machine learning and data science.

9.1
2023-06-07 CVE-2023-31114 Samsung Incorrect Resource Transfer Between Spheres vulnerability in Samsung Exynos 5123 Firmware and Exynos 5300 Firmware

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.

9.1
2023-06-07 CVE-2023-33604 Imperial CMS Project Unspecified vulnerability in Imperial CMS Project Imperial CMS 7.5

Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php.

9.1
2023-06-05 CVE-2023-3065 Mobatime Improper Authentication vulnerability in Mobatime Amxgt 100

Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

9.1

198 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-09 CVE-2023-30262 Mimsoftware Deserialization of Untrusted Data vulnerability in Mimsoftware products

An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service.

8.8
2023-06-09 CVE-2023-33557 Thedaylightstudio SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.5.2

Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.

8.8
2023-06-09 CVE-2023-2237 Yudiz Unspecified vulnerability in Yudiz WP Replicate Post

The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

8.8
2023-06-09 CVE-2023-2249 Gvectors Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7.

8.8
2023-06-09 CVE-2023-3176 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0.

8.8
2023-06-09 CVE-2023-3177 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical.

8.8
2023-06-09 CVE-2023-1888 Wpwax Improper Input Validation vulnerability in Wpwax Directorist

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4.

8.8
2023-06-09 CVE-2023-34112 Bytedeco Code Injection vulnerability in Bytedeco Javacpp Presets

JavaCPP Presets is a project providing Java distributions of native C++ libraries.

8.8
2023-06-08 CVE-2023-34230 Snowflake Command Injection vulnerability in Snowflake Connector

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication.

8.8
2023-06-08 CVE-2023-34232 Snowflake Command Injection vulnerability in Snowflake Connector

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21.

8.8
2023-06-08 CVE-2023-34233 Snowflake Command Injection vulnerability in Snowflake Connector

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations.

8.8
2023-06-08 CVE-2023-32749 Pydio Incorrect Authorization vulnerability in Pydio Cells

Pydio Cells allows users by default to create so-called external users in order to share files with them.

8.8
2023-06-08 CVE-2023-34231 Snowflake Command Injection vulnerability in Snowflake Gosnowflake

gosnowflake is th Snowflake Golang driver.

8.8
2023-06-08 CVE-2023-34096 Thruk Path Traversal vulnerability in Thruk

Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends.

8.8
2023-06-07 CVE-2023-33284 Marvalglobal Deserialization of Untrusted Data vulnerability in Marvalglobal MSM 15.0

Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability.

8.8
2023-06-07 CVE-2023-34108 Mailcow Unspecified vulnerability in Mailcow Mailcow: Dockerized

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration.

8.8
2023-06-07 CVE-2023-3150 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0.

8.8
2023-06-07 CVE-2023-3151 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0.

8.8
2023-06-07 CVE-2023-3152 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0.

8.8
2023-06-07 CVE-2023-3148 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical.

8.8
2023-06-07 CVE-2023-3149 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0.

8.8
2023-06-07 CVE-2023-3146 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0.

8.8
2023-06-07 CVE-2023-3147 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical.

8.8
2023-06-07 CVE-2023-20888 Vmware Deserialization of Untrusted Data vulnerability in VMWare Vrealize Network Insight

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

8.8
2023-06-07 CVE-2023-3145 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0.

8.8
2023-06-07 CVE-2023-33498 Alist Project Unrestricted Upload of File with Dangerous Type vulnerability in Alist Project Alist

alist <=3.16.3 is vulnerable to Incorrect Access Control.

8.8
2023-06-07 CVE-2021-4337 Xforwoocommerce Missing Authorization vulnerability in Xforwoocommerce products

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below.

8.8
2023-06-07 CVE-2023-33538 TP Link Command Injection vulnerability in Tp-Link products

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

8.8
2023-06-07 CVE-2019-25142 Extendthemes Missing Authorization vulnerability in Extendthemes Materialis and Mesmerize

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis).

8.8
2023-06-07 CVE-2019-25150 Wpexperts Injection vulnerability in Wpexperts Email Templates

The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3.

8.8
2023-06-07 CVE-2020-36700 King Theme Unspecified vulnerability in King-Theme Page Builder Kingcomposer

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3.

8.8
2023-06-07 CVE-2020-36701 King Theme Unrestricted Upload of File with Dangerous Type vulnerability in King-Theme Page Builder King Composer

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file.

8.8
2023-06-07 CVE-2020-36707 Wpconcern Cross-Site Request Forgery (CSRF) vulnerability in Wpconcern Nifty Coming Soon & Maintenance Mode Page

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57.

8.8
2023-06-07 CVE-2020-36717 Kaliforms Cross-Site Request Forgery (CSRF) vulnerability in Kaliforms Kali Forms

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1.

8.8
2023-06-07 CVE-2021-4349 Coolplugins Cross-Site Request Forgery (CSRF) vulnerability in Coolplugins Process Steps Template Designer

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1.

8.8
2023-06-07 CVE-2021-4354 Magazine3 Unrestricted Upload of File with Dangerous Type vulnerability in Magazine3 PWA for WP & AMP

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32.

8.8
2023-06-07 CVE-2021-4360 Wpruby Unspecified vulnerability in Wpruby Controlled Admin Access

The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page.

8.8
2023-06-07 CVE-2021-4361 Eyecix Missing Authorization vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1.

8.8
2023-06-07 CVE-2021-4368 Najeebmedia Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2.

8.8
2023-06-07 CVE-2021-4382 Recently Project Unrestricted Upload of File with Dangerous Type vulnerability in Recently Project Recently

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4.

8.8
2023-06-07 CVE-2022-4949 Adsanityplugin
XEN
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1.

8.8
2023-06-07 CVE-2022-4950 Coolplugins
Cryptocurrency Payment Donation BOX Plugins
Missing Authorization vulnerability in multiple products

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.

8.8
2023-06-07 CVE-2023-33601 Phpok Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 6.4.100

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.

8.8
2023-06-07 CVE-2023-3124 Elementor Unspecified vulnerability in Elementor PRO 3.0.5/3.11.6

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6.

8.8
2023-06-07 CVE-2021-33223 Seeddms Authorization Bypass Through User-Controlled Key vulnerability in Seeddms 6.0.15

An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.

8.8
2023-06-07 CVE-2023-33781 Dlink Unspecified vulnerability in Dlink Dir-842V2 Firmware 1.0.3

An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.

8.8
2023-06-07 CVE-2023-33782 Dlink Command Injection vulnerability in Dlink Dir-842V2 Firmware 1.0.3

D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.

8.8
2023-06-06 CVE-2023-33652 Sitecore Unsafe Reflection vulnerability in Sitecore Experience Platform 9.3

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.

8.8
2023-06-06 CVE-2023-33653 Sitecore Unspecified vulnerability in Sitecore Experience Platform 9.3

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.

8.8
2023-06-06 CVE-2023-33959 Notaryproject Improper Verification of Cryptographic Signature vulnerability in Notaryproject Notation-Go

notation is a CLI tool to sign and verify OCI artifacts and container images.

8.8
2023-06-06 CVE-2023-33457 Sogou Classic Buffer Overflow vulnerability in Sogou C++ Workflow 0.10.6

In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.

8.8
2023-06-06 CVE-2023-33533 Netgear Command Injection vulnerability in Netgear products

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection.

8.8
2023-06-06 CVE-2023-33530 Tenda Command Injection vulnerability in Tenda G103 Firmware 1.0.0.5

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5.

8.8
2023-06-06 CVE-2023-0985 Mbconnectline Authorization Bypass Through User-Controlled Key vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account.

8.8
2023-06-06 CVE-2023-3119 Oretnom23 SQL Injection vulnerability in Oretnom23 Service Provider Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0.

8.8
2023-06-06 CVE-2023-2833 Wpdeveloper Improper Privilege Management vulnerability in Wpdeveloper Reviewx

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function.

8.8
2023-06-06 CVE-2023-2546 WP User Switch Project Unspecified vulnerability in WP User Switch Project WP User Switch

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2.

8.8
2023-06-06 CVE-2015-10116 Realfavicongenerator Cross-Site Request Forgery (CSRF) vulnerability in Realfavicongenerator Favicon BY Realfavicongenerator

A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress.

8.8
2023-06-05 CVE-2023-34102 Avohq Unsafe Reflection vulnerability in Avohq AVO

Avo is an open source ruby on rails admin panel creation framework.

8.8
2023-06-05 CVE-2023-3079 Google
Fedoraproject
Debian
Couchbase
Type Confusion vulnerability in multiple products

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-06-05 CVE-2013-10029 Angrybte Cross-Site Request Forgery (CSRF) vulnerability in Angrybte Wordpress Exit BOX Lite

A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress.

8.8
2023-06-05 CVE-2023-33410 Minical Improper Neutralization of Formula Elements in a CSV File vulnerability in Minical 1.0.0

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code.

8.8
2023-06-05 CVE-2023-34097 Hoppscotch Information Exposure Through Log Files vulnerability in Hoppscotch

hoppscotch is an open source API development ecosystem.

8.8
2023-06-05 CVE-2023-32217 Sailpoint Unsafe Reflection vulnerability in Sailpoint Identityiq

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.

8.8
2023-06-05 CVE-2023-0041 IBM Insufficient Session Expiration vulnerability in IBM Security Guardium 11.5

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration.

8.8
2023-06-06 CVE-2023-32550 Canonical Exposure of Resource to Wrong Sphere vulnerability in Canonical Landscape

Landscape's server-status page exposed sensitive system information.

8.2
2023-06-09 CVE-2023-0292 Expresstech Unspecified vulnerability in Expresstech Quiz and Survey Master

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8.

8.1
2023-06-08 CVE-2023-34962 Chamilo Unspecified vulnerability in Chamilo LMS

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.

8.1
2023-06-07 CVE-2023-29152 PTC Unspecified vulnerability in PTC Vuforia Studio

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.

8.1
2023-06-07 CVE-2023-30576 Apache Use After Free vulnerability in Apache Guacamole

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer.

8.1
2023-06-07 CVE-2023-1388 Trellix Out-of-bounds Write vulnerability in Trellix Agent 5.7.7/5.7.8

A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.

8.1
2023-06-07 CVE-2023-33536 TP Link Out-of-bounds Read vulnerability in Tp-Link products

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.

8.1
2023-06-07 CVE-2023-33537 TP Link Out-of-bounds Read vulnerability in Tp-Link products

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.

8.1
2023-06-07 CVE-2020-36725 Templateinvaders Missing Authorization vulnerability in Templateinvaders TI Woocommerce Wishlist

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file.

8.1
2023-06-05 CVE-2023-3066 Mobatime Authorization Bypass Through User-Controlled Key vulnerability in Mobatime Amxgt 100

Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.

8.1
2023-06-07 CVE-2023-31200 PTC Cross-Site Request Forgery (CSRF) vulnerability in PTC Vuforia Studio

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.

8.0
2023-06-09 CVE-2023-29749 Yandex Unspecified vulnerability in Yandex Navigator 6.60

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

7.8
2023-06-09 CVE-2023-29752 Ekatox Unspecified vulnerability in Ekatox Facemoji Emoji Keyboard 2.9.1.2

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.

7.8
2023-06-09 CVE-2023-29755 Urbanandroid Unspecified vulnerability in Urbanandroid Twilight 13.3

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

7.8
2023-06-09 CVE-2023-29757 Leap Unspecified vulnerability in Leap Blue Light Filter 1.5.5

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

7.8
2023-06-09 CVE-2023-29766 Appcrossx Unspecified vulnerability in Appcrossx Crossx 1.15.3

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.

7.8
2023-06-09 CVE-2019-16283 HP Unspecified vulnerability in HP Softpaq Installer 4.0.100.1189

A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.

7.8
2023-06-09 CVE-2023-0721 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0.

7.8
2023-06-08 CVE-2023-29403 Golang
Fedoraproject
Exposure of Resource to Wrong Sphere vulnerability in multiple products

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits.

7.8
2023-06-07 CVE-2023-1709 Siemens Stack-based Buffer Overflow vulnerability in Siemens Jt2Go and Teamcenter Visualization

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.

7.8
2023-06-07 CVE-2023-24014 Deltaww Out-of-bounds Write vulnerability in Deltaww Cncsoft-B 1.0.0.2

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code.

7.8
2023-06-07 CVE-2023-25177 Deltaww Stack-based Buffer Overflow vulnerability in Deltaww Cncsoft-B 1.0.0.2

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

7.8
2023-06-07 CVE-2023-2866 Advantech Insufficient Verification of Data Authenticity vulnerability in Advantech Webaccess 8.4.5

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.

7.8
2023-06-07 CVE-2023-33865 Renderdoc Link Following vulnerability in Renderdoc

RenderDoc before 1.27 allows local privilege escalation via a symlink attack.

7.8
2023-06-07 CVE-2023-0976 Trellix Uncontrolled Search Path Element vulnerability in Trellix Agent 5.7.7/5.7.8

A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder.

7.8
2023-06-07 CVE-2022-25834 Percona Command Injection vulnerability in Percona Xtrabackup

In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.

7.8
2023-06-06 CVE-2023-2603 Libcap Project
Redhat
Fedoraproject
Debian
Integer Overflow or Wraparound vulnerability in multiple products

A vulnerability was found in libcap.

7.8
2023-06-06 CVE-2023-33747 MGT Commerce Path Traversal vulnerability in Mgt-Commerce Cloudpanel

CloudPanel v2.2.2 allows attackers to execute a path traversal.

7.8
2023-06-06 CVE-2023-27916 Hornerautomation Out-of-bounds Read vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT).

7.8
2023-06-06 CVE-2023-28653 Hornerautomation Use After Free vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP).

7.8
2023-06-06 CVE-2023-29503 Hornerautomation Stack-based Buffer Overflow vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP).

7.8
2023-06-06 CVE-2023-31244 Hornerautomation Access of Uninitialized Pointer vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected product does not properly validate user-supplied data.

7.8
2023-06-06 CVE-2023-31278 Hornerautomation Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI).

7.8
2023-06-06 CVE-2023-32203 Hornerautomation Out-of-bounds Write vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI).

7.8
2023-06-06 CVE-2023-32281 Hornerautomation Out-of-bounds Read vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP).

7.8
2023-06-06 CVE-2023-32289 Hornerautomation Out-of-bounds Read vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP).

7.8
2023-06-06 CVE-2023-32539 Hornerautomation Out-of-bounds Write vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI).

7.8
2023-06-06 CVE-2023-32545 Hornerautomation Out-of-bounds Read vulnerability in Hornerautomation Cscape and Cscape Envisionrv

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP).

7.8
2023-06-06 CVE-2022-33224 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.

7.8
2023-06-06 CVE-2022-33226 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.

7.8
2023-06-06 CVE-2022-33227 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption in Linux android due to double free while calling unregister provider after register call.

7.8
2023-06-06 CVE-2022-33230 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host

7.8
2023-06-06 CVE-2022-33240 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Memory corruption in Audio due to incorrect type cast during audio use-cases.

7.8
2023-06-06 CVE-2022-33263 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption due to use after free in Core when multiple DCI clients register and deregister.

7.8
2023-06-06 CVE-2022-33264 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

7.8
2023-06-06 CVE-2022-33267 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Linux while sending DRM request.

7.8
2023-06-06 CVE-2022-33307 Qualcomm Double Free vulnerability in Qualcomm products

Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed.

7.8
2023-06-06 CVE-2022-40507 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption due to double free in Core while mapping HLOS address to the list.

7.8
2023-06-06 CVE-2022-40522 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption in Linux Networking due to double free while handling a hyp-assign.

7.8
2023-06-06 CVE-2022-40529 Qualcomm Incorrect Authorization vulnerability in Qualcomm products

Memory corruption due to improper access control in kernel while processing a mapping request from root process.

7.8
2023-06-06 CVE-2023-21628 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

7.8
2023-06-06 CVE-2023-21632 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Automotive GPU while querying a gsl memory node.

7.8
2023-06-06 CVE-2023-21656 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Memory corruption in WLAN HOST while receiving an WMI event from firmware.

7.8
2023-06-06 CVE-2023-21657 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Memoru corruption in Audio when ADSP sends input during record use case.

7.8
2023-06-06 CVE-2023-21670 Qualcomm Incorrect Authorization vulnerability in Qualcomm products

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.

7.8
2023-06-06 CVE-2022-48390 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

7.8
2023-06-06 CVE-2022-48392 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

7.8
2023-06-06 CVE-2023-30863 Google Missing Authorization vulnerability in Google Android 10.0

In Connectivity Service, there is a possible missing permission check.

7.8
2023-06-06 CVE-2023-30864 Google Missing Authorization vulnerability in Google Android 10.0

In Connectivity Service, there is a possible missing permission check.

7.8
2023-06-05 CVE-2022-48181 Lenovo Out-of-bounds Write vulnerability in Lenovo products

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

7.8
2023-06-05 CVE-2022-48188 Lenovo Out-of-bounds Write vulnerability in Lenovo products

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

7.8
2023-06-05 CVE-2023-3027 Redhat Improper Privilege Management vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.5/2.6/2.7

The grc-policy-propagator allows security escalation within the cluster.

7.8
2023-06-05 CVE-2022-4569 Lenovo Unspecified vulnerability in Lenovo Thinkpad Hybrid Usb-C With Usb-A Dock Firmware

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

7.8
2023-06-05 CVE-2023-3111 Linux
Debian
Netapp
Use After Free vulnerability in multiple products

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel.

7.8
2023-06-05 CVE-2023-29344 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability

7.8
2023-06-05 CVE-2023-33733 Reportlab Unspecified vulnerability in Reportlab

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

7.8
2023-06-05 CVE-2023-3098 Ubuntukylin Path Traversal vulnerability in Ubuntukylin Youker-Assistant

A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS.

7.8
2023-06-05 CVE-2023-3096 Kylinos Unspecified vulnerability in Kylinos Kylin-Software-Properties

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS.

7.8
2023-06-05 CVE-2023-3097 Kylinos OS Command Injection vulnerability in Kylinos Kylin-Software-Properties

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS.

7.8
2023-06-05 CVE-2023-27285 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Aspera Cargo and Aspera Connect

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking.

7.8
2023-06-11 CVE-2023-22584 Danfoss Cleartext Storage of Sensitive Information vulnerability in Danfoss Ak-Em100 Firmware

The Danfoss AK-EM100 stores login credentials in cleartext.

7.5
2023-06-11 CVE-2023-22586 Danfoss Information Exposure vulnerability in Danfoss Ak-Em100 Firmware

The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.

7.5
2023-06-10 CVE-2023-26132 Dottie Project Unspecified vulnerability in Dottie Project Dottie

Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.

7.5
2023-06-09 CVE-2023-1428 Grpc Reachable Assertion vulnerability in Grpc

There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB.

7.5
2023-06-09 CVE-2023-32731 Grpc Unspecified vulnerability in Grpc

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame.

7.5
2023-06-08 CVE-2023-24535 Protobuf Out-of-bounds Read vulnerability in Protobuf 1.29.0

Parsing invalid messages can panic.

7.5
2023-06-08 CVE-2023-3163 Ruoyi SQL Injection vulnerability in Ruoyi

A vulnerability was found in y_project RuoYi up to 4.7.7.

7.5
2023-06-08 CVE-2023-33657 Emqx Use After Free vulnerability in Emqx Nanomq 0.17.2

A use-after-free vulnerability exists in NanoMQ 0.17.2.

7.5
2023-06-08 CVE-2023-33658 Emqx Out-of-bounds Write vulnerability in Emqx Nanomq 0.17.2

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2.

7.5
2023-06-08 CVE-2023-33660 Emqx Out-of-bounds Write vulnerability in Emqx Nanomq 0.17.2

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2.

7.5
2023-06-07 CVE-2023-29168 PTC Insufficiently Protected Credentials vulnerability in PTC Vuforia Studio

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.

7.5
2023-06-07 CVE-2023-1864 Fanuc Path Traversal vulnerability in Fanuc Roboguide Handlingpro Firmware

FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software.

7.5
2023-06-07 CVE-2023-31115 Samsung Incorrect Resource Transfer Between Spheres vulnerability in Samsung Exynos 5123 Firmware and Exynos 5300 Firmware

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.

7.5
2023-06-07 CVE-2023-33510 Jeecg P3 BIZ Chat Project Exposure of Resource to Wrong Sphere vulnerability in Jeecg P3 BIZ Chat Project Jeecg P3 BIZ Chat 1.0.5

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.

7.5
2023-06-07 CVE-2023-34109 Zxcvbn TS Project Resource Exhaustion vulnerability in Zxcvbn-Ts Project Zxcvbn-Ts

zxcvbn-ts is an open source password strength estimator written in typescript.

7.5
2023-06-07 CVE-2023-0121 Gitlab Allocation of Resources Without Limits or Throttling vulnerability in Gitlab

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.

7.5
2023-06-07 CVE-2023-2198 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

7.5
2023-06-07 CVE-2023-2199 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

7.5
2023-06-07 CVE-2023-20889 Vmware Command Injection vulnerability in VMWare Vrealize Network Insight

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.

7.5
2023-06-07 CVE-2023-30575 Apache Incorrect Calculation of Buffer Size vulnerability in Apache Guacamole

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

7.5
2023-06-07 CVE-2020-36696 Tychesoftwares Missing Authorization vulnerability in Tychesoftwares Product Input Fields for Woocommerce

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6.

7.5
2023-06-07 CVE-2020-36710 Wpserveur Incorrect Authorization vulnerability in Wpserveur WPS Hide Login

The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.

7.5
2023-06-07 CVE-2021-4340 Stylemixthemes SQL Injection vulnerability in Stylemixthemes Ulisting

The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.5
2023-06-07 CVE-2021-4346 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Ulisting

The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6.

7.5
2023-06-06 CVE-2023-33651 Sitecore Incorrect Authorization vulnerability in Sitecore products

An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.

7.5
2023-06-06 CVE-2023-34104 Fast XML Parser Project Unspecified vulnerability in Fast-Xml-Parser Project Fast-Xml-Parser

fast-xml-parser is an open source, pure javascript xml parser.

7.5
2023-06-06 CVE-2023-2132 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

7.5
2023-06-06 CVE-2023-31606 Promptworks Unspecified vulnerability in Promptworks Redcloth

A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0.

7.5
2023-06-06 CVE-2023-32549 Canonical Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Canonical Landscape

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.

7.5
2023-06-06 CVE-2023-33659 Emqx Out-of-bounds Write vulnerability in Emqx Nanomq 0.17.2

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2.

7.5
2023-06-06 CVE-2022-22060 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Assertion occurs while processing Reconfiguration message due to improper validation

7.5
2023-06-06 CVE-2022-33251 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS due to reachable assertion in Modem because of invalid network configuration.

7.5
2023-06-06 CVE-2022-40521 Qualcomm Improper Authentication vulnerability in Qualcomm products

Transient DOS due to improper authorization in Modem

7.5
2023-06-06 CVE-2022-40536 Qualcomm Improper Authentication vulnerability in Qualcomm products

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network.

7.5
2023-06-06 CVE-2022-40538 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.

7.5
2023-06-06 CVE-2023-21658 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.

7.5
2023-06-06 CVE-2023-21659 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in WLAN Firmware while processing frames with missing header fields.

7.5
2023-06-06 CVE-2023-21660 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in WLAN Firmware while parsing FT Information Elements.

7.5
2023-06-06 CVE-2023-21661 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS while parsing WLAN beacon or probe-response frame.

7.5
2023-06-06 CVE-2023-21669 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information Disclosure in WLAN HOST while sending DPP action frame to peer with an invalid source address.

7.5
2023-06-06 CVE-2018-25087 Arborator Server Project Improper Resource Shutdown or Release vulnerability in Arborator Server Project Arborator Server

A vulnerability classified as problematic was found in Arborator Server.

7.5
2023-06-05 CVE-2013-10030 Angrybyte Information Exposure vulnerability in Angrybyte Wordpress Exit BOX Lite

A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress.

7.5
2023-06-05 CVE-2023-24510 Arista Improper Handling of Exceptional Conditions vulnerability in Arista EOS

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.

7.5
2023-06-05 CVE-2020-19028 Emlog Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0

*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.

7.5
2023-06-05 CVE-2023-31893 Telefonica Uncontrolled Recursion vulnerability in Telefonica Brasil Vivo Play Firmware 2023.04.04.01.06.15

Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion.

7.5
2023-06-05 CVE-2023-34411 XML Library Project XXE vulnerability in XML Library Project XML Library

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.

7.5
2023-06-05 CVE-2023-34407 Harbingergroup Path Traversal vulnerability in Harbingergroup Office Player 4.0.6.0.2

OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL.

7.5
2023-06-05 CVE-2023-22862 IBM Unprotected Transport of Credentials vulnerability in IBM Aspera Cargo and Aspera Connect

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

7.5
2023-06-07 CVE-2023-2904 Hidglobal Modification of Assumed-Immutable Data (MAID) vulnerability in Hidglobal Safe

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API).

7.3
2023-06-07 CVE-2020-36716 Wpwhitesecurity Missing Authorization vulnerability in Wpwhitesecurity WP Activity LOG

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1.

7.3
2023-06-09 CVE-2023-2454 Postgresql
Redhat
Fedoraproject
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
7.2
2023-06-09 CVE-2023-2607 Themeisle Unspecified vulnerability in Themeisle multiple Page Generator

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

7.2
2023-06-09 CVE-2023-1016 Hijiriworld Unspecified vulnerability in Hijiriworld Intuitive Custom Post Order

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values.

7.2
2023-06-09 CVE-2023-3172 Froxlor Path Traversal vulnerability in Froxlor

Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.

7.2
2023-06-06 CVE-2023-33569 Faculty Evaluation System Project Unrestricted Upload of File with Dangerous Type vulnerability in Faculty Evaluation System Project Faculty Evaluation System 1.0

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user.

7.2
2023-06-06 CVE-2023-33381 Mitrastar OS Command Injection vulnerability in Mitrastar Gpt-2741Gnac Firmware Arg5.8110Wvn0B72

A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2).

7.2
2023-06-06 CVE-2023-3120 Oretnom23 SQL Injection vulnerability in Oretnom23 Service Provider Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0.

7.2
2023-06-06 CVE-2023-22450 Advantech Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.

7.2
2023-06-05 CVE-2023-0900 Wpdevart Unspecified vulnerability in Wpdevart Pricing Table Builder 1.1.5/1.1.6

The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.

7.2
2023-06-09 CVE-2023-3141 Linux
Netapp
Debian
Use After Free vulnerability in multiple products

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel.

7.1
2023-06-09 CVE-2023-27706 Bitwarden Cleartext Storage of Sensitive Information vulnerability in Bitwarden

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.

7.1
2023-06-07 CVE-2020-36720 Kaliforms Missing Authorization vulnerability in Kaliforms Kali Forms

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1.

7.1
2023-06-05 CVE-2023-3099 Ubuntukylin Unspecified vulnerability in Ubuntukylin Youker-Assistant

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS.

7.1

308 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-08 CVE-2023-34567 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.

6.7
2023-06-08 CVE-2023-34568 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

6.7
2023-06-08 CVE-2023-34569 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.

6.7
2023-06-08 CVE-2023-34570 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.

6.7
2023-06-08 CVE-2023-34571 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.

6.7
2023-06-06 CVE-2023-20712 Linuxfoundation
Google
Linux
Out-of-bounds Write vulnerability in multiple products

In wlan, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20715 Linuxfoundation
Google
Linux
Out-of-bounds Write vulnerability in multiple products

In wlan, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20716 Linuxfoundation
Google
Linux
Out-of-bounds Write vulnerability in multiple products

In wlan, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20723 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20724 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In Bluetooth, there is a possible out of bounds read due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20725 Rdkcentral
Google
Openwrt
Out-of-bounds Write vulnerability in multiple products

In preloader, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20732 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In wlan, there is a possible out of bounds read due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20733 Linuxfoundation
Google
Improper Locking vulnerability in multiple products

In vcu, there is a possible use after free due to improper locking.

6.7
2023-06-06 CVE-2023-20734 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In vcu, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20735 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In vcu, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20737 Linuxfoundation
Google
Improper Locking vulnerability in multiple products

In vcu, there is a possible use after free due to improper locking.

6.7
2023-06-06 CVE-2023-20738 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In vcu, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20739 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In vcu, there is a possible memory corruption due to a logic error.

6.7
2023-06-06 CVE-2023-20740 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In vcu, there is a possible memory corruption due to a logic error.

6.7
2023-06-06 CVE-2023-20743 Linuxfoundation
Google
Improper Locking vulnerability in multiple products

In vcu, there is a possible out of bounds write due to improper locking.

6.7
2023-06-06 CVE-2023-20744 Linuxfoundation
Google
Use After Free vulnerability in multiple products

In vcu, there is a possible use after free due to a logic error.

6.7
2023-06-06 CVE-2023-20745 Linuxfoundation
Google
Improper Locking vulnerability in multiple products

In vcu, there is a possible out of bounds write due to improper locking.

6.7
2023-06-06 CVE-2023-20746 Linuxfoundation
Google
Improper Locking vulnerability in multiple products

In vcu, there is a possible out of bounds write due to improper locking.

6.7
2023-06-06 CVE-2023-20749 Google Out-of-bounds Write vulnerability in Google Android 13.0

In swpm, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20751 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In keymange, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-06 CVE-2023-20752 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In keymange, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-06-10 CVE-2023-3188 Owncast Project Server-Side Request Forgery (SSRF) vulnerability in Owncast Project Owncast

Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.

6.5
2023-06-09 CVE-2023-34100 Contiki NG Out-of-bounds Read vulnerability in Contiki-Ng

Contiki-NG is an open-source, cross-platform operating system for IoT devices.

6.5
2023-06-09 CVE-2023-2599 Miniorange Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

6.5
2023-06-09 CVE-2023-0688 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1.

6.5
2023-06-09 CVE-2023-1615 Themefic Unspecified vulnerability in Themefic Ultimate Addons for Contact Form 7

The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23.

6.5
2023-06-09 CVE-2023-1889 Wpwax Unspecified vulnerability in Wpwax Directorist

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4.

6.5
2023-06-08 CVE-2023-32750 Pydio Server-Side Request Forgery (SSRF) vulnerability in Pydio Cells

Pydio Cells through 4.1.2 allows SSRF.

6.5
2023-06-08 CVE-2023-34969 Freedesktop
Fedoraproject
Debian
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon.
6.5
2023-06-07 CVE-2023-33848 IBM Unspecified vulnerability in IBM Cics TX and Txseries for Multiplatforms

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode.

6.5
2023-06-07 CVE-2021-4379 Villatheme Unspecified vulnerability in Villatheme Woocommerce Multi Currency 2.1.17

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17.

6.5
2023-06-07 CVE-2023-0666 Wireshark
Debian
Out-of-bounds Write vulnerability in multiple products

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

6.5
2023-06-07 CVE-2023-0667 Wireshark Out-of-bounds Write vulnerability in Wireshark

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark

6.5
2023-06-07 CVE-2023-0668 Wireshark
Debian
Out-of-bounds Write vulnerability in multiple products

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

6.5
2023-06-07 CVE-2020-36697 Appsaloon Missing Authorization vulnerability in Appsaloon WP Gdpr

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1.

6.5
2023-06-07 CVE-2020-36721 Machothemes
Colorlib
Cpothemes
Missing Authorization vulnerability in multiple products

The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation.

6.5
2023-06-07 CVE-2021-4347 Zorem Missing Authorization vulnerability in Zorem Advanced Shipment Tracking for Woocommerce

The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update.

6.5
2023-06-07 CVE-2021-4377 Wobbie Information Exposure vulnerability in Wobbie Doneren MET Mollie

The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks.

6.5
2023-06-07 CVE-2023-3125 Webwizards Unspecified vulnerability in Webwizards B2Bking 4.6.00

The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00.

6.5
2023-06-06 CVE-2023-1621 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1.

6.5
2023-06-06 CVE-2023-2253 Redhat Allocation of Resources Without Limits or Throttling vulnerability in Redhat products

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`).

6.5
2023-06-06 CVE-2023-33477 Harmonicinc Missing Authorization vulnerability in Harmonicinc NSG 9000-6G Firmware

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.

6.5
2023-06-06 CVE-2023-22833 Palantir Incorrect Authorization vulnerability in Palantir Foundry

Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.

6.5
2023-06-06 CVE-2023-33958 Notaryproject Resource Exhaustion vulnerability in Notaryproject Notation-Go

notation is a CLI tool to sign and verify OCI artifacts and container images.

6.5
2023-06-06 CVE-2023-30948 Palantir Missing Authorization vulnerability in Palantir Foundry Comments

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks.

6.5
2023-06-06 CVE-2023-33460 Yajl Project
Fedoraproject
Debian
Memory Leak vulnerability in multiple products

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function.

6.5
2023-06-05 CVE-2023-33409 Minical Cross-Site Request Forgery (CSRF) vulnerability in Minical 1.0.0

Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.

6.5
2023-06-05 CVE-2023-33956 Kanboard Authorization Bypass Through User-Controlled Key vulnerability in Kanboard

Kanboard is open source project management software that focuses on the Kanban methodology.

6.5
2023-06-05 CVE-2023-33970 Kanboard Missing Authorization vulnerability in Kanboard

Kanboard is open source project management software that focuses on the Kanban methodology.

6.5
2023-06-05 CVE-2023-33690 Sonicjs Path Traversal vulnerability in Sonicjs

SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS.

6.5
2023-06-05 CVE-2023-27989 Zyxel Classic Buffer Overflow vulnerability in Zyxel products

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

6.5
2023-06-06 CVE-2023-2183 Grafana Missing Authorization vulnerability in Grafana

Grafana is an open-source platform for monitoring and observability.

6.4
2023-06-06 CVE-2023-20736 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In vcu, there is a possible out of bounds write due to a race condition.

6.4
2023-06-11 CVE-2023-22582 Danfoss Cross-site Scripting vulnerability in Danfoss Ak-Em100 Firmware

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.

6.1
2023-06-11 CVE-2023-22585 Danfoss Cross-site Scripting vulnerability in Danfoss Ak-Em100 Firmware

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.

6.1
2023-06-09 CVE-2023-26465 Pega Cross-site Scripting vulnerability in Pega Platform

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.

6.1
2023-06-09 CVE-2023-29713 Vadesecure Cross-site Scripting vulnerability in Vadesecure Secure Gateway

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.

6.1
2023-06-09 CVE-2023-29714 Vadesecure Cross-site Scripting vulnerability in Vadesecure Secure Gateway

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.

6.1
2023-06-09 CVE-2023-29712 Vadesecure Cross-site Scripting vulnerability in Vadesecure Secure Gateway

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.

6.1
2023-06-09 CVE-2023-34245 Udecode Cross-site Scripting vulnerability in Udecode Plate

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React.

6.1
2023-06-09 CVE-2023-1978 Plainware Unspecified vulnerability in Plainware Shiftcontroller

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping.

6.1
2023-06-09 CVE-2023-2184 I13Websolution Unspecified vulnerability in I13Websolution WP Responsive Tabs

The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping.

6.1
2023-06-09 CVE-2023-2289 I13Websolution Unspecified vulnerability in I13Websolution Wordpress Vertical Image Slider

The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping.

6.1
2023-06-09 CVE-2023-2402 I13Websolution Unspecified vulnerability in I13Websolution Photo Gallery Slideshow & Masonry Tiled Gallery

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping.

6.1
2023-06-09 CVE-2023-2604 I13Websolution Unspecified vulnerability in I13Websolution Team Circle Image Slider With Lightbox

The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping.

6.1
2023-06-09 CVE-2023-0992 Getshieldsecurity Cross-site Scripting vulnerability in Getshieldsecurity Shield Security

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header.

6.1
2023-06-08 CVE-2023-34961 Chamilo Cross-site Scripting vulnerability in Chamilo LMS

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.

6.1
2023-06-08 CVE-2023-3165 Janobe Cross-site Scripting vulnerability in Janobe Life Insurance Management System 1.0

A vulnerability was found in SourceCodester Life Insurance Management System 1.0.

6.1
2023-06-07 CVE-2023-29345 Microsoft Cross-site Scripting vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

6.1
2023-06-07 CVE-2023-2015 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

6.1
2023-06-07 CVE-2021-46889 10Web Cross-site Scripting vulnerability in 10Web Photo Gallery

The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data.

6.1
2023-06-07 CVE-2019-25140 Wpshopmart Cross-site Scripting vulnerability in Wpshopmart Coming Soon Page & Maintenance Mode

The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping.

6.1
2023-06-07 CVE-2019-25144 Codemiq Cross-site Scripting vulnerability in Codemiq WP Html Mail

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization.

6.1
2023-06-07 CVE-2019-25145 Wpforms Cross-site Scripting vulnerability in Wpforms Contact Form 1.5.9

The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping.

6.1
2023-06-07 CVE-2019-25146 Delucks Cross-site Scripting vulnerability in Delucks SEO

The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping.

6.1
2023-06-07 CVE-2019-25147 Prettylinks Cross-site Scripting vulnerability in Prettylinks Pretty Links

The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function.

6.1
2023-06-07 CVE-2019-25148 Codemiq Cross-site Scripting vulnerability in Codemiq WP Html Mail

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization.

6.1
2023-06-07 CVE-2020-36731 Wpdesk Cross-site Scripting vulnerability in Wpdesk Flexible Checkout Fields for Woocommerce

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1.

6.1
2023-06-07 CVE-2021-4348 Createit Open Redirect vulnerability in Createit Ultimate Gdpr & Ccpa Compliance Toolkit

The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4.

6.1
2023-06-07 CVE-2021-4358 Legalweb Cross-site Scripting vulnerability in Legalweb WP Dsgvo Tools

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping.

6.1
2023-06-07 CVE-2021-4363 Webdevocean Cross-site Scripting vulnerability in Webdevocean WP Quick Frontend Editor

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'save_content_front' function that uses print_r on the user-supplied $_REQUEST values .

6.1
2023-06-07 CVE-2021-4365 Najeebmedia Cross-site Scripting vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2.

6.1
2023-06-07 CVE-2021-4372 Rightpress Cross-site Scripting vulnerability in Rightpress Woocommerce Dynamic Pricing and Discounts

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1.

6.1
2023-06-06 CVE-2023-32551 Canonical Open Redirect vulnerability in Canonical Landscape

Landscape allowed URLs which caused open redirection.

6.1
2023-06-06 CVE-2015-10117 Webaware Cross-site Scripting vulnerability in Webaware GF Windcave Free

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress.

6.1
2023-06-06 CVE-2017-20185 Server WEB Monitor Page Project Cross-site Scripting vulnerability in Server web Monitor Page Project Server web Monitor Page

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP.

6.1
2023-06-05 CVE-2015-10115 Woocommerce Open Redirect vulnerability in Woocommerce Sidebar Manager to Woosidebars Converter

A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress.

6.1
2023-06-05 CVE-2015-10113 Woocommerce Open Redirect vulnerability in Woocommerce Wooframework Tweaks 1.0.0/1.0.1

A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress.

6.1
2023-06-05 CVE-2015-10114 Woocommerce Open Redirect vulnerability in Woocommerce Woosidebars

A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress.

6.1
2023-06-05 CVE-2023-32766 Gitpod Cross-site Scripting vulnerability in Gitpod

Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).

6.1
2023-06-05 CVE-2023-2337 Convertkit Unspecified vulnerability in Convertkit - Email Marketing, Email Newsletter and Landing Pages

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-05 CVE-2023-2472 Brevo Unspecified vulnerability in Brevo Newsletter, Smtp, Email Marketing and Subscribe

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-05 CVE-2023-2488 Trumani Unspecified vulnerability in Trumani Stop Spammers

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-05 CVE-2023-2503 10Web Unspecified vulnerability in 10Web Social Post Feed

The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-05 CVE-2023-2571 AYS PRO Unspecified vulnerability in Ays-Pro Quiz Maker

The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-05 CVE-2023-2572 AYS PRO Unspecified vulnerability in Ays-Pro Survey Maker

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-05 CVE-2015-10112 Woocommerce Open Redirect vulnerability in Woocommerce Wooframework Branding

A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress.

6.1
2023-06-05 CVE-2014-125105 Managewp Cross-site Scripting vulnerability in Managewp Broken Link Checker

A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress.

6.1
2023-06-09 CVE-2023-34363 Progress Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle.

5.9
2023-06-05 CVE-2023-27861 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Maximo Application Suite 8.8.0/8.9.0

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques.

5.9
2023-06-06 CVE-2023-33684 Dbbroadcast Unspecified vulnerability in Dbbroadcast SFT DAB 600/C Bios and SFT DAB 600/C Firmware

Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.

5.7
2023-06-06 CVE-2023-33957 Notaryproject Resource Exhaustion vulnerability in Notaryproject Notation-Go

notation is a CLI tool to sign and verify OCI artifacts and container images.

5.7
2023-06-09 CVE-2023-29751 Yandex Unspecified vulnerability in Yandex Navigator 6.60

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

5.5
2023-06-09 CVE-2023-29753 Ekatox Unspecified vulnerability in Ekatox Facemoji:Emoji Keyboard&Ask AI 2.9.1.2

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.

5.5
2023-06-09 CVE-2023-29756 Urbanandroid Unspecified vulnerability in Urbanandroid Twilight 13.3

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

5.5
2023-06-09 CVE-2023-29758 Leap Unspecified vulnerability in Leap Blue Light Filter 1.5.5

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

5.5
2023-06-09 CVE-2023-29759 Flightaware Unspecified vulnerability in Flightaware 5.8.0

An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.

5.5
2023-06-09 CVE-2023-29761 Urbanandroid Unspecified vulnerability in Urbanandroid Sleep 20230303

An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

5.5
2023-06-09 CVE-2023-29767 Appcrossx Resource Exhaustion vulnerability in Appcrossx Crossx 1.15.3

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.

5.5
2023-06-09 CVE-2023-2767 Iptanus Cross-site Scripting vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping.

5.5
2023-06-07 CVE-2023-33283 Marvalglobal Inadequate Encryption Strength vulnerability in Marvalglobal MSM

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets.

5.5
2023-06-07 CVE-2023-33595 Python Use After Free vulnerability in Python 3.12.0

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.

5.5
2023-06-07 CVE-2023-2878 Kubernetes Information Exposure Through Log Files vulnerability in Kubernetes Secrets-Store-Csi-Driver

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.

5.5
2023-06-07 CVE-2022-31693 Vmware Unspecified vulnerability in VMWare Tools

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver.

5.5
2023-06-06 CVE-2023-2157 Imagemagick Out-of-bounds Write vulnerability in Imagemagick

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

5.5
2023-06-06 CVE-2023-33613 Axtls Project Out-of-bounds Write vulnerability in Axtls Project Axtls 2.1.5

axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c.

5.5
2023-06-06 CVE-2022-22076 Qualcomm Unspecified vulnerability in Qualcomm products

information disclosure due to cryptographic issue in Core during RPMB read request.

5.5
2023-06-06 CVE-2022-33303 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue.

5.5
2023-06-06 CVE-2022-40523 Qualcomm Exposure of Resource to Wrong Sphere vulnerability in Qualcomm products

Information disclosure in Kernel due to indirect branch misprediction.

5.5
2023-06-06 CVE-2022-40525 Qualcomm Exposure of Resource to Wrong Sphere vulnerability in Qualcomm products

Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.

5.5
2023-06-06 CVE-2022-40533 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.

5.5
2023-06-06 CVE-2022-48391 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48440 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48441 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48442 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48443 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48444 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48445 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48446 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48447 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2022-48448 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a possible missing permission check.

5.5
2023-06-06 CVE-2023-30865 Google Missing Authorization vulnerability in Google Android

In dialer service, there is a missing permission check.

5.5
2023-06-06 CVE-2023-30866 Google Missing Authorization vulnerability in Google Android 10.0

In telephony service, there is a missing permission check.

5.5
2023-06-06 CVE-2023-30914 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In email service, there is a missing permission check.

5.5
2023-06-06 CVE-2023-30915 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In email service, there is a missing permission check.

5.5
2023-06-05 CVE-2023-33693 Tsingsee Out-of-bounds Write vulnerability in Tsingsee Easyplayerpro

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.

5.5
2023-06-11 CVE-2023-3192 Froxlor Session Fixation vulnerability in Froxlor

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.

5.4
2023-06-10 CVE-2023-3191 Teampass Cross-site Scripting vulnerability in Teampass

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

5.4
2023-06-09 CVE-2023-3187 Teachers Record Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Teachers Record Management System Project Teachers Record Management System 1.0

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0.

5.4
2023-06-09 CVE-2023-34856 Dlink Cross-site Scripting vulnerability in Dlink Di-7500G-Ci Firmware 19.05.29A

A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.

5.4
2023-06-09 CVE-2023-2455 Postgresql
Redhat
Fedoraproject
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.
5.4
2023-06-09 CVE-2023-2121 Hashicorp Cross-site Scripting vulnerability in Hashicorp Vault

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values.

5.4
2023-06-09 CVE-2023-3183 Performance Indicator System Project Cross-site Scripting vulnerability in Performance Indicator System Project Performance Indicator System 1.0

A vulnerability was found in SourceCodester Performance Indicator System 1.0.

5.4
2023-06-09 CVE-2023-2031 Plainware Unspecified vulnerability in Plainware Locatoraid

The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-06-09 CVE-2023-2067 Bulletin Unspecified vulnerability in Bulletin Announcement & Notification Banner - Bulletin 3.6.0/3.7.0

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions in versions up to, and including, 3.7.0.

5.4
2023-06-09 CVE-2023-2275 Wclovers Unspecified vulnerability in Wclovers Woocommerce Multivendor Marketplace

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3.

5.4
2023-06-09 CVE-2023-2305 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-06-09 CVE-2023-2526 Supsystic Unspecified vulnerability in Supsystic Easy Google Maps

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7.

5.4
2023-06-09 CVE-2023-2558 Pluginus Unspecified vulnerability in Pluginus Wordpress Currency Switcher Professional

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-06-09 CVE-2023-0695 Wpmet Cross-site Scripting vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0.

5.4
2023-06-09 CVE-2023-0708 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0.

5.4
2023-06-09 CVE-2023-0709 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0.

5.4
2023-06-09 CVE-2023-0710 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0.

5.4
2023-06-09 CVE-2023-1403 Weavertheme Unspecified vulnerability in Weavertheme Weaver Xtreme Theme 5.0.7

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7.

5.4
2023-06-09 CVE-2023-1404 Weavertheme Unspecified vulnerability in Weavertheme Weaver Show Posts

The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6.

5.4
2023-06-09 CVE-2023-1917 Blubrry Unspecified vulnerability in Blubrry Powerpress

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-06-08 CVE-2023-32751 Pydio Cross-site Scripting vulnerability in Pydio Cells

Pydio Cells through 4.1.2 allows XSS.

5.4
2023-06-08 CVE-2023-23480 IBM Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting.

5.4
2023-06-08 CVE-2023-23481 IBM Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting.

5.4
2023-06-08 CVE-2023-33846 IBM Cross-site Scripting vulnerability in IBM Cics TX and Txseries for Multiplatform

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting.

5.4
2023-06-07 CVE-2023-2442 Gitlab Cross-site Scripting vulnerability in Gitlab 15.11.0/15.11.2

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

5.4
2023-06-07 CVE-2023-3142 Microweber Cross-site Scripting vulnerability in Microweber

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

5.4
2023-06-07 CVE-2023-3143 Online Discussion Forum Site Project Cross-site Scripting vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0.

5.4
2023-06-07 CVE-2023-3144 Online Discussion Forum Site Project Cross-site Scripting vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0.

5.4
2023-06-07 CVE-2020-36703 Elementor Cross-site Scripting vulnerability in Elementor Website Builder

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts.

5.4
2023-06-07 CVE-2020-36704 Fruitfulcode Cross-site Scripting vulnerability in Fruitfulcode Fruitful Theme

The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping.

5.4
2023-06-07 CVE-2020-36711 Theme Fusion Cross-site Scripting vulnerability in Theme-Fusion Avada

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping.

5.4
2023-06-07 CVE-2021-4338 Duckdev Missing Authorization vulnerability in Duckdev 404 to 301

The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7.

5.4
2023-06-07 CVE-2021-4344 Najeebmedia Unspecified vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2.

5.4
2023-06-07 CVE-2021-4367 Flothemes Cross-site Scripting vulnerability in Flothemes FLO Forms

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks.

5.4
2023-06-07 CVE-2021-4378 Webdevocean Cross-site Scripting vulnerability in Webdevocean WP Quick Frontend Editor

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping.

5.4
2023-06-06 CVE-2023-32682 Matrix Improper Authentication vulnerability in Matrix Synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework.

5.4
2023-06-06 CVE-2023-32683 Matrix Incorrect Authorization vulnerability in Matrix Synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework.

5.4
2023-06-06 CVE-2023-33977 Kiwitcms Cross-site Scripting vulnerability in Kiwitcms Kiwi Tcms

Kiwi TCMS is an open source test management system for both manual and automated testing.

5.4
2023-06-06 CVE-2022-46165 Syncthing Cross-site Scripting vulnerability in Syncthing

Syncthing is an open source, continuous file synchronization program.

5.4
2023-06-05 CVE-2023-34103 Avohq Cross-site Scripting vulnerability in Avohq AVO

Avo is an open source ruby on rails admin panel creation framework.

5.4
2023-06-05 CVE-2023-33408 Minical Cross-site Scripting vulnerability in Minical 1.0.0

Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS).

5.4
2023-06-05 CVE-2023-33968 Kanboard Missing Authorization vulnerability in Kanboard

Kanboard is open source project management software that focuses on the Kanban methodology.

5.4
2023-06-05 CVE-2023-33969 Kanboard Cross-site Scripting vulnerability in Kanboard

Kanboard is open source project management software that focuses on the Kanban methodology.

5.4
2023-06-05 CVE-2023-3109 Admidio Cross-site Scripting vulnerability in Admidio

Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.

5.4
2023-06-05 CVE-2022-4946 Accesspressthemes Unspecified vulnerability in Accesspressthemes Frontend Post Wordpress Plugin 2.8.4

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.

5.4
2023-06-05 CVE-2023-0152 Wpexperts Unspecified vulnerability in Wpexperts WP Multi Store Locator 2.4

The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-06-05 CVE-2023-34408 Dokuwiki Cross-site Scripting vulnerability in Dokuwiki

DokuWiki before 2023-04-04a allows XSS via RSS titles.

5.4
2023-06-11 CVE-2023-25912 Danfoss Information Exposure vulnerability in Danfoss Ak-Em100 Firmware

The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.

5.3
2023-06-09 CVE-2023-32312 Umbraco Unspecified vulnerability in Umbraco Identity Extensibility 1.0.0/1.0.1/2.0.0

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration.

5.3
2023-06-09 CVE-2023-32732 Grpc
Fedoraproject
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies.
5.3
2023-06-09 CVE-2023-0342 Mongodb Unspecified vulnerability in Mongodb OPS Manager Server

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings.

5.3
2023-06-09 CVE-2023-2897 Brizy Insufficient Verification of Data Authenticity vulnerability in Brizy

The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18.

5.3
2023-06-09 CVE-2023-2159 Niteothemes Unspecified vulnerability in Niteothemes CMP

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7.

5.3
2023-06-09 CVE-2023-2280 Wpdirectorykit Unspecified vulnerability in Wpdirectorykit WP Directory KIT

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2.

5.3
2023-06-09 CVE-2023-1843 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0.

5.3
2023-06-08 CVE-2023-34243 Tgstation13 Improper Restriction of Excessive Authentication Attempts vulnerability in Tgstation13 Tgstation-Server

TGstation is a toolset to manage production BYOND servers.

5.3
2023-06-08 CVE-2023-34959 Chamilo Server-Side Request Forgery (SSRF) vulnerability in Chamilo LMS

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.

5.3
2023-06-08 CVE-2023-34238 Gatsbyjs Unspecified vulnerability in Gatsbyjs Gatsby

Gatsby is a free and open source framework based on React.

5.3
2023-06-07 CVE-2023-34234 Openzeppelin Unspecified vulnerability in Openzeppelin Contracts and Contracts Upgradeable

OpenZeppelin Contracts is a library for smart contract development.

5.3
2023-06-07 CVE-2023-2589 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

5.3
2023-06-07 CVE-2023-2541 Knime Unspecified vulnerability in Knime Business HUB

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses.

5.3
2023-06-07 CVE-2023-2187 Trianglemicroworks Unspecified vulnerability in Trianglemicroworks Scada Data Gateway

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event".

5.3
2023-06-07 CVE-2019-25139 Wpshopmart Missing Authorization vulnerability in Wpshopmart Coming Soon Page & Maintenance Mode

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.

5.3
2023-06-07 CVE-2020-36712 Kaliforms Missing Authorization vulnerability in Kaliforms Kali Forms

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1.

5.3
2023-06-07 CVE-2020-36723 Cridio Unspecified vulnerability in Cridio Listingpro

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file.

5.3
2023-06-07 CVE-2021-4339 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Ulisting

The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6.

5.3
2023-06-07 CVE-2021-4345 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Ulisting

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6.

5.3
2023-06-07 CVE-2021-4350 Najeebmedia Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2.

5.3
2023-06-07 CVE-2021-4351 Najeebmedia Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2.

5.3
2023-06-07 CVE-2021-4352 Eyecix Incorrect Authorization vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1.

5.3
2023-06-07 CVE-2021-4355 Collne Missing Authorization vulnerability in Collne Welcart E-Commerce

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7.

5.3
2023-06-07 CVE-2021-4357 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Ulisting

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6.

5.3
2023-06-07 CVE-2021-4359 Najeebmedia Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2.

5.3
2023-06-07 CVE-2021-4369 Najeebmedia Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2.

5.3
2023-06-06 CVE-2023-2801 Grafana Improper Synchronization vulnerability in Grafana

Grafana is an open-source platform for monitoring and observability.

5.3
2023-06-05 CVE-2023-33524 Advent Path Traversal vulnerability in Advent Tamale RMS

Advent/SSC Inc.

5.3
2023-06-05 CVE-2023-33518 Emoncms Exposure of Resource to Wrong Sphere vulnerability in Emoncms 11.0

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.

5.3
2023-06-05 CVE-2023-3064 Mobatime Insecure Storage of Sensitive Information vulnerability in Mobatime Amxgt 100

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

5.3
2023-06-05 CVE-2023-34410 QT Improper Certificate Validation vulnerability in QT

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2.

5.3
2023-06-05 CVE-2023-32334 IBM Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters.

5.3
2023-06-09 CVE-2023-2484 Miniorange Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

4.9
2023-06-09 CVE-2023-2688 Iptanus Unspecified vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath.

4.9
2023-06-07 CVE-2023-2485 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

4.9
2023-06-09 CVE-2023-3184 Sales Tracker Management System Project Cross-site Scripting vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0.

4.8
2023-06-09 CVE-2023-2584 Pixelyoursite Unspecified vulnerability in Pixelyoursite and Pixelyoursite PRO

The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping.

4.8
2023-06-07 CVE-2020-36709 King Theme Cross-site Scripting vulnerability in King-Theme Page Builder Kingcomposer

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping.

4.8
2023-06-07 CVE-2020-36722 Visualcomposer Cross-site Scripting vulnerability in Visualcomposer Visual Composer Website Builder

The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping.

4.8
2023-06-05 CVE-2023-0545 Kibokolabs Unspecified vulnerability in Kibokolabs Hostel

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-06-05 CVE-2023-2224 10Web Cross-site Scripting vulnerability in 10Web SEO

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-06-05 CVE-2023-2489 Trumani Unspecified vulnerability in Trumani Stop Spammers

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-06-05 CVE-2023-2634 Punchcreative Unspecified vulnerability in Punchcreative GET Your Number 1.1.3

The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-06-10 CVE-2023-3190 Teampass Improper Encoding or Escaping of Output vulnerability in Teampass

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

4.6
2023-06-07 CVE-2020-36715 Xootix Missing Authorization vulnerability in Xootix Login/Signup Popup

The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4.

4.6
2023-06-06 CVE-2023-27126 TP Link Insufficiently Protected Credentials vulnerability in Tp-Link Tapo C200 Firmware 1.2.2

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras.

4.6
2023-06-06 CVE-2023-3121 Dahuasecurity Server-Side Request Forgery (SSRF) vulnerability in Dahuasecurity Smart Parking Management

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic.

4.6
2023-06-09 CVE-2023-2450 Fibosearch Unspecified vulnerability in Fibosearch

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping.

4.4
2023-06-09 CVE-2023-2452 Advanced WOO Search Cross-site Scripting vulnerability in Advanced-Woo-Search Advanced WOO Search

The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping.

4.4
2023-06-06 CVE-2023-20728 Linuxfoundation
Google
Out-of-bounds Read vulnerability in multiple products

In wlan, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-06-06 CVE-2023-20729 Linuxfoundation
Google
Out-of-bounds Read vulnerability in multiple products

In wlan, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-06-06 CVE-2023-20730 Linuxfoundation
Google
Out-of-bounds Read vulnerability in multiple products

In wlan, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-06-06 CVE-2023-20731 Linuxfoundation
Google
Out-of-bounds Read vulnerability in multiple products

In wlan, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-06-06 CVE-2023-20741 Google Out-of-bounds Read vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-06-06 CVE-2023-20742 Google Out-of-bounds Read vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-06-06 CVE-2023-20747 Linuxfoundation
Google
Type Confusion vulnerability in multiple products

In vcu, there is a possible memory corruption due to type confusion.

4.4
2023-06-06 CVE-2023-20727 Linuxfoundation
Google
Out-of-bounds Read vulnerability in multiple products

In wlan, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-06-06 CVE-2022-48438 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In cp_dump driver, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-06-06 CVE-2022-48439 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In cp_dump driver, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-06-09 CVE-2023-2261 Wpwhitesecurity Unspecified vulnerability in Wpwhitesecurity WP Activity LOG 4.5.0

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0.

4.3
2023-06-09 CVE-2023-2284 Wpwhitesecurity Unspecified vulnerability in Wpwhitesecurity WP Activity LOG 4.5.0

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0.

4.3
2023-06-09 CVE-2023-2285 Wpwhitesecurity Unspecified vulnerability in Wpwhitesecurity WP Activity LOG 4.5.0

The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0.

4.3
2023-06-09 CVE-2023-2286 Wpwhitesecurity Cross-Site Request Forgery (CSRF) vulnerability in Wpwhitesecurity WP Activity LOG

The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0.

4.3
2023-06-09 CVE-2023-2892 Wpeasycart Unspecified vulnerability in Wpeasycart WP Easycart

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8.

4.3
2023-06-09 CVE-2023-2893 Wpeasycart Unspecified vulnerability in Wpeasycart WP Easycart

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8.

4.3
2023-06-09 CVE-2023-2894 Wpeasycart Unspecified vulnerability in Wpeasycart WP Easycart

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8.

4.3
2023-06-09 CVE-2023-2895 Wpeasycart Unspecified vulnerability in Wpeasycart WP Easycart

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8.

4.3
2023-06-09 CVE-2023-2896 Wpeasycart Unspecified vulnerability in Wpeasycart WP Easycart

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8.

4.3
2023-06-09 CVE-2023-2066 Bulletin Unspecified vulnerability in Bulletin Announcement & Notification Banner - Bulletin 3.6.0

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0.

4.3
2023-06-09 CVE-2023-2083 Wpdeveloper Unspecified vulnerability in Wpdeveloper Essential Blocks

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6.

4.3
2023-06-09 CVE-2023-2084 Wpdeveloper Unspecified vulnerability in Wpdeveloper Essential Blocks

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6.

4.3
2023-06-09 CVE-2023-2085 Wpdeveloper Unspecified vulnerability in Wpdeveloper Essential Blocks

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6.

4.3
2023-06-09 CVE-2023-2086 Wpdeveloper Unspecified vulnerability in Wpdeveloper Essential Blocks

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6.

4.3
2023-06-09 CVE-2023-2087 Wpdeveloper Unspecified vulnerability in Wpdeveloper Essential Blocks

The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6.

4.3
2023-06-09 CVE-2023-2189 Staxwp Missing Authorization vulnerability in Staxwp Stax

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3.

4.3
2023-06-09 CVE-2023-2414 Vcita Missing Authorization vulnerability in Vcita Online Booking & Scheduling Calendar

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6.

4.3
2023-06-09 CVE-2023-2555 Pluginus Unspecified vulnerability in Pluginus Wordpress Currency Switcher Professional

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9.

4.3
2023-06-09 CVE-2023-2556 Pluginus Unspecified vulnerability in Pluginus Wordpress Currency Switcher

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9.

4.3
2023-06-09 CVE-2023-2557 Pluginus Missing Authorization vulnerability in Pluginus Wordpress Currency Switcher Professional

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9.

4.3
2023-06-09 CVE-2023-2764 Nsqua Unspecified vulnerability in Nsqua Draw Attention

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11.

4.3
2023-06-09 CVE-2023-2891 Wpeasycart Unspecified vulnerability in Wpeasycart WP Easycart

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8.

4.3
2023-06-09 CVE-2023-0691 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1.

4.3
2023-06-09 CVE-2023-0692 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1.

4.3
2023-06-09 CVE-2023-0693 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1.

4.3
2023-06-09 CVE-2023-0694 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1.

4.3
2023-06-09 CVE-2023-0729 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-06-09 CVE-2023-0831 Webfactoryltd Unspecified vulnerability in Webfactoryltd Under Construction

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96.

4.3
2023-06-09 CVE-2023-0832 Webfactoryltd Unspecified vulnerability in Webfactoryltd Under Construction

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96.

4.3
2023-06-09 CVE-2023-0993 Getshieldsecurity Unspecified vulnerability in Getshieldsecurity Shield Security

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17.

4.3
2023-06-09 CVE-2023-1169 Ooohboi Steroids FOR Elementor Project Unspecified vulnerability in Ooohboi Steroids for Elementor Project Ooohboi Steroids for Elementor

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4.

4.3
2023-06-09 CVE-2023-1375 Wpfastestcache Unspecified vulnerability in Wpfastestcache WP Fastest Cache

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function .

4.3
2023-06-09 CVE-2023-1807 Staxwp Unspecified vulnerability in Staxwp Stax

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3.

4.3
2023-06-09 CVE-2023-1910 Motopress Unspecified vulnerability in Motopress Getwid - Gutenberg Blocks 1.8.3

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3.

4.3
2023-06-08 CVE-2023-29401 GIN Gonic Download of Code Without Integrity Check vulnerability in Gin-Gonic GIN

The filename parameter of the Context.FileAttachment function is not properly sanitized.

4.3
2023-06-08 CVE-2023-34958 Chamilo Unspecified vulnerability in Chamilo LMS

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.

4.3
2023-06-07 CVE-2023-29502 PTC Path Traversal vulnerability in PTC Vuforia Studio

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.

4.3
2023-06-07 CVE-2023-0508 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

4.3
2023-06-07 CVE-2023-1825 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

4.3
2023-06-07 CVE-2023-2001 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

4.3
2023-06-07 CVE-2023-2013 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.

4.3
2023-06-07 CVE-2023-3140 Knime Improper Restriction of Rendered UI Layers or Frames vulnerability in Knime Business HUB

Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking.

4.3
2023-06-07 CVE-2019-25143 Mooveagency Missing Authorization vulnerability in Mooveagency Gdpr Cookie Compliance

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2.

4.3
2023-06-07 CVE-2019-25149 Robogallery Unspecified vulnerability in Robogallery Gallery Images APE

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6.

4.3
2023-06-07 CVE-2019-25151 Cartflows Improper Privilege Management vulnerability in Cartflows

The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0.

4.3
2023-06-07 CVE-2020-36699 Quick Page Post Redirect Project Missing Authorization vulnerability in Quick Page/Post Redirect Project Quick Page/Post Redirect

The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9.

4.3
2023-06-07 CVE-2020-36702 Brainstormforce Missing Authorization vulnerability in Brainstormforce Spectra

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7.

4.3
2023-06-07 CVE-2020-36729 2Joomla Missing Authorization vulnerability in 2Joomla 2J Slideshow

The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31.

4.3
2023-06-07 CVE-2021-4364 Eyecix Missing Authorization vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1.

4.3
2023-06-07 CVE-2021-4366 Magazine3 Missing Authorization vulnerability in Magazine3 PWA for WP & AMP

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32.

4.3
2023-06-07 CVE-2021-4371 Pluginmirror Missing Authorization vulnerability in Pluginmirror WP Quick Frontend Editor

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5.

4.3
2023-06-07 CVE-2021-4373 Webberzone Cross-Site Request Forgery (CSRF) vulnerability in Webberzone Better Search

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2.

4.3
2023-06-07 CVE-2021-4375 Collne Missing Authorization vulnerability in Collne Welcart E-Commerce

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7.

4.3
2023-06-07 CVE-2021-4376 Palscode Missing Authorization vulnerability in Palscode Woocommerce Multi Currency

The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17.

4.3
2023-06-07 CVE-2021-4383 Webdevocean Missing Authorization vulnerability in Webdevocean WP Quick Frontend Editor

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5.

4.3
2023-06-07 CVE-2022-4948 Flying Press Missing Authorization vulnerability in Flying-Press Flyingpress

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6.

4.3
2023-06-07 CVE-2023-3126 Webwizards Unspecified vulnerability in Webwizards B2Bking 4.6.00

The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00.

4.3
2023-06-06 CVE-2023-0921 Gitlab Allocation of Resources Without Limits or Throttling vulnerability in Gitlab

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

4.3
2023-06-06 CVE-2023-1779 Mbconnectline Incorrect Authorization vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.

4.3
2023-06-06 CVE-2023-20750 Google Out-of-bounds Write vulnerability in Google Android 13.0

In swpm, there is a possible out of bounds write due to a race condition.

4.1

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-09 CVE-2023-1430 Wpmanageninja Unspecified vulnerability in Wpmanageninja Fluentcrm

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions.

3.7
2023-06-07 CVE-2023-33849 IBM Missing Encryption of Sensitive Data vulnerability in IBM Cics TX and Txseries for Multiplatforms

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques.

3.7
2023-06-07 CVE-2023-24476 PTC Unspecified vulnerability in PTC Vuforia Studio

An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.

3.3
2023-06-06 CVE-2023-2602 Libcap Project
Redhat
Debian
Fedoraproject
Memory Leak vulnerability in multiple products

A vulnerability was found in the pthread_create() function in libcap.

3.3
2023-06-06 CVE-2023-2961 Advancemame Unspecified vulnerability in Advancemame Advancecomp

A segmentation fault flaw was found in the Advancecomp package.

3.3
2023-06-08 CVE-2023-33847 IBM Unspecified vulnerability in IBM Cics TX and Txseries for Multiplatform

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies.

3.1